org.apache.sshd.common.session

Interface SessionDisconnectHandler

public interface SessionDisconnectHandler

Invoked when the internal session code decides it should disconnect a session due to some consideration. Usually allows intervening in the decision and even canceling it.

Author:

Apache MINA SSHD Project

Method Summary

Modifier and Type	Method and Description
default boolean	handleAuthCountDisconnectReason(Session session, Service service, String serviceName, String method, String user, int currentAuthCount, int maxAuthCount) Invoked if the number of authentication attempts exceeded the maximum allowed
default boolean	handleAuthParamsDisconnectReason(Session session, Service service, String authUser, String username, String authService, String serviceName) Invoked if the authentication parameters changed in mid-authentication process.
default boolean	handleKexDisconnectReason(Session session, Map<KexProposalOption,String> c2sOptions, Map<KexProposalOption,String> s2cOptions, Map<KexProposalOption,String> negotiatedGuess, KexProposalOption option) Invoked if after KEX negotiation parameters resolved one of the options violates some internal constraint (e.g., cannot negotiate a value, or RFC 8308 - section 2.2).
default boolean	handleSessionsCountDisconnectReason(Session session, Service service, String username, int currentSessionCount, int maxSessionCount) Called to inform that the maximum allowed concurrent sessions threshold has been exceeded.
default boolean	handleTimeoutDisconnectReason(Session session, TimeoutIndicator timeoutStatus) Invoked when an internal timeout has expired (e.g., authentication, idle).
default boolean	handleUnsupportedServiceDisconnectReason(Session session, int cmd, String serviceName, Buffer buffer) Invoked when a request has been made related to an unknown SSH service as described in RFC 4253 - section 10.

Method Detail

handleTimeoutDisconnectReason

default boolean handleTimeoutDisconnectReason(Session session,
                                              TimeoutIndicator timeoutStatus)
                                       throws IOException

Invoked when an internal timeout has expired (e.g., authentication, idle).

Parameters:

session - The session whose timeout has expired

timeoutStatus - The expired timeout

Returns:

true if expired timeout should be reset (i.e., no disconnect). If false then session will disconnect due to the expired timeout

Throws:

IOException - If failed to handle the event

handleSessionsCountDisconnectReason

default boolean handleSessionsCountDisconnectReason(Session session,
                                                    Service service,
                                                    String username,
                                                    int currentSessionCount,
                                                    int maxSessionCount)
                                             throws IOException

Called to inform that the maximum allowed concurrent sessions threshold has been exceeded. Note: when handler is invoked the session is not yet marked as having been authenticated, nor has the authentication success been acknowledged to the peer.

Parameters:

session - The session that caused the excess

service - The Service instance through which the request was received

username - The authenticated username that is associated with the session.

currentSessionCount - The current sessions count

maxSessionCount - The maximum allowed sessions count

Returns:

true if accept the exceeding session regardless of the threshold. If false then exceeding session will be disconnected

Throws:

IOException - If failed to handle the event, Note: choosing to ignore this disconnect reason does not reset the current concurrent sessions counter in any way - i.e., the handler will be re-invoked every time the threshold is exceeded.

See Also:

ServerFactoryManager.MAX_CONCURRENT_SESSIONS

handleUnsupportedServiceDisconnectReason

default boolean handleUnsupportedServiceDisconnectReason(Session session,
                                                         int cmd,
                                                         String serviceName,
                                                         Buffer buffer)
                                                  throws IOException

Invoked when a request has been made related to an unknown SSH service as described in RFC 4253 - section 10.

Parameters:

session - The session through which the command was received

cmd - The service related command

serviceName - The service name

buffer - Any extra data received in the packet containing the request

Returns:

true if disregard the request (e.g., the handler handled it)

Throws:

IOException - If failed to handle the request

handleAuthCountDisconnectReason

default boolean handleAuthCountDisconnectReason(Session session,
                                                Service service,
                                                String serviceName,
                                                String method,
                                                String user,
                                                int currentAuthCount,
                                                int maxAuthCount)
                                         throws IOException

Invoked if the number of authentication attempts exceeded the maximum allowed

Parameters:

session - The session being authenticated

service - The Service instance through which the request was received

serviceName - The authentication service name

method - The authentication method name

user - The authentication username

currentAuthCount - The authentication attempt count

maxAuthCount - The maximum allowed attempts

Returns:

true if OK to ignore the exceeded attempt count and allow more attempts. Note: choosing to ignore this disconnect reason does not reset the current count - i.e., it will be re-invoked on the next attempt.

Throws:

IOException - If failed to handle the event

handleAuthParamsDisconnectReason

default boolean handleAuthParamsDisconnectReason(Session session,
                                                 Service service,
                                                 String authUser,
                                                 String username,
                                                 String authService,
                                                 String serviceName)
                                          throws IOException

Invoked if the authentication parameters changed in mid-authentication process.

Parameters:

session - The session being authenticated

service - The Service instance through which the request was received

authUser - The original username being authenticated

username - The requested username

authService - The original authentication service name

serviceName - The requested service name

Returns:

true if OK to ignore the change

Throws:

IOException - If failed to handle the event

handleKexDisconnectReason

default boolean handleKexDisconnectReason(Session session,
                                          Map<KexProposalOption,String> c2sOptions,
                                          Map<KexProposalOption,String> s2cOptions,
                                          Map<KexProposalOption,String> negotiatedGuess,
                                          KexProposalOption option)
                                   throws IOException

Invoked if after KEX negotiation parameters resolved one of the options violates some internal constraint (e.g., cannot negotiate a value, or RFC 8308 - section 2.2).

Parameters:

session - The session where the violation occurred

c2sOptions - The client options

s2cOptions - The server options

negotiatedGuess - The negotiated KEX options

option - The violating KexProposalOption

Returns:

true if disregard the violation - if false then session will disconnect

Throws:

IOException - if attempted to exchange some packets to fix the situation