ome.smuggler.web.omero

Class SessionController

java.lang.Object

ome.smuggler.web.omero.SessionController

@RestController
 @RequestMapping(value="/omero/session/create")
 @Scope(value="request")
public class SessionController
extends java.lang.Object

Exposes OMERO session-related operations.

Field Summary

Fields

Modifier and Type	Field and Description
static java.lang.String	CreateUrl

Constructor Summary

Constructors

Constructor and Description
SessionController()

Method Summary

Modifier and Type	Method and Description
org.springframework.http.ResponseEntity<java.lang.Object>	create(CreateSessionRequest data) Opens a new OMERO session.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

CreateUrl

public static final java.lang.String CreateUrl

See Also:

Constant Field Values

Constructor Detail

SessionController

public SessionController()

Method Detail

create

@RequestMapping(method=POST,
                consumes="application/json",
                produces="application/json")
public org.springframework.http.ResponseEntity<java.lang.Object> create(@RequestBody
                                                                                                                                                                                               CreateSessionRequest data)

Opens a new OMERO session.

This method creates a fresh session for the user specified in the request object and keeps it alive for the amount of time specified in the request object's keep-alive field. The client can use the session anytime before the specified amount of time elapses. Past that time, if the client hasn't yet made any calls to the OMERO server using this session, the session will be expired and no longer usable. Also past that time, the client is responsible to keep the session alive, if still needed. In any case, the client is responsible for closing the session.

This Web method can be useful when executing OMERO tasks on behalf of a user at a future time point. In such scenarios, the user asks some system (e.g. Smuggler) to execute an OMERO task (e.g. an import) sometime later, after they have logged out of OMERO. When the time comes to execute the task, the system in question will need a valid OMERO session but where to get one from? One option could be that the system provides its own OMERO logging form and somehow gets hold of the user to make them log in just before executing the task. This is often difficult or impractical. Another option could be that the system stores the user's password, but this is not secure. This Web method provides an alternative: create a session upfront and keep it alive until the time to execute the task comes.

Concerning security, it is also important to note that this method requires the client to pass in the user's password, so the connection should be properly secured using HTTPS. However, this Web method does not store the password, it discards it just after creating a new OMERO session.

This method returns a 200 HTTP message when all of the following holds true:

• the input request is not null; and
• is valid according to the fields specification of CreateSessionRequest; and
• contains valid user credentials; and
• a new OMERO session could be created with them.

The body of the returned message is a JSON-serialised CreateSessionResponse.

This method returns a 400 HTTP message when any of the above conditions are not met. In this case, the body of the message is a JSON-serialised instance of Error which details the failure.

Parameters:

data - details how to create a new session.

Returns:

either an Error or a CreateSessionResponse.