Package org.apache.shiro.mgt

Class SessionsSecurityManager

  • All Implemented Interfaces:
    Authenticator, Authorizer, org.apache.shiro.cache.CacheManagerAware, org.apache.shiro.event.EventBusAware, SecurityManager, SessionManager, org.apache.shiro.util.Destroyable
    Direct Known Subclasses:
    DefaultSecurityManager
    public abstract class SessionsSecurityManager
extends AuthorizingSecurityManager
    Shiro support of a SecurityManager class hierarchy that delegates all session operations to a wrapped SessionManager instance. That is, this class implements the methods in the SessionManager interface, but in reality, those methods are merely passthrough calls to the underlying 'real' SessionManager instance.

    The remaining SecurityManager methods not implemented by this class or its parents are left to be implemented by subclasses.

    In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever possible, suitable default instances for all dependencies will be created upon instantiation.

    Since:
    0.9

    • Constructor Detail

      • SessionsSecurityManager

        public SessionsSecurityManager()
        Default no-arg constructor, internally creates a suitable default SessionManager delegate instance.

    • Method Detail

      • setSessionManager

        public void setSessionManager​(SessionManager sessionManager)
        Sets the underlying delegate SessionManager instance that will be used to support this implementation's SessionManager method calls.

        This SecurityManager implementation does not provide logic to support the inherited SessionManager interface, but instead delegates these calls to an internal SessionManager instance.

        If a SessionManager instance is not set, a default one will be automatically created and initialized appropriately for the the existing runtime environment.

        Parameters:
        sessionManager - delegate instance to use to support this manager's SessionManager method calls.

      • afterSessionManagerSet

        protected void afterSessionManagerSet()

      • afterEventBusSet

        protected void afterEventBusSet()
        Sets any configured EventBus on the SessionManager if necessary.
        Overrides:
        afterEventBusSet in class RealmSecurityManager
        Since:
        1.3

      • applyCacheManagerToSessionManager

        protected void applyCacheManagerToSessionManager()
        Ensures the internal delegate SessionManager is injected with the newly set CacheManager so it may use it for its internal caching needs.

        Note: This implementation only injects the CacheManager into the SessionManager if the SessionManager instance implements the CacheManagerAware interface.

      • applyEventBusToSessionManager

        protected void applyEventBusToSessionManager()
        Ensures the internal delegate SessionManager is injected with the newly set EventBus so it may use it for its internal event needs.

        Note: This implementation only injects the EventBus into the SessionManager if the SessionManager instance implements the EventBusAware interface.

        Since:
        1.3

      • start

        public Session start​(SessionContext context)
              throws AuthorizationException
        Description copied from interface: SessionManager
        Starts a new session based on the specified contextual initialization data, which can be used by the underlying implementation to determine how exactly to create the internal Session instance.

        This method is mainly used in framework development, as the implementation will often relay the argument to an underlying SessionFactory which could use the context to construct the internal Session instance in a specific manner. This allows pluggable Session creation logic by simply injecting a SessionFactory into the SessionManager instance.

        Parameters:
        context - the contextual initialization data that can be used by the implementation or underlying SessionFactory when instantiating the internal Session instance.
        Returns:
        the newly created session.
        Throws:
        AuthorizationException
        See Also:
        SessionFactory.createSession(SessionContext)

      • getSession

        public Session getSession​(SessionKey key)
                   throws SessionException
        Description copied from interface: SessionManager
        Retrieves the session corresponding to the specified contextual data (such as a session ID if applicable), or null if no Session could be found. If a session is found but invalid (stopped or expired), a SessionException will be thrown.
        Parameters:
        key - the Session key to use to look-up the Session
        Returns:
        the Session instance corresponding to the given lookup key or null if no session could be acquired.
        Throws:
        SessionException - if a session was found but it was invalid (stopped/expired).