Package org.apache.sshd.common.session

Interface SessionDisconnectHandler

public interface SessionDisconnectHandler
Invoked when the internal session code decides it should disconnect a session due to some consideration. Usually allows intervening in the decision and even canceling it.
Author:
Apache MINA SSHD Project

  • Method Details

    • handleTimeoutDisconnectReason

      default boolean handleTimeoutDisconnectReason(Session session, TimeoutIndicator timeoutStatus) throws IOException
      Invoked when an internal timeout has expired (e.g., authentication, idle).
      Parameters:
      session - The session whose timeout has expired
      timeoutStatus - The expired timeout
      Returns:
      true if expired timeout should be reset (i.e., no disconnect). If false then session will disconnect due to the expired timeout
      Throws:
      IOException - If failed to handle the event

    • handleSessionsCountDisconnectReason

      default boolean handleSessionsCountDisconnectReason(Session session, Service service, String username, int currentSessionCount, int maxSessionCount) throws IOException
      Called to inform that the maximum allowed concurrent sessions threshold has been exceeded. Note: when handler is invoked the session is not yet marked as having been authenticated, nor has the authentication success been acknowledged to the peer.
      Parameters:
      session - The session that caused the excess
      service - The Service instance through which the request was received
      username - The authenticated username that is associated with the session.
      currentSessionCount - The current sessions count
      maxSessionCount - The maximum allowed sessions count
      Returns:
      true if accept the exceeding session regardless of the threshold. If false then exceeding session will be disconnected
      Throws:
      IOException - If failed to handle the event, Note: choosing to ignore this disconnect reason does not reset the current concurrent sessions counter in any way - i.e., the handler will be re-invoked every time the threshold is exceeded.
      See Also:

    • handleUnsupportedServiceDisconnectReason

      default boolean handleUnsupportedServiceDisconnectReason(Session session, int cmd, String serviceName, Buffer buffer) throws IOException
      Invoked when a request has been made related to an unknown SSH service as described in RFC 4253 - section 10.
      Parameters:
      session - The session through which the command was received
      cmd - The service related command
      serviceName - The service name
      buffer - Any extra data received in the packet containing the request
      Returns:
      true if disregard the request (e.g., the handler handled it)
      Throws:
      IOException - If failed to handle the request

    • handleAuthCountDisconnectReason

      default boolean handleAuthCountDisconnectReason(Session session, Service service, String serviceName, String method, String user, int currentAuthCount, int maxAuthCount) throws IOException
      Invoked if the number of authentication attempts exceeded the maximum allowed
      Parameters:
      session - The session being authenticated
      service - The Service instance through which the request was received
      serviceName - The authentication service name
      method - The authentication method name
      user - The authentication username
      currentAuthCount - The authentication attempt count
      maxAuthCount - The maximum allowed attempts
      Returns:
      true if OK to ignore the exceeded attempt count and allow more attempts. Note: choosing to ignore this disconnect reason does not reset the current count - i.e., it will be re-invoked on the next attempt.
      Throws:
      IOException - If failed to handle the event

    • handleAuthParamsDisconnectReason

      default boolean handleAuthParamsDisconnectReason(Session session, Service service, String authUser, String username, String authService, String serviceName) throws IOException
      Invoked if the authentication parameters changed in mid-authentication process.
      Parameters:
      session - The session being authenticated
      service - The Service instance through which the request was received
      authUser - The original username being authenticated
      username - The requested username
      authService - The original authentication service name
      serviceName - The requested service name
      Returns:
      true if OK to ignore the change
      Throws:
      IOException - If failed to handle the event

    • handleKexDisconnectReason

      default boolean handleKexDisconnectReason(Session session, Map<KexProposalOption,String> c2sOptions, Map<KexProposalOption,String> s2cOptions, Map<KexProposalOption,String> negotiatedGuess, KexProposalOption option) throws IOException
      Invoked if after KEX negotiation parameters resolved one of the options violates some internal constraint (e.g., cannot negotiate a value, or RFC 8308 - section 2.2).
      Parameters:
      session - The session where the violation occurred
      c2sOptions - The client options
      s2cOptions - The server options
      negotiatedGuess - The negotiated KEX options
      option - The violating KexProposalOption
      Returns:
      true if disregard the violation - if false then session will disconnect
      Throws:
      IOException - if attempted to exchange some packets to fix the situation