Package org.apache.shiro.mgt
Class SessionsSecurityManager
- java.lang.Object
-
- org.apache.shiro.mgt.CachingSecurityManager
-
- org.apache.shiro.mgt.RealmSecurityManager
-
- org.apache.shiro.mgt.AuthenticatingSecurityManager
-
- org.apache.shiro.mgt.AuthorizingSecurityManager
-
- org.apache.shiro.mgt.SessionsSecurityManager
-
- All Implemented Interfaces:
Authenticator
,Authorizer
,org.apache.shiro.cache.CacheManagerAware
,org.apache.shiro.event.EventBusAware
,SecurityManager
,SessionManager
,org.apache.shiro.util.Destroyable
- Direct Known Subclasses:
DefaultSecurityManager
public abstract class SessionsSecurityManager extends AuthorizingSecurityManager
Shiro support of aSecurityManager
class hierarchy that delegates allsession
operations to a wrappedSessionManager
instance. That is, this class implements the methods in theSessionManager
interface, but in reality, those methods are merely passthrough calls to the underlying 'real'SessionManager
instance. The remainingSecurityManager
methods not implemented by this class or its parents are left to be implemented by subclasses. In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever possible, suitable default instances for all dependencies will be created upon instantiation.- Since:
- 0.9
-
-
Constructor Summary
Constructors Constructor Description SessionsSecurityManager()
Default no-arg constructor, internally creates a suitable defaultSessionManager
delegate instance.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
afterCacheManagerSet()
Callssuper.afterCacheManagerSet()
and then immediately callsapplyCacheManagerToSessionManager()
to ensure theCacheManager
is applied to the SessionManager as necessary.protected void
afterEventBusSet()
Sets any configured EventBus on the SessionManager if necessary.protected void
afterSessionManagerSet()
protected void
applyCacheManagerToSessionManager()
Ensures the internal delegateSessionManager
is injected with the newly setCacheManager
so it may use it for its internal caching needs.protected void
applyEventBusToSessionManager()
Ensures the internal delegateSessionManager
is injected with the newly setEventBus
so it may use it for its internal event needs.void
destroy()
Destroys thecacheManager
viaLifecycleUtils.destroy
.Session
getSession(SessionKey key)
Retrieves the session corresponding to the specified contextual data (such as a session ID if applicable), ornull
if no Session could be found.SessionManager
getSessionManager()
Returns this security manager's internal delegateSessionManager
.void
setSessionManager(SessionManager sessionManager)
Sets the underlying delegateSessionManager
instance that will be used to support this implementation's SessionManager method calls.Session
start(SessionContext context)
Starts a new session based on the specified contextual initialization data, which can be used by the underlying implementation to determine how exactly to create the internal Session instance.-
Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer
-
Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager
authenticate, getAuthenticator, setAuthenticator
-
Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager
applyCacheManagerToRealms, applyEventBusToRealms, getRealms, setRealm, setRealms
-
Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager
applyEventBusToCacheManager, getCacheManager, getEventBus, setCacheManager, setEventBus
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.shiro.mgt.SecurityManager
createSubject, login, logout
-
-
-
-
Constructor Detail
-
SessionsSecurityManager
public SessionsSecurityManager()
Default no-arg constructor, internally creates a suitable defaultSessionManager
delegate instance.
-
-
Method Detail
-
setSessionManager
public void setSessionManager(SessionManager sessionManager)
Sets the underlying delegateSessionManager
instance that will be used to support this implementation's SessionManager method calls. This SecurityManager implementation does not provide logic to support the inherited SessionManager interface, but instead delegates these calls to an internal SessionManager instance. If a SessionManager instance is not set, a default one will be automatically created and initialized appropriately for the the existing runtime environment.- Parameters:
sessionManager
- delegate instance to use to support this manager's SessionManager method calls.
-
afterSessionManagerSet
protected void afterSessionManagerSet()
-
getSessionManager
public SessionManager getSessionManager()
Returns this security manager's internal delegateSessionManager
.- Returns:
- this security manager's internal delegate
SessionManager
. - See Also:
setSessionManager
-
afterCacheManagerSet
protected void afterCacheManagerSet()
Callssuper.afterCacheManagerSet()
and then immediately callsapplyCacheManagerToSessionManager()
to ensure theCacheManager
is applied to the SessionManager as necessary.- Overrides:
afterCacheManagerSet
in classRealmSecurityManager
-
afterEventBusSet
protected void afterEventBusSet()
Sets any configured EventBus on the SessionManager if necessary.- Overrides:
afterEventBusSet
in classRealmSecurityManager
- Since:
- 1.3
-
applyCacheManagerToSessionManager
protected void applyCacheManagerToSessionManager()
Ensures the internal delegateSessionManager
is injected with the newly setCacheManager
so it may use it for its internal caching needs. Note: This implementation only injects the CacheManager into the SessionManager if the SessionManager instance implements theCacheManagerAware
interface.
-
applyEventBusToSessionManager
protected void applyEventBusToSessionManager()
Ensures the internal delegateSessionManager
is injected with the newly setEventBus
so it may use it for its internal event needs. Note: This implementation only injects the EventBus into the SessionManager if the SessionManager instance implements theEventBusAware
interface.- Since:
- 1.3
-
start
public Session start(SessionContext context) throws AuthorizationException
Description copied from interface:SessionManager
Starts a new session based on the specified contextual initialization data, which can be used by the underlying implementation to determine how exactly to create the internal Session instance. This method is mainly used in framework development, as the implementation will often relay the argument to an underlyingSessionFactory
which could use the context to construct the internal Session instance in a specific manner. This allows pluggableSession
creation logic by simply injecting aSessionFactory
into theSessionManager
instance.- Parameters:
context
- the contextual initialization data that can be used by the implementation or underlyingSessionFactory
when instantiating the internalSession
instance.- Returns:
- the newly created session.
- Throws:
AuthorizationException
- See Also:
SessionFactory.createSession(SessionContext)
-
getSession
public Session getSession(SessionKey key) throws SessionException
Description copied from interface:SessionManager
Retrieves the session corresponding to the specified contextual data (such as a session ID if applicable), ornull
if no Session could be found. If a session is found but invalid (stopped or expired), aSessionException
will be thrown.- Parameters:
key
- the Session key to use to look-up the Session- Returns:
- the
Session
instance corresponding to the given lookup key ornull
if no session could be acquired. - Throws:
SessionException
- if a session was found but it was invalid (stopped/expired).
-
destroy
public void destroy()
Description copied from class:CachingSecurityManager
Destroys thecacheManager
viaLifecycleUtils.destroy
.- Specified by:
destroy
in interfaceorg.apache.shiro.util.Destroyable
- Overrides:
destroy
in classAuthorizingSecurityManager
-
-