Package org.apache.sshd.common.session
Interface SessionDisconnectHandler
public interface SessionDisconnectHandler
Invoked when the internal session code decides it should disconnect a session due to some consideration. Usually
allows intervening in the decision and even canceling it.
-
Method Summary
Modifier and TypeMethodDescriptiondefault booleanhandleAuthCountDisconnectReason(Session session, Service service, String serviceName, String method, String user, int currentAuthCount, int maxAuthCount) Invoked if the number of authentication attempts exceeded the maximum alloweddefault booleanhandleAuthParamsDisconnectReason(Session session, Service service, String authUser, String username, String authService, String serviceName) Invoked if the authentication parameters changed in mid-authentication process.default booleanhandleKexDisconnectReason(Session session, Map<KexProposalOption, String> c2sOptions, Map<KexProposalOption, String> s2cOptions, Map<KexProposalOption, String> negotiatedGuess, KexProposalOption option) Invoked if after KEX negotiation parameters resolved one of the options violates some internal constraint (e.g., cannot negotiate a value, or RFC 8308 - section 2.2).default booleanhandleSessionsCountDisconnectReason(Session session, Service service, String username, int currentSessionCount, int maxSessionCount) Called to inform that the maximum allowed concurrent sessions threshold has been exceeded.default booleanhandleTimeoutDisconnectReason(Session session, TimeoutIndicator timeoutStatus) Invoked when an internal timeout has expired (e.g., authentication, idle).default booleanhandleUnsupportedServiceDisconnectReason(Session session, int cmd, String serviceName, Buffer buffer) Invoked when a request has been made related to an unknown SSH service as described in RFC 4253 - section 10.
-
Method Details
-
handleTimeoutDisconnectReason
default boolean handleTimeoutDisconnectReason(Session session, TimeoutIndicator timeoutStatus) throws IOException Invoked when an internal timeout has expired (e.g., authentication, idle).- Parameters:
session- The session whose timeout has expiredtimeoutStatus- The expired timeout- Returns:
trueif expired timeout should be reset (i.e., no disconnect). Iffalsethen session will disconnect due to the expired timeout- Throws:
IOException- If failed to handle the event
-
handleSessionsCountDisconnectReason
default boolean handleSessionsCountDisconnectReason(Session session, Service service, String username, int currentSessionCount, int maxSessionCount) throws IOException Called to inform that the maximum allowed concurrent sessions threshold has been exceeded. Note: when handler is invoked the session is not yet marked as having been authenticated, nor has the authentication success been acknowledged to the peer.- Parameters:
session- The session that caused the excessservice- TheServiceinstance through which the request was receivedusername- The authenticated username that is associated with the session.currentSessionCount- The current sessions countmaxSessionCount- The maximum allowed sessions count- Returns:
trueif accept the exceeding session regardless of the threshold. Iffalsethen exceeding session will be disconnected- Throws:
IOException- If failed to handle the event, Note: choosing to ignore this disconnect reason does not reset the current concurrent sessions counter in any way - i.e., the handler will be re-invoked every time the threshold is exceeded.- See Also:
-
handleUnsupportedServiceDisconnectReason
default boolean handleUnsupportedServiceDisconnectReason(Session session, int cmd, String serviceName, Buffer buffer) throws IOException Invoked when a request has been made related to an unknown SSH service as described in RFC 4253 - section 10.- Parameters:
session- The session through which the command was receivedcmd- The service related commandserviceName- The service namebuffer- Any extra data received in the packet containing the request- Returns:
trueif disregard the request (e.g., the handler handled it)- Throws:
IOException- If failed to handle the request
-
handleAuthCountDisconnectReason
default boolean handleAuthCountDisconnectReason(Session session, Service service, String serviceName, String method, String user, int currentAuthCount, int maxAuthCount) throws IOException Invoked if the number of authentication attempts exceeded the maximum allowed- Parameters:
session- The session being authenticatedservice- TheServiceinstance through which the request was receivedserviceName- The authentication service namemethod- The authentication method nameuser- The authentication usernamecurrentAuthCount- The authentication attempt countmaxAuthCount- The maximum allowed attempts- Returns:
trueif OK to ignore the exceeded attempt count and allow more attempts. Note: choosing to ignore this disconnect reason does not reset the current count - i.e., it will be re-invoked on the next attempt.- Throws:
IOException- If failed to handle the event
-
handleAuthParamsDisconnectReason
default boolean handleAuthParamsDisconnectReason(Session session, Service service, String authUser, String username, String authService, String serviceName) throws IOException Invoked if the authentication parameters changed in mid-authentication process.- Parameters:
session- The session being authenticatedservice- TheServiceinstance through which the request was receivedauthUser- The original username being authenticatedusername- The requested usernameauthService- The original authentication service nameserviceName- The requested service name- Returns:
trueif OK to ignore the change- Throws:
IOException- If failed to handle the event
-
handleKexDisconnectReason
default boolean handleKexDisconnectReason(Session session, Map<KexProposalOption, String> c2sOptions, Map<KexProposalOption, throws IOExceptionString> s2cOptions, Map<KexProposalOption, String> negotiatedGuess, KexProposalOption option) Invoked if after KEX negotiation parameters resolved one of the options violates some internal constraint (e.g., cannot negotiate a value, or RFC 8308 - section 2.2).- Parameters:
session- The session where the violation occurredc2sOptions- The client optionss2cOptions- The server optionsnegotiatedGuess- The negotiated KEX optionsoption- The violatingKexProposalOption- Returns:
trueif disregard the violation - iffalsethen session will disconnect- Throws:
IOException- if attempted to exchange some packets to fix the situation
-