Dbeaver/cloudbeaver#4120 support token header

server/bundles/io.cloudbeaver.model/src/io/cloudbeaver/model/session/WebSession.java

@@ -110,9 +110,18 @@ public WebSession(
         @NotNull WebHttpRequestInfo requestInfo,
         @NotNull ServletAuthApplication application,
         @NotNull Map<String, DBWSessionHandler<WebSession>> sessionHandlers
+    ) throws DBException {
+        this(Objects.requireNonNull(requestInfo.getId()), requestInfo, application, sessionHandlers);
+    }
+
+    public WebSession(
+        @NotNull String sessionId,
+        @NotNull WebHttpRequestInfo requestInfo,
+        @NotNull ServletAuthApplication application,
+        @NotNull Map<String, DBWSessionHandler<WebSession>> sessionHandlers
     ) throws DBException {
         this(
-            Objects.requireNonNull(requestInfo.getId()),
+            sessionId,
             CommonUtils.toString(requestInfo.getLocale()),
             application,
             sessionHandlers,

server/bundles/io.cloudbeaver.model/src/io/cloudbeaver/server/CBConstants.java

@@ -82,4 +82,6 @@ public class CBConstants {
     public static final String DEFAULT_CLOUD_PROJECT_NAME = "GlobalConfiguration";
 
     public static final String SECURED_VALUE = "******";
+
+    public static final String HEADER_API_TOKEN = "X-API-Token";
 }

server/bundles/io.cloudbeaver.server.ce/src/io/cloudbeaver/service/session/CBSessionManager.java

@@ -1,6 +1,6 @@
 /*
  * DBeaver - Universal Database Manager
- * Copyright (C) 2010-2025 DBeaver Corp and others
+ * Copyright (C) 2010-2026 DBeaver Corp and others
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -51,9 +51,9 @@
     private static final Log log = Log.getLog(CBSessionManager.class);
 
     private final CBApplication<?> application;
-    private final Map<String, BaseWebSession> sessionMap = new HashMap<>();
+    protected final Map<String, SessionHolder> sessionMap = new HashMap<>();
 
     public CBSessionManager(CBApplication<?> application) {
         this.application = application;
     }
 
@@ -75,10 +75,10 @@
     }
 
     @Override
     public BaseWebSession closeSession(@NotNull String sessionId, boolean sendSessionExpiredEvent) {
         BaseWebSession webSession;
         synchronized (sessionMap) {
-            webSession = sessionMap.remove(sessionId);
+            webSession = getSessionFromHolder(sessionMap.remove(sessionId));
         }
         if (webSession != null) {
             log.debug("> Close session '" + sessionId + "'");
@@ -93,6 +93,11 @@
         return application;
     }
 
+    @Nullable
+    protected BaseWebSession getSessionFromHolder(@Nullable SessionHolder sessionHolder) {
+        return sessionHolder == null ? null : sessionHolder.getSession();
+    }
+
     @Deprecated
     public boolean touchSession(
         @NotNull HttpServletRequest request,
@@ -124,14 +129,14 @@
         String sessionId = getSessionId(request);
         WebSession webSession;
         synchronized (sessionMap) {
-            var baseWebSession = sessionMap.get(sessionId);
+            var baseWebSession = getSessionFromHolder(sessionMap.get(sessionId));
             if (baseWebSession == null && CBApplication.getInstance().isConfigurationMode()) {
                 try {
                     webSession = createWebSessionImpl(new WebHttpRequestInfo(request));
                 } catch (DBException e) {
                     throw new DBWebException("Failed to create web session", e);
                 }
-                sessionMap.put(sessionId, webSession);
+                sessionMap.put(sessionId, new SessionHolder(SessionType.WEB, webSession));
             } else if (baseWebSession == null) {
                 try {
                     webSession = createWebSessionImpl(new WebHttpRequestInfo(request));
@@ -155,7 +160,7 @@
 
                 webSession.setCacheExpired(!httpSession.isNew());
 
-                sessionMap.put(sessionId, webSession);
+                sessionMap.put(sessionId, new SessionHolder(SessionType.WEB, webSession));
             } else {
                 if (!(baseWebSession instanceof WebSession)) {
                     throw new DBWebException("Unexpected session type: " + baseWebSession.getClass().getName());
@@ -214,7 +219,7 @@
         WebSession webSession;
         synchronized (sessionMap) {
             if (sessionMap.containsKey(sessionId)) {
-                var cachedWebSession = sessionMap.get(sessionId);
+                var cachedWebSession = getSessionFromHolder(sessionMap.get(sessionId));
                 if (!(cachedWebSession instanceof WebSession)) {
                     log.warn("Unexpected session type: " + cachedWebSession.getClass().getName());
                     return null;
@@ -231,7 +236,7 @@
                     webSession = createWebSessionImpl(requestInfo);
                     restorePreviousUserSession(webSession, oldAuthInfo);
 
-                    sessionMap.put(sessionId, webSession);
+                    sessionMap.put(sessionId, new SessionHolder(SessionType.WEB, webSession));
                     log.debug("Web session restored");
                     return webSession;
                 } catch (DBException e) {
@@ -266,6 +271,11 @@
         return new WebSession(request, application, getSessionHandlers());
     }
 
+    @NotNull
+    protected WebSession createWebSessionImpl(@NotNull WebHttpRequestInfo request, @NotNull String sessionId) throws DBException {
+        return new WebSession(sessionId, request, application, getSessionHandlers());
+    }
+
     @NotNull
     protected Map<String, DBWSessionHandler<WebSession>> getSessionHandlers() {
         return WebHandlerRegistry.getInstance().getSessionHandlers()
@@ -277,16 +287,16 @@
     @Nullable
     public BaseWebSession getSession(@NotNull String sessionId) {
         synchronized (sessionMap) {
-            return sessionMap.get(sessionId);
+            return getSessionFromHolder(sessionMap.get(sessionId));
         }
     }
 
     @Override
     @Nullable
     public WebSession findWebSession(HttpServletRequest request) {
         String sessionId = getSessionId(request);
         synchronized (sessionMap) {
-            var session = sessionMap.get(sessionId);
+            var session = getSessionFromHolder(sessionMap.get(sessionId));
             if (session instanceof WebSession) {
                 return (WebSession) session;
             }
@@ -309,8 +319,9 @@
     public void expireIdleSessions() {
         List<BaseWebSession> expiredList = new ArrayList<>();
         synchronized (sessionMap) {
-            for (Iterator<BaseWebSession> iterator = sessionMap.values().iterator(); iterator.hasNext(); ) {
-                var session = iterator.next();
+            for (Iterator<SessionHolder> iterator = sessionMap.values().iterator(); iterator.hasNext(); ) {
+                var sessionHolder = iterator.next();
+                var session = sessionHolder.getSession();
                 if (!session.isValid()) {
                     iterator.remove();
                     expiredList.add(session);
@@ -324,9 +335,13 @@
     }
 
     @Override
     public Collection<BaseWebSession> getAllActiveSessions() {
         synchronized (sessionMap) {
-            return new ArrayList<>(sessionMap.values());
+            List<BaseWebSession> sessions = new ArrayList<>(sessionMap.size());
+            for (SessionHolder sessionHolder : sessionMap.values()) {
+                sessions.add(sessionHolder.getSession());
+            }
+            return sessions;
         }
     }
 
@@ -345,7 +360,7 @@
             var sessionId = requestInfo.getId() != null ? requestInfo.getId()
                 : authPermissions.getSessionId();
 
-            var existSession = sessionMap.get(sessionId);
+            var existSession = getSessionFromHolder(sessionMap.get(sessionId));
 
             if (existSession instanceof WebHeadlessSession) {
                 var creds = existSession.getUserContext().getActiveUserCredentials();
@@ -374,7 +389,7 @@
                 null,
                 authPermissions
             );
-            sessionMap.put(sessionId, headlessSession);
+            sessionMap.put(sessionId, new SessionHolder(SessionType.HEADLESS, headlessSession));
             return headlessSession;
         }
     }
@@ -394,7 +409,7 @@
             var sessionId = requestInfo.getId() != null ? requestInfo.getId()
                 : authPermissions.getSessionId();
 
-            var existSession = sessionMap.get(sessionId);
+            var existSession = getSessionFromHolder(sessionMap.get(sessionId));
 
             if (existSession instanceof WebSession webSession) {
                 var creds = webSession.getUserContext().getActiveUserCredentials();
@@ -431,7 +446,7 @@
                 authPermissions
             );
             webSession.refreshUserData();
-            sessionMap.put(sessionId, webSession);
+            sessionMap.put(sessionId, new SessionHolder(SessionType.WEB, webSession));
             return webSession;
         }
     }
@@ -441,8 +456,8 @@
      */
     public void sendSessionsStates() {
         synchronized (sessionMap) {
-            sessionMap.values()
-                .parallelStream()
+            sessionMap.values().parallelStream()
+                .map(SessionHolder::getSession)
                 .filter(session -> {
                     if (session instanceof WebSession webSession) {
                         return webSession.isAuthorizedInSecurityManager();
@@ -467,10 +482,10 @@
 
     public void closeUserSession(@NotNull WSAbstractEvent event) {
         synchronized (sessionMap) {
-            for (Iterator<BaseWebSession> iterator = sessionMap.values().iterator(); iterator.hasNext(); ) {
-                var session = iterator.next();
-                if (CommonUtils.equalObjects(session.getUserContext().getUserId(),
-                    event.getUserId())) {
+            for (Iterator<SessionHolder> iterator = sessionMap.values().iterator(); iterator.hasNext(); ) {
+                var sessionHolder = iterator.next();
+                var session = sessionHolder.getSession();
+                if (CommonUtils.equalObjects(session.getUserContext().getUserId(), event.getUserId())) {
                     if (session instanceof WebHeadlessSession headlessSession) {
                         headlessSession.addSessionEvent(event);
                     }
@@ -483,8 +498,9 @@
 
     public void closeSessions(@NotNull List<String> smSessionsId) {
         synchronized (sessionMap) {
-            for (Iterator<BaseWebSession> iterator = sessionMap.values().iterator(); iterator.hasNext(); ) {
-                var session = iterator.next();
+            for (Iterator<SessionHolder> iterator = sessionMap.values().iterator(); iterator.hasNext(); ) {
+                var sessionHolder = iterator.next();
+                var session = sessionHolder.getSession();
                 if (smSessionsId.contains(session.getUserContext().getSmSessionId())) {
                     iterator.remove();
                     session.close(false, true);
@@ -498,8 +514,9 @@
      */
     public void closeAllSessions(@Nullable String initiatorSessionId) {
         synchronized (sessionMap) {
-            for (Iterator<BaseWebSession> iterator = sessionMap.values().iterator(); iterator.hasNext(); ) {
-                var session = iterator.next();
+            for (Iterator<SessionHolder> iterator = sessionMap.values().iterator(); iterator.hasNext(); ) {
+                var sessionHolder = iterator.next();
+                var session = sessionHolder.getSession();
                 iterator.remove();
                 session.close(false, !WSWebUtils.isSessionIdEquals(session, initiatorSessionId));
             }
@@ -509,15 +526,15 @@
     /**
      * Creates new web session or returns existing one.
      */
     public WebSession createWebSession(WebHttpRequestInfo requestInfo) throws DBException {
         String id = requestInfo.getId();
         synchronized (sessionMap) {
-            BaseWebSession baseWebSession = sessionMap.get(id);
+            BaseWebSession baseWebSession = getSessionFromHolder(sessionMap.get(id));
             if (baseWebSession instanceof WebSession) {
                 return (WebSession) baseWebSession;
             } else {
                 WebSession webSessionImpl = createWebSessionImpl(requestInfo);
-                sessionMap.put(id, webSessionImpl);
+                sessionMap.put(id, new SessionHolder(SessionType.WEB, webSessionImpl));
                 return webSessionImpl;
             }
         }
@@ -527,4 +544,10 @@
         log.debug("> Expire session '" + session.getSessionId() + "'");
         session.close();
     }
+
+    @NotNull
+    @Override
+    public WebSession getWebSessionByToken(@NotNull HttpServletRequest request, @NotNull String token) throws DBException {
+        throw new UnsupportedOperationException("Not supported yet.");
+    }
 }

server/bundles/io.cloudbeaver.server.ce/src/io/cloudbeaver/service/session/SessionHolder.java

@@ -0,0 +1,40 @@
+/*
+ * DBeaver - Universal Database Manager
+ * Copyright (C) 2010-2026 DBeaver Corp and others
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.cloudbeaver.service.session;
+
+import io.cloudbeaver.model.session.BaseWebSession;
+import org.jkiss.code.NotNull;
+
+public class SessionHolder {
+    private final SessionType sessionType;
+    private final BaseWebSession session;
+
+    public SessionHolder(@NotNull SessionType sessionType, @NotNull BaseWebSession session) {
+        this.sessionType = sessionType;
+        this.session = session;
+    }
+
+    @NotNull
+    public SessionType getSessionType() {
+        return sessionType;
+    }
+
+    @NotNull
+    public BaseWebSession getSession() {
+        return session;
+    }
+}

server/bundles/io.cloudbeaver.server.ce/src/io/cloudbeaver/service/session/SessionType.java

@@ -0,0 +1,23 @@
+/*
+ * DBeaver - Universal Database Manager
+ * Copyright (C) 2010-2026 DBeaver Corp and others
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.cloudbeaver.service.session;
+
+public enum SessionType {
+    WEB,
+    HEADLESS,
+    API_TOKEN
+}

server/bundles/io.cloudbeaver.server/src/io/cloudbeaver/server/WebAppSessionManager.java

@@ -1,6 +1,6 @@
 /*
  * DBeaver - Universal Database Manager
- * Copyright (C) 2010-2024 DBeaver Corp and others
+ * Copyright (C) 2010-2026 DBeaver Corp and others
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -72,4 +72,7 @@ WebHeadlessSession getHeadlessSession(
     default void expireIdleSessions() {
 
     }
+
+    @NotNull
+    WebSession getWebSessionByToken(@NotNull HttpServletRequest request, @NotNull String token) throws DBException;
 }