Enables building a {@link Subject Subject} instance that owns the {@link Session Session} with the
specified {@code sessionId}.
<p/>
Usually when specifying a {@code sessionId}, no other {@code Builder} methods would be specified because
everything else (principals, inet address, etc) can usually be reconstructed based on the referenced
session alone. In other words, this is almost always sufficient:
<pre>
new Subject.Builder().sessionId(sessionId).buildSubject();</pre>
<p/>
<b>Although simple in concept, this method provides very powerful functionality previously absent in almost
all Java environments:</b>
<p/>
The ability to reference a {@code Subject} and their server-side session
<em>across clients of different mediums</em> such as web applications, Java applets,
standalone C# clients over XML-RPC and/or SOAP, and many others. This is a <em>huge</em>
benefit in heterogeneous enterprise applications.
<p/>
To maintain session integrity across client mediums, the {@code sessionId} <b>must</b> be transmitted
to all client mediums securely (e.g. over SSL) to prevent man-in-the-middle attacks. This
is nothing new - all web applications are susceptible to the same problem when transmitting
{@code Cookie}s or when using URL rewriting. As long as the
{@code sessionId} is transmitted securely, session integrity can be maintained.
@param sessionId the id of the session that backs the desired Subject being acquired.
@return this {@code Builder} instance for method chaining.
Enables building a {@link Subject Subject} instance that owns the {@link Session Session} with the specified {@code sessionId}. <p/> Usually when specifying a {@code sessionId}, no other {@code Builder} methods would be specified because everything else (principals, inet address, etc) can usually be reconstructed based on the referenced session alone. In other words, this is almost always sufficient: <pre> new Subject.Builder().sessionId(sessionId).buildSubject();</pre> <p/> <b>Although simple in concept, this method provides very powerful functionality previously absent in almost all Java environments:</b> <p/> The ability to reference a {@code Subject} and their server-side session <em>across clients of different mediums</em> such as web applications, Java applets, standalone C# clients over XML-RPC and/or SOAP, and many others. This is a <em>huge</em> benefit in heterogeneous enterprise applications. <p/> To maintain session integrity across client mediums, the {@code sessionId} <b>must</b> be transmitted to all client mediums securely (e.g. over SSL) to prevent man-in-the-middle attacks. This is nothing new - all web applications are susceptible to the same problem when transmitting {@code Cookie}s or when using URL rewriting. As long as the {@code sessionId} is transmitted securely, session integrity can be maintained.
@param sessionId the id of the session that backs the desired Subject being acquired. @return this {@code Builder} instance for method chaining.