Class SessionsSecurityManager

java.lang.Object
org.apache.shiro.mgt.CachingSecurityManager
org.apache.shiro.mgt.RealmSecurityManager
org.apache.shiro.mgt.AuthenticatingSecurityManager
org.apache.shiro.mgt.AuthorizingSecurityManager
org.apache.shiro.mgt.SessionsSecurityManager
All Implemented Interfaces:
Authenticator, Authorizer, org.apache.shiro.cache.CacheManagerAware, org.apache.shiro.event.EventBusAware, org.apache.shiro.lang.util.Destroyable, SecurityManager, SessionManager
Direct Known Subclasses:
DefaultSecurityManager
public abstract class SessionsSecurityManager extends AuthorizingSecurityManager
Shiro support of a SecurityManager class hierarchy that delegates all session operations to a wrapped SessionManager instance. That is, this class implements the methods in the SessionManager interface, but in reality, those methods are merely passthrough calls to the underlying 'real' SessionManager instance.

The remaining SecurityManager methods not implemented by this class or its parents are left to be implemented by subclasses.

In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever possible, suitable default instances for all dependencies will be created upon instantiation.

Since:
0.9

  • Constructor Details

  • Method Details

    • setSessionManager

      public void setSessionManager(SessionManager sessionManager)
      Sets the underlying delegate SessionManager instance that will be used to support this implementation's SessionManager method calls.

      This SecurityManager implementation does not provide logic to support the inherited SessionManager interface, but instead delegates these calls to an internal SessionManager instance.

      If a SessionManager instance is not set, a default one will be automatically created and initialized appropriately for the the existing runtime environment.

      Parameters:
      sessionManager - delegate instance to use to support this manager's SessionManager method calls.

    • afterSessionManagerSet

      protected void afterSessionManagerSet()

    • getSessionManager

      public SessionManager getSessionManager()
      Returns this security manager's internal delegate SessionManager.
      Returns:
      this security manager's internal delegate SessionManager.
      See Also:

    • afterCacheManagerSet

      protected void afterCacheManagerSet()
      Calls super.afterCacheManagerSet() and then immediately calls applyCacheManagerToSessionManager() to ensure the CacheManager is applied to the SessionManager as necessary.
      Overrides:
      afterCacheManagerSet in class RealmSecurityManager

    • afterEventBusSet

      protected void afterEventBusSet()
      Sets any configured EventBus on the SessionManager if necessary.
      Overrides:
      afterEventBusSet in class RealmSecurityManager
      Since:
      1.3

    • applyCacheManagerToSessionManager

      protected void applyCacheManagerToSessionManager()
      Ensures the internal delegate SessionManager is injected with the newly set CacheManager so it may use it for its internal caching needs.

      Note: This implementation only injects the CacheManager into the SessionManager if the SessionManager instance implements the CacheManagerAware interface.

    • applyEventBusToSessionManager

      protected void applyEventBusToSessionManager()
      Ensures the internal delegate SessionManager is injected with the newly set EventBus so it may use it for its internal event needs.

      Note: This implementation only injects the EventBus into the SessionManager if the SessionManager instance implements the EventBusAware interface.

      Since:
      1.3

    • start

      public Session start(SessionContext context) throws AuthorizationException
      Description copied from interface: SessionManager
      Starts a new session based on the specified contextual initialization data, which can be used by the underlying implementation to determine how exactly to create the internal Session instance.

      This method is mainly used in framework development, as the implementation will often relay the argument to an underlying SessionFactory which could use the context to construct the internal Session instance in a specific manner. This allows pluggable Session creation logic by simply injecting a SessionFactory into the SessionManager instance.

      Parameters:
      context - the contextual initialization data that can be used by the implementation or underlying SessionFactory when instantiating the internal Session instance.
      Returns:
      the newly created session.
      Throws:
      AuthorizationException
      See Also:

    • getSession

      public Session getSession(SessionKey key) throws SessionException
      Description copied from interface: SessionManager
      Retrieves the session corresponding to the specified contextual data (such as a session ID if applicable), or null if no Session could be found. If a session is found but invalid (stopped or expired), a SessionException will be thrown.
      Parameters:
      key - the Session key to use to look-up the Session
      Returns:
      the Session instance corresponding to the given lookup key or null if no session could be acquired.
      Throws:
      SessionException - if a session was found but it was invalid (stopped/expired).

    • destroy

      public void destroy()
      Description copied from class: CachingSecurityManager
      Destroys the cacheManager via LifecycleUtils.destroy.
      Specified by:
      destroy in interface org.apache.shiro.lang.util.Destroyable
      Overrides:
      destroy in class AuthorizingSecurityManager