Package org.apache.shiro.web.session.mgt

Class ServletContainerSessionManager

  • All Implemented Interfaces:
    org.apache.shiro.session.mgt.SessionManager, WebSessionManager
    public class ServletContainerSessionManager
extends Object
implements WebSessionManager
    SessionManager implementation providing Session implementations that are merely wrappers for the Servlet container's HttpSession.

    Despite its name, this implementation does not itself manage Sessions since the Servlet container provides the actual management support. This class mainly exists to 'impersonate' a regular Shiro SessionManager so it can be pluggable into a normal Shiro configuration in a pure web application.

    Note that because this implementation relies on the HttpSession, it is only functional in a servlet container - it is not capable of supporting Sessions for any clients other than those using the HTTP protocol.

    Therefore, if you need Session support for heterogeneous clients (e.g. web browsers, RMI clients, etc), use the DefaultWebSessionManager instead. The DefaultWebSessionManager supports both traditional web-based access as well as non web-based clients.

    Since:
    0.9
    See Also:
    DefaultWebSessionManager

    • Constructor Detail

      • ServletContainerSessionManager

        public ServletContainerSessionManager()

    • Method Detail

      • start

        public org.apache.shiro.session.Session start​(org.apache.shiro.session.mgt.SessionContext context)
                                       throws org.apache.shiro.authz.AuthorizationException
        Specified by:
        start in interface org.apache.shiro.session.mgt.SessionManager
        Throws:
        org.apache.shiro.authz.AuthorizationException

      • getSession

        public org.apache.shiro.session.Session getSession​(org.apache.shiro.session.mgt.SessionKey key)
                                            throws org.apache.shiro.session.SessionException
        Specified by:
        getSession in interface org.apache.shiro.session.mgt.SessionManager
        Throws:
        org.apache.shiro.session.SessionException

      • createSession

        protected org.apache.shiro.session.Session createSession​(org.apache.shiro.session.mgt.SessionContext sessionContext)
                                                  throws org.apache.shiro.authz.AuthorizationException
        Throws:
        org.apache.shiro.authz.AuthorizationException
        Since:
        1.0

      • createSession

        protected org.apache.shiro.session.Session createSession​(javax.servlet.http.HttpSession httpSession,
                                                         String host)

      • isServletContainerSessions

        public boolean isServletContainerSessions()
        This implementation always delegates to the servlet container for sessions, so this method returns true always.
        Specified by:
        isServletContainerSessions in interface WebSessionManager
        Returns:
        true always
        Since:
        1.2