java.lang.Object
java.lang.Thread
com.lutris.appserver.server.session.StandardSessionKeyGen
- All Implemented Interfaces:
- java.lang.Runnable
- public class StandardSessionKeyGen
- extends java.lang.Thread
The session random key generator. This class implements a background thread
that wakes up and counts the number of Standard Session Manager requests
completed at one or more different interval periods, and
supplements the seed of the Manager's random number generator
in order to make the value of the cookies extremely unpredictable.
This is an absolute requirement if random cookie values are to
be used for any type of security purpose.
This random number generator uses the JDK 1.1 SecureRandom
object, which implements a cryptographic grade random number
generator based on the RSA MD5 one-way hash. In combination with
external user-generated time delay information, the numbers
generated by this object are highly unpredictable, and therefore
suitably secure for their use as session keys.
- Version:
- $Revision: 1.14.6.1 $
|
Constructor Summary |
StandardSessionKeyGen(long[] intervals)
Constructor a new key generator random number entropy
generator. |
| Methods inherited from class java.lang.Thread |
activeCount, checkAccess, countStackFrames, currentThread, destroy, dumpStack, enumerate, getContextClassLoader, getName, getPriority, getThreadGroup, holdsLock, interrupt, interrupted, isAlive, isDaemon, isInterrupted, join, join, join, resume, setContextClassLoader, setDaemon, setName, setPriority, sleep, sleep, start, stop, stop, suspend, toString, yield |
randomizer
private java.security.SecureRandom randomizer
- Random number generator used to generate session keys.
- See Also:
com.lutris.StandardSessionManager#randomThread,
java.security.SecureRandom
randomCounter
private int randomCounter
- Counter that is incremented by the user of this class to provide a
random external value. Usually done on requests.
alarmVector
private long[] alarmVector
intervalVector
private long[] intervalVector
numIntervals
private int numIntervals
StandardSessionKeyGen
public StandardSessionKeyGen(long[] intervals)
- Constructor a new key generator random number entropy
generator. Initializes timers and counters and start a
thread.
run
public void run()
- The main code body of the Idle Timer Thread. Enters an endless
loop that sleeps for a configurable period, periodically waking
up to modify the session manager's random seed. An externally
incremented count is used as a source of user-generated randomness.
incrementRandomCounter
public void incrementRandomCounter()
- Increment the random counter. Used for randomization, so doesn't
have to be completely accurate and is not sychronized. The normal
way to use this is to increment it on requests generated by external
sources.
newSessionKey
public java.lang.String newSessionKey()
- Generates a new random key to identify a session.
This key represents a random integer that is large and sparse
enough to make it highly unlikely that a valid session key can
be guessed by an intruder. The
randomizer object is
used to generate this key.
This function is reentrant and does not need synchronization.
shutdown
public void shutdown()
- Shutdown the thread associated with this object.
JAVADOC | 
SOURCE | 
DOWNLOAD | NESTED | FIELD | CONSTR | METHOD