You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lh...@apache.org on 2010/05/19 03:47:44 UTC
svn commit: r945994 [1/2] - in
/incubator/shiro/branches/session_manager_API_change:
core/src/main/java/org/apache/shiro/mgt/
core/src/main/java/org/apache/shiro/session/
core/src/main/java/org/apache/shiro/session/mgt/
core/src/test/java/org/apache/sh...
Author: lhazlewood
Date: Wed May 19 01:47:43 2010
New Revision: 945994
URL: http://svn.apache.org/viewvc?rev=945994&view=rev
Log:
SHIRO-164 - finished implementation implementation. Session cookies are correctly removed after session expirations or explicit stopping
Added:
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionKey.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SessionKey.java
incubator/shiro/branches/session_manager_API_change/web/src/main/java/org/apache/shiro/web/session/WebSessionKey.java
Modified:
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/ExpiredSessionException.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/InvalidSessionException.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/SessionException.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/StoppedSessionException.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/UnknownSessionException.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/AbstractNativeSessionManager.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/NativeSessionManager.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SessionManager.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java
incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/ValidatingSessionManager.java
incubator/shiro/branches/session_manager_API_change/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java
incubator/shiro/branches/session_manager_API_change/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java
incubator/shiro/branches/session_manager_API_change/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactory.java
incubator/shiro/branches/session_manager_API_change/support/spring/src/test/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactoryTest.java
incubator/shiro/branches/session_manager_API_change/web/src/main/java/org/apache/shiro/web/DefaultWebSecurityManager.java
incubator/shiro/branches/session_manager_API_change/web/src/main/java/org/apache/shiro/web/WebUtils.java
incubator/shiro/branches/session_manager_API_change/web/src/main/java/org/apache/shiro/web/session/DefaultWebSessionManager.java
incubator/shiro/branches/session_manager_API_change/web/src/main/java/org/apache/shiro/web/session/ServletContainerSessionManager.java
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/mgt/DefaultSecurityManager.java Wed May 19 01:47:43 2010
@@ -24,7 +24,9 @@ import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.DefaultSessionContext;
+import org.apache.shiro.session.mgt.DefaultSessionKey;
import org.apache.shiro.session.mgt.SessionContext;
+import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.SubjectContext;
@@ -33,6 +35,7 @@ import org.apache.shiro.util.CollectionU
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import java.io.Serializable;
import java.util.Collection;
/**
@@ -374,6 +377,8 @@ public class DefaultSecurityManager exte
return context;
}
try {
+ //Context couldn't resolve it directly, let's see if we can since we have direct access to
+ //the session manager:
Session session = resolveContextSession(context);
if (session != null) {
context.setSession(session);
@@ -386,8 +391,19 @@ public class DefaultSecurityManager exte
}
protected Session resolveContextSession(SubjectContext context) throws InvalidSessionException {
- SessionContext sessionContext = createSessionContext(context);
- return getSession(sessionContext);
+ SessionKey key = getSessionKey(context);
+ if (key != null) {
+ return getSession(key);
+ }
+ return null;
+ }
+
+ protected SessionKey getSessionKey(SubjectContext context) {
+ Serializable sessionId = context.getSessionId();
+ if (sessionId != null) {
+ return new DefaultSessionKey(sessionId);
+ }
+ return null;
}
/**
@@ -470,6 +486,10 @@ public class DefaultSecurityManager exte
if (!CollectionUtils.isEmpty(subjectContext)) {
sessionContext.putAll(subjectContext);
}
+ Serializable sessionId = subjectContext.getSessionId();
+ if (sessionId != null) {
+ sessionContext.setSessionId(sessionId);
+ }
String host = subjectContext.resolveHost();
if (host != null) {
sessionContext.setHost(host);
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java Wed May 19 01:47:43 2010
@@ -24,6 +24,7 @@ import org.apache.shiro.session.Session;
import org.apache.shiro.session.SessionException;
import org.apache.shiro.session.mgt.DefaultSessionManager;
import org.apache.shiro.session.mgt.SessionContext;
+import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.util.LifecycleUtils;
@@ -121,8 +122,8 @@ public abstract class SessionsSecurityMa
return this.sessionManager.start(context);
}
- public Session getSession(SessionContext context) throws SessionException {
- return this.sessionManager.getSession(context);
+ public Session getSession(SessionKey key) throws SessionException {
+ return this.sessionManager.getSession(key);
}
public void destroy() {
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/ExpiredSessionException.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/ExpiredSessionException.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/ExpiredSessionException.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/ExpiredSessionException.java Wed May 19 01:47:43 2010
@@ -18,8 +18,6 @@
*/
package org.apache.shiro.session;
-import java.io.Serializable;
-
/**
* A special case of a StoppedSessionException. An expired session is a session that has
* stopped explicitly due to inactivity (i.e. time-out), as opposed to stopping due to log-out or
@@ -64,34 +62,4 @@ public class ExpiredSessionException ext
public ExpiredSessionException(String message, Throwable cause) {
super(message, cause);
}
-
- /**
- * Constructs a new ExpiredSessionException.
- *
- * @param sessionId the session id of the session that expired.
- */
- public ExpiredSessionException(Serializable sessionId) {
- this("Session with id [" + sessionId + "] has expired", sessionId);
- }
-
- /**
- * Constructs a new ExpiredSessionException.
- *
- * @param message the reason for the exception
- * @param sessionId the session id of the session that expired.
- */
- public ExpiredSessionException(String message, Serializable sessionId) {
- super(message, sessionId);
- }
-
- /**
- * Constructs a new ExpiredSessionException.
- *
- * @param message the reason for the exception
- * @param cause the underlying Throwable that caused this exception to be thrown.
- * @param sessionId the session id of the session that expired.
- */
- public ExpiredSessionException(String message, Throwable cause, Serializable sessionId) {
- super(message, cause, sessionId);
- }
}
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/InvalidSessionException.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/InvalidSessionException.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/InvalidSessionException.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/InvalidSessionException.java Wed May 19 01:47:43 2010
@@ -18,8 +18,6 @@
*/
package org.apache.shiro.session;
-import java.io.Serializable;
-
/**
* Exception thrown when attempting to interact with the system under an established session
* when that session is considered invalid. The meaning of the term 'invalid' is based on
@@ -71,34 +69,4 @@ public class InvalidSessionException ext
super(message, cause);
}
- /**
- * Constructs a new InvalidSessionException.
- *
- * @param sessionId the session id of the session that has been invalidated.
- */
- public InvalidSessionException(Serializable sessionId) {
- this("Session with id [" + sessionId + "] has been invalidated (stopped)", sessionId);
- }
-
- /**
- * Constructs a new InvalidSessionException.
- *
- * @param message the reason for the exception
- * @param sessionId the session id of the session that has been invalidated.
- */
- public InvalidSessionException(String message, Serializable sessionId) {
- super(message, sessionId);
- }
-
- /**
- * Constructs a new InvalidSessionException.
- *
- * @param message the reason for the exception
- * @param cause the underlying Throwable that caused this exception to be thrown.
- * @param sessionId the session id of the session that has been invalidated.
- */
- public InvalidSessionException(String message, Throwable cause, Serializable sessionId) {
- super(message, cause, sessionId);
- }
-
}
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/SessionException.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/SessionException.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/SessionException.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/SessionException.java Wed May 19 01:47:43 2010
@@ -18,8 +18,6 @@
*/
package org.apache.shiro.session;
-import java.io.Serializable;
-
import org.apache.shiro.ShiroException;
@@ -30,10 +28,7 @@ import org.apache.shiro.ShiroException;
* @author Les Hazlewood
* @since 0.1
*/
-public class SessionException extends ShiroException
-{
-
- private Serializable sessionId;
+public class SessionException extends ShiroException {
/**
* Creates a new SessionException.
@@ -70,54 +65,4 @@ public class SessionException extends Sh
super(message, cause);
}
- /**
- * Constructs a new SessionException.
- *
- * @param sessionId the session id of associated {@link Session Session}.
- */
- public SessionException(Serializable sessionId) {
- setSessionId(sessionId);
- }
-
- /**
- * Constructs a new SessionException.
- *
- * @param message the reason for the exception
- * @param sessionId the session id of associated {@link Session Session}.
- */
- public SessionException(String message, Serializable sessionId) {
- this(message);
- setSessionId(sessionId);
- }
-
- /**
- * Constructs a new InvalidSessionException.
- *
- * @param message the reason for the exception
- * @param cause the underlying Throwable that caused this exception to be thrown.
- * @param sessionId the session id of associated {@link Session Session}.
- */
- public SessionException(String message, Throwable cause, Serializable sessionId) {
- this(message, cause);
- setSessionId(sessionId);
- }
-
- /**
- * Returns the session id of the associated <tt>Session</tt>.
- *
- * @return the session id of the associated <tt>Session</tt>.
- */
- public Serializable getSessionId() {
- return sessionId;
- }
-
- /**
- * Sets the session id of the <tt>Session</tt> associated with this exception.
- *
- * @param sessionId the session id of the <tt>Session</tt> associated with this exception.
- */
- public void setSessionId(Serializable sessionId) {
- this.sessionId = sessionId;
- }
-
}
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/StoppedSessionException.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/StoppedSessionException.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/StoppedSessionException.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/StoppedSessionException.java Wed May 19 01:47:43 2010
@@ -18,8 +18,6 @@
*/
package org.apache.shiro.session;
-import java.io.Serializable;
-
/**
* Exception thrown when attempting to interact with the system under a session that has been
* stopped. A session may be stopped in any number of ways, most commonly due to explicit
@@ -65,34 +63,4 @@ public class StoppedSessionException ext
super(message, cause);
}
- /**
- * Constructs a new StoppedSessionException.
- *
- * @param sessionId the session id of the session that has been stopped.
- */
- public StoppedSessionException(Serializable sessionId) {
- super(sessionId);
- }
-
- /**
- * Constructs a new StoppedSessionException.
- *
- * @param message the reason for the exception
- * @param sessionId the session id of the session that has been stopped.
- */
- public StoppedSessionException(String message, Serializable sessionId) {
- super(message, sessionId);
- }
-
- /**
- * Constructs a new StoppedSessionException.
- *
- * @param message the reason for the exception
- * @param cause the underlying Throwable that caused this exception to be thrown.
- * @param sessionId the session id of the session that has been stopped.
- */
- public StoppedSessionException(String message, Throwable cause, Serializable sessionId) {
- super(message, cause, sessionId);
- }
-
}
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/UnknownSessionException.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/UnknownSessionException.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/UnknownSessionException.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/UnknownSessionException.java Wed May 19 01:47:43 2010
@@ -18,8 +18,6 @@
*/
package org.apache.shiro.session;
-import java.io.Serializable;
-
/**
* Exception thrown when attempting to interact with the system under the pretense of a
* particular session (e.g. under a specific session id), and that session does not exist in
@@ -64,36 +62,4 @@ public class UnknownSessionException ext
public UnknownSessionException(String message, Throwable cause) {
super(message, cause);
}
-
- /**
- * Constructs a new UnknownSessionException.
- *
- * @param sessionId the session id given that is unknown to the system.
- */
- public UnknownSessionException(Serializable sessionId) {
- super("Unable to locate session with id [" + sessionId + "] either because it is an invalid id " +
- "or the session has been deleted due to invalidation (stopped, logged out, or expired).",
- sessionId);
- }
-
- /**
- * Constructs a new UnknownSessionException.
- *
- * @param message the reason for the exception
- * @param sessionId the session id given that is unknown to the system.
- */
- public UnknownSessionException(String message, Serializable sessionId) {
- super(message, sessionId);
- }
-
- /**
- * Constructs a new UnknownSessionException.
- *
- * @param message the reason for the exception
- * @param cause the underlying Throwable that caused this exception to be thrown.
- * @param sessionId the session id given that is unknown to the system.
- */
- public UnknownSessionException(String message, Throwable cause, Serializable sessionId) {
- super(message, cause, sessionId);
- }
}
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/AbstractNativeSessionManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/AbstractNativeSessionManager.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/AbstractNativeSessionManager.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/AbstractNativeSessionManager.java Wed May 19 01:47:43 2010
@@ -17,12 +17,13 @@ package org.apache.shiro.session.mgt;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.session.*;
+import org.apache.shiro.util.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collection;
+import java.util.Collections;
import java.util.Date;
/**
@@ -57,41 +58,67 @@ public abstract class AbstractNativeSess
return createExposedSession(session, context);
}
+ /**
+ * Creates a new {@code Session Session} instance based on the specified (possibly {@code null})
+ * initialization data. Implementing classes must manage the persistent state of the returned session such that it
+ * could later be acquired via the {@link #getSession(SessionKey)} method.
+ *
+ * @param context the initialization data that can be used by the implementation or underlying
+ * {@link SessionFactory} when instantiating the internal {@code Session} instance.
+ * @return the new {@code Session} instance.
+ * @throws org.apache.shiro.authz.HostUnauthorizedException
+ * if the system access control policy restricts access based
+ * on client location/IP and the specified hostAddress hasn't been enabled.
+ * @throws AuthorizationException if the system access control policy does not allow the currently executing
+ * caller to start sessions.
+ */
+ protected abstract Session createSession(SessionContext context) throws AuthorizationException;
+
protected void applyGlobalSessionTimeout(Session session) {
session.setTimeout(getGlobalSessionTimeout());
onChange(session);
}
- public Session getSession(SessionContext context) throws SessionException {
- if (context == null) {
- throw new NullPointerException("SessionContext argument cannot be null.");
+ /**
+ * Template method that allows subclasses to react to a new session being created.
+ * <p/>
+ * This method is invoked <em>before</em> any session listeners are notified.
+ *
+ * @param session the session that was just {@link #createSession created}.
+ * @param context the {@link SessionContext SessionContext} that was used to start the session.
+ */
+ protected void onStart(Session session, SessionContext context) {
+ }
+
+ public Session getSession(SessionKey key) throws SessionException {
+ Session session = lookupSession(key);
+ return session != null ? createExposedSession(session, key) : null;
+ }
+
+ private Session lookupSession(SessionKey key) throws SessionException {
+ if (key == null) {
+ throw new NullPointerException("SessionKey argument cannot be null.");
}
- Serializable sessionId = getSessionId(context);
- if (sessionId == null) {
- String msg = "Unable to resolve a session id from SessionContext [" + context + "]. This is " +
- "required to retrieve the corresponding session.";
+ return doGetSession(key);
+ }
+
+ private Session lookupRequiredSession(SessionKey key) throws SessionException {
+ Session session = lookupSession(key);
+ if (session == null) {
+ String msg = "Unable to locate required Session instance based on SessionKey [" + key + "].";
throw new UnknownSessionException(msg);
}
- Session s;
- try {
- s = doGetSession(sessionId);
- } catch (InvalidSessionException e) {
- onInvalidSession(context, sessionId, e);
- //propagate:
- throw e;
- }
- return createExposedSession(s, context);
+ return session;
}
- protected void onInvalidSession(SessionContext context, Serializable sessionId, InvalidSessionException ise) {
- }
+ protected abstract Session doGetSession(SessionKey key) throws InvalidSessionException;
- public Serializable getSessionId(SessionContext context) {
- return context.getSessionId();
+ protected Session createExposedSession(Session session, SessionContext context) {
+ return new DelegatingSession(this, new DefaultSessionKey(session.getId()));
}
- protected Session createExposedSession(Session session, SessionContext context) {
- return new DelegatingSession(this, session.getId());
+ protected Session createExposedSession(Session session, SessionKey key) {
+ return new DelegatingSession(this, new DefaultSessionKey(session.getId()));
}
/**
@@ -136,139 +163,101 @@ public abstract class AbstractNativeSess
}
}
- public Date getStartTimestamp(Serializable sessionId) {
- return getSession(sessionId).getStartTimestamp();
+ public Date getStartTimestamp(SessionKey key) {
+ return lookupRequiredSession(key).getStartTimestamp();
}
- public Date getLastAccessTime(Serializable sessionId) {
- return getSession(sessionId).getLastAccessTime();
+ public Date getLastAccessTime(SessionKey key) {
+ return lookupRequiredSession(key).getLastAccessTime();
}
- public long getTimeout(Serializable sessionId) throws InvalidSessionException {
- return getSession(sessionId).getTimeout();
+ public long getTimeout(SessionKey key) throws InvalidSessionException {
+ return lookupRequiredSession(key).getTimeout();
}
- public void setTimeout(Serializable sessionId, long maxIdleTimeInMillis) throws InvalidSessionException {
- Session s = getSession(sessionId);
+ public void setTimeout(SessionKey key, long maxIdleTimeInMillis) throws InvalidSessionException {
+ Session s = lookupRequiredSession(key);
s.setTimeout(maxIdleTimeInMillis);
onChange(s);
}
- public void touch(Serializable sessionId) throws InvalidSessionException {
- Session s = getSession(sessionId);
+ public void touch(SessionKey key) throws InvalidSessionException {
+ Session s = lookupRequiredSession(key);
s.touch();
onChange(s);
}
- public String getHost(Serializable sessionId) {
- return getSession(sessionId).getHost();
- }
-
- public void stop(Serializable sessionId) throws InvalidSessionException {
- Session session = getSession(sessionId);
- stop(session);
+ public String getHost(SessionKey key) {
+ return lookupRequiredSession(key).getHost();
}
- protected void stop(Session session) {
- if (log.isDebugEnabled()) {
- log.debug("Stopping session with id [" + session.getId() + "]");
+ public Collection<Object> getAttributeKeys(SessionKey key) {
+ Collection<Object> c = lookupRequiredSession(key).getAttributeKeys();
+ if (!CollectionUtils.isEmpty(c)) {
+ return Collections.unmodifiableCollection(c);
}
- session.stop();
- onStop(session);
- notifyStop(session);
- afterStopped(session);
- }
-
- protected void afterStopped(Session session) {
- }
-
- public Collection<Object> getAttributeKeys(Serializable sessionId) {
- return getSession(sessionId).getAttributeKeys();
+ return Collections.emptySet();
}
- public Object getAttribute(Serializable sessionId, Object key) throws InvalidSessionException {
- return getSession(sessionId).getAttribute(key);
+ public Object getAttribute(SessionKey sessionKey, Object attributeKey) throws InvalidSessionException {
+ return lookupRequiredSession(sessionKey).getAttribute(attributeKey);
}
- public void setAttribute(Serializable sessionId, Object key, Object value) throws InvalidSessionException {
+ public void setAttribute(SessionKey sessionKey, Object attributeKey, Object value) throws InvalidSessionException {
if (value == null) {
- removeAttribute(sessionId, key);
+ removeAttribute(sessionKey, attributeKey);
} else {
- Session s = getSession(sessionId);
- s.setAttribute(key, value);
+ Session s = lookupRequiredSession(sessionKey);
+ s.setAttribute(attributeKey, value);
onChange(s);
}
}
- public Object removeAttribute(Serializable sessionId, Object key) throws InvalidSessionException {
- Session s = getSession(sessionId);
- Object removed = s.removeAttribute(key);
+ public Object removeAttribute(SessionKey sessionKey, Object attributeKey) throws InvalidSessionException {
+ Session s = lookupRequiredSession(sessionKey);
+ Object removed = s.removeAttribute(attributeKey);
if (removed != null) {
onChange(s);
}
return removed;
}
- protected Session getSession(Serializable sessionId) throws InvalidSessionException {
- if (sessionId == null) {
- throw new IllegalArgumentException("sessionId parameter cannot be null.");
- }
- Session session = doGetSession(sessionId);
- if (session == null) {
- String msg = "There is no session with id [" + sessionId + "]";
- throw new UnknownSessionException(msg);
- }
- return session;
- }
-
- public boolean isValid(Serializable sessionId) {
+ public boolean isValid(SessionKey key) {
try {
- checkValid(sessionId);
+ checkValid(key);
return true;
} catch (InvalidSessionException e) {
return false;
}
}
- public void checkValid(Serializable sessionId) throws InvalidSessionException {
- //just try to acquire it. If there is a problem, an exception will be thrown:
- getSession(sessionId);
+ public void stop(SessionKey key) throws InvalidSessionException {
+ Session session = lookupRequiredSession(key);
+ if (log.isDebugEnabled()) {
+ log.debug("Stopping session with id [" + session.getId() + "]");
+ }
+ session.stop();
+ onStop(session, key);
+ notifyStop(session);
+ afterStopped(session);
}
- /**
- * Template method that allows subclasses to react to a new session being created.
- * <p/>
- * This method is invoked <em>before</em> any session listeners are notified.
- *
- * @param session the session that was just {@link #createSession created}.
- * @param context the {@link SessionContext SessionContext} that was used to start the session.
- */
- protected void onStart(Session session, SessionContext context) {
+ protected void onStop(Session session, SessionKey key) {
+ onStop(session);
}
protected void onStop(Session session) {
onChange(session);
}
- protected void onChange(Session s) {
+ protected void afterStopped(Session session) {
}
- protected abstract Session doGetSession(Serializable sessionId) throws InvalidSessionException;
-
- /**
- * Creates a new {@code Session Session} instance based on the specified (possibly {@code null})
- * initialization data. Implementing classes must manage the persistent state of the returned session such that it
- * could later be acquired via the {@link #getSession(java.io.Serializable)} method.
- *
- * @param context the initialization data that can be used by the implementation or underlying
- * {@link SessionFactory} when instantiating the internal {@code Session} instance.
- * @return the new {@code Session} instance.
- * @throws org.apache.shiro.authz.HostUnauthorizedException
- * if the system access control policy restricts access based
- * on client location/IP and the specified hostAddress hasn't been enabled.
- * @throws AuthorizationException if the system access control policy does not allow the currently executing
- * caller to start sessions.
- */
- protected abstract Session createSession(SessionContext context) throws AuthorizationException;
+ public void checkValid(SessionKey key) throws InvalidSessionException {
+ //just try to acquire it. If there is a problem, an exception will be thrown:
+ lookupRequiredSession(key);
+ }
+ protected void onChange(Session s) {
+ }
}
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/AbstractValidatingSessionManager.java Wed May 19 01:47:43 2010
@@ -28,7 +28,6 @@ import org.apache.shiro.util.LifecycleUt
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.Serializable;
import java.util.Collection;
@@ -70,6 +69,7 @@ public abstract class AbstractValidating
return sessionValidationSchedulerEnabled;
}
+ @SuppressWarnings({"UnusedDeclaration"})
public void setSessionValidationSchedulerEnabled(boolean sessionValidationSchedulerEnabled) {
this.sessionValidationSchedulerEnabled = sessionValidationSchedulerEnabled;
}
@@ -111,29 +111,27 @@ public abstract class AbstractValidating
return sessionValidationInterval;
}
- protected final Session doGetSession(final Serializable sessionId) throws InvalidSessionException {
+ @Override
+ protected final Session doGetSession(final SessionKey key) throws InvalidSessionException {
enableSessionValidationIfNecessary();
- if (log.isTraceEnabled()) {
- log.trace("Attempting to retrieve session with id [" + sessionId + "]");
- }
- Session s = retrieveSession(sessionId);
- if (s == null) {
- throw new UnknownSessionException("The session data store did not return a session for " +
- "sessionId [" + sessionId + "]", sessionId);
+ log.trace("Attempting to retrieve session with key {}", key);
+
+ Session s = retrieveSession(key);
+ if (s != null) {
+ validate(s, key);
}
- validate(s);
return s;
}
/**
- * Looks up a session from the underlying data store based on the specified {@code sessionId}.
+ * Looks up a session from the underlying data store based on the specified session key.
*
- * @param sessionId the id of the session to retrieve from the data store
+ * @param key the session key to use to look up the target session.
* @return the session identified by {@code sessionId}.
* @throws UnknownSessionException if there is no session identified by {@code sessionId}.
*/
- protected abstract Session retrieveSession(Serializable sessionId) throws UnknownSessionException;
+ protected abstract Session retrieveSession(SessionKey key) throws UnknownSessionException;
protected Session createSession(SessionContext context) throws AuthorizationException {
enableSessionValidationIfNecessary();
@@ -142,47 +140,43 @@ public abstract class AbstractValidating
protected abstract Session doCreateSession(SessionContext initData) throws AuthorizationException;
- protected void validate(Session session) throws InvalidSessionException {
+ protected void validate(Session session, SessionKey key) throws InvalidSessionException {
try {
doValidate(session);
} catch (ExpiredSessionException ese) {
- onExpiration(session, ese);
+ onExpiration(session, ese, key);
throw ese;
} catch (InvalidSessionException ise) {
- onInvalidation(session, ise);
+ onInvalidation(session, ise, key);
throw ise;
}
}
- protected void onExpiration(Session s, ExpiredSessionException ese) {
- if (log.isTraceEnabled()) {
- log.trace("Session with id [{}] has expired.", ese.getSessionId());
- }
+ protected void onExpiration(Session s, ExpiredSessionException ese, SessionKey key) {
+ log.trace("Session with id [{}] has expired.", s.getId());
onExpiration(s);
notifyExpiration(s);
afterExpired(s);
}
- protected void onInvalidation(Session s, InvalidSessionException ise) {
+ protected void onExpiration(Session session) {
+ onChange(session);
+ }
+
+ protected void afterExpired(Session session) {
+ }
+
+ protected void onInvalidation(Session s, InvalidSessionException ise, SessionKey key) {
if (ise instanceof ExpiredSessionException) {
- onExpiration(s, (ExpiredSessionException) ise);
+ onExpiration(s, (ExpiredSessionException) ise, key);
return;
}
- if (log.isTraceEnabled()) {
- log.trace("Session with id [{}] is invalid.", ise.getSessionId());
- }
+ log.trace("Session with id [{}] is invalid.", s.getId());
onStop(s);
notifyStop(s);
afterStopped(s);
}
- protected void onExpiration(Session session) {
- onChange(session);
- }
-
- protected void afterExpired(Session session) {
- }
-
protected void doValidate(Session session) throws InvalidSessionException {
if (session instanceof ValidatingSession) {
((ValidatingSession) session).validate();
@@ -280,7 +274,7 @@ public abstract class AbstractValidating
if (activeSessions != null && !activeSessions.isEmpty()) {
for (Session s : activeSessions) {
try {
- validate(s);
+ doValidate(s);
} catch (InvalidSessionException e) {
if (log.isDebugEnabled()) {
boolean expired = (e instanceof ExpiredSessionException);
@@ -305,10 +299,4 @@ public abstract class AbstractValidating
}
protected abstract Collection<Session> getActiveSessions();
-
- public void validateSession(Serializable sessionId) {
- //standard getSession call will validate, so just call the method:
- getSession(sessionId);
- }
-
}
Added: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionKey.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionKey.java?rev=945994&view=auto
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionKey.java (added)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionKey.java Wed May 19 01:47:43 2010
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2008 Les Hazlewood
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.shiro.session.mgt;
+
+import java.io.Serializable;
+
+/**
+ * Default implementation of the {@link SessionKey} interface, which allows setting and retrieval of a concrete
+ * {@link #getSessionId() sessionId} that the {@code SessionManager} implementation can use to look up a
+ * {@code Session} instance.
+ *
+ * @author Les Hazlewood
+ * @since 1.0
+ */
+public class DefaultSessionKey implements SessionKey, Serializable {
+
+ private Serializable sessionId;
+
+ public DefaultSessionKey() {
+ }
+
+ public DefaultSessionKey(Serializable sessionId) {
+ this.sessionId = sessionId;
+ }
+
+ public void setSessionId(Serializable sessionId) {
+ this.sessionId = sessionId;
+ }
+
+ public Serializable getSessionId() {
+ return this.sessionId;
+ }
+}
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DefaultSessionManager.java Wed May 19 01:47:43 2010
@@ -178,6 +178,7 @@ public class DefaultSessionManager exten
sessionDAO.create(session);
}
+ @Override
protected void onStop(Session session) {
if (session instanceof SimpleSession) {
SimpleSession ss = (SimpleSession) session;
@@ -212,8 +213,24 @@ public class DefaultSessionManager exten
sessionDAO.update(session);
}
- protected Session retrieveSession(Serializable sessionId) throws UnknownSessionException {
- return retrieveSessionFromDataSource(sessionId);
+ protected Session retrieveSession(SessionKey sessionKey) throws UnknownSessionException {
+ Serializable sessionId = getSessionId(sessionKey);
+ if (sessionId == null) {
+ log.debug("Unable to resolve session ID from SessionKey [{}]. Returning null to indicate a " +
+ "session could not be found.", sessionKey);
+ return null;
+ }
+ Session s = retrieveSessionFromDataSource(sessionId);
+ if (s == null) {
+ //session ID was provided, meaning one is expected to be found, but we couldn't find one:
+ String msg = "Could not find session with ID [" + sessionId + "]";
+ throw new UnknownSessionException(msg);
+ }
+ return s;
+ }
+
+ protected Serializable getSessionId(SessionKey sessionKey) {
+ return sessionKey.getSessionId();
}
protected Session retrieveSessionFromDataSource(Serializable sessionId) throws UnknownSessionException {
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/DelegatingSession.java Wed May 19 01:47:43 2010
@@ -46,84 +46,40 @@ public class DelegatingSession implement
//TODO - complete JavaDoc
- private Serializable id = null;
+ private final SessionKey key;
//cached fields to avoid a server-side method call if out-of-process:
private Date startTimestamp = null;
private String host = null;
/**
- * Handle to a server-side SessionManager. See {@link #setSessionManager} for details.
+ * Handle to the target NativeSessionManager that will support the delegate calls.
*/
- private transient NativeSessionManager sessionManager = null;
+ private final transient NativeSessionManager sessionManager;
- public DelegatingSession() {
- }
-
- public DelegatingSession(NativeSessionManager sessionManager, Serializable id) {
+ public DelegatingSession(NativeSessionManager sessionManager, SessionKey key) {
if (sessionManager == null) {
throw new IllegalArgumentException("sessionManager argument cannot be null.");
}
- if (id == null) {
- throw new IllegalArgumentException("session id argument cannot be null.");
+ if (key == null) {
+ throw new IllegalArgumentException("sessionKey argument cannot be null.");
+ }
+ if (key.getSessionId() == null) {
+ String msg = "The " + DelegatingSession.class.getName() + " implementation requires that the " +
+ "SessionKey argument returns a non-null sessionId to support the " +
+ "Session.getId() invocations.";
+ throw new IllegalArgumentException(msg);
}
this.sessionManager = sessionManager;
- this.id = id;
- }
-
- public DelegatingSession(NativeSessionManager sessionManager, Serializable id, String host) {
- this(sessionManager, id);
- this.host = host;
- }
-
- /**
- * Returns the {@link SessionManager SessionManager} used by this handle to invoke
- * all session-related methods.
- *
- * @return the {@link SessionManager SessionManager} used by this handle to invoke
- * all session-related methods.
- */
- public NativeSessionManager getSessionManager() {
- return sessionManager;
- }
-
- /**
- * Sets the {@link NativeSessionManager NativeSessionManager} to which this <tt>DelegatingSession</tt> will
- * delegate its method calls. In a rich client environment, this <tt>SessionManager</tt> will
- * probably be a remoting proxy which executes remote method invocations. In a single-process
- * environment (e.g. a web application deployed in the same JVM of the application server),
- * the <tt>SessionManager</tt> can be the actual business POJO implementation.
- * <p/>
- * <p>You'll notice the {@link Session Session} interface and the {@link SessionManager}
- * interface are nearly identical. This is to ensure the SessionManager can support
- * most method calls in the Session interface, via this handle/proxy technique. The session
- * manager is implementated as a stateless business POJO, with the handle passing the
- * session id as necessary.
- *
- * @param sessionManager the <tt>SessionManager</tt> this handle will use when delegating
- * method calls.
- */
- public void setSessionManager(NativeSessionManager sessionManager) {
- this.sessionManager = sessionManager;
- }
-
- /**
- * Sets the sessionId used by this handle for all future {@link NativeSessionManager NativeSessionManager}
- * method invocations.
- *
- * @param id the <tt>sessionId</tt> to use for all <tt>NativeSessionManager</tt> invocations.
- * @see #setSessionManager(NativeSessionManager nativeSessionManager)
- */
- public void setId(Serializable id) {
- this.id = id;
+ this.key = key;
}
/**
* @see org.apache.shiro.session.Session#getId()
*/
public Serializable getId() {
- return id;
+ return key.getSessionId();
}
/**
@@ -131,7 +87,7 @@ public class DelegatingSession implement
*/
public Date getStartTimestamp() {
if (startTimestamp == null) {
- startTimestamp = sessionManager.getStartTimestamp(id);
+ startTimestamp = sessionManager.getStartTimestamp(key);
}
return startTimestamp;
}
@@ -141,20 +97,20 @@ public class DelegatingSession implement
*/
public Date getLastAccessTime() {
//can't cache - only business pojo knows the accurate time:
- return sessionManager.getLastAccessTime(id);
+ return sessionManager.getLastAccessTime(key);
}
public long getTimeout() throws InvalidSessionException {
- return sessionManager.getTimeout(id);
+ return sessionManager.getTimeout(key);
}
public void setTimeout(long maxIdleTimeInMillis) throws InvalidSessionException {
- sessionManager.setTimeout(id, maxIdleTimeInMillis);
+ sessionManager.setTimeout(key, maxIdleTimeInMillis);
}
public String getHost() {
if (host == null) {
- host = sessionManager.getHost(id);
+ host = sessionManager.getHost(key);
}
return host;
}
@@ -163,46 +119,45 @@ public class DelegatingSession implement
* @see org.apache.shiro.session.Session#touch()
*/
public void touch() throws InvalidSessionException {
- sessionManager.touch(id);
+ sessionManager.touch(key);
}
/**
* @see org.apache.shiro.session.Session#stop()
*/
public void stop() throws InvalidSessionException {
- sessionManager.stop(id);
+ sessionManager.stop(key);
}
/**
* @see org.apache.shiro.session.Session#getAttributeKeys
*/
- @SuppressWarnings({"unchecked"})
public Collection<Object> getAttributeKeys() throws InvalidSessionException {
- return sessionManager.getAttributeKeys(id);
+ return sessionManager.getAttributeKeys(key);
}
/**
* @see org.apache.shiro.session.Session#getAttribute(Object key)
*/
- public Object getAttribute(Object key) throws InvalidSessionException {
- return sessionManager.getAttribute(id, key);
+ public Object getAttribute(Object attributeKey) throws InvalidSessionException {
+ return sessionManager.getAttribute(this.key, attributeKey);
}
/**
* @see Session#setAttribute(Object key, Object value)
*/
- public void setAttribute(Object key, Object value) throws InvalidSessionException {
+ public void setAttribute(Object attributeKey, Object value) throws InvalidSessionException {
if (value == null) {
- removeAttribute(key);
+ removeAttribute(attributeKey);
} else {
- sessionManager.setAttribute(id, key, value);
+ sessionManager.setAttribute(this.key, attributeKey, value);
}
}
/**
* @see Session#removeAttribute(Object key)
*/
- public Object removeAttribute(Object key) throws InvalidSessionException {
- return sessionManager.removeAttribute(id, key);
+ public Object removeAttribute(Object attributeKey) throws InvalidSessionException {
+ return sessionManager.removeAttribute(this.key, attributeKey);
}
}
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/NativeSessionManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/NativeSessionManager.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/NativeSessionManager.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/NativeSessionManager.java Wed May 19 01:47:43 2010
@@ -17,7 +17,6 @@ package org.apache.shiro.session.mgt;
import org.apache.shiro.session.InvalidSessionException;
-import java.io.Serializable;
import java.util.Collection;
import java.util.Date;
@@ -32,164 +31,152 @@ import java.util.Date;
public interface NativeSessionManager extends SessionManager {
/**
- * Returns the time the Session identified by the specified {@code sessionId} was started
- * in the system.
+ * Returns the time the associated {@code Session} started (was created).
*
- * @param sessionId the system identifier for the session of interest.
- * @return the system time the specified session was started (i.e. created).
+ * @param key the session key to use to look up the target session.
+ * @return the time the specified {@code Session} started (was created).
* @see org.apache.shiro.session.Session#getStartTimestamp()
*/
- Date getStartTimestamp(Serializable sessionId);
+ Date getStartTimestamp(SessionKey key);
/**
- * Returns the time the {@code Session} identified by the specified {@code sessionId} last
- * interacted with the system.
+ * Returns the time the associated {@code Session} last interacted with the system.
*
- * @param sessionId the system identifier for the session of interest
+ * @param key the session key to use to look up the target session.
* @return time the session last accessed the system
* @see org.apache.shiro.session.Session#getLastAccessTime()
* @see org.apache.shiro.session.Session#touch()
*/
- Date getLastAccessTime(Serializable sessionId);
+ Date getLastAccessTime(SessionKey key);
/**
- * Returns {@code true} if the session is valid (it exists and is not stopped nor expired), {@code false} otherwise.
+ * Returns {@code true} if the associated session is valid (it exists and is not stopped nor expired),
+ * {@code false} otherwise.
*
- * @param sessionId the id of the session to check
+ * @param key the session key to use to look up the target session.
* @return {@code true} if the session is valid (exists and is not stopped or expired), {@code false} otherwise.
*/
- boolean isValid(Serializable sessionId);
+ boolean isValid(SessionKey key);
/**
* Returns quietly if the associated session is valid (it exists and is not stopped or expired) or throws
- * an {@link org.apache.shiro.session.InvalidSessionException} indicating that the session id is invalid. This might be preferred to be
- * used instead of {@link #isValid} since any exception thrown will definitively explain the reason for
- * invalidation.
+ * an {@link org.apache.shiro.session.InvalidSessionException} indicating that the session id is invalid. This
+ * might be preferred to be used instead of {@link #isValid} since any exception thrown will definitively explain
+ * the reason for invalidation.
*
- * @param sessionId the session id to check for validity.
+ * @param key the session key to use to look up the target session.
* @throws org.apache.shiro.session.InvalidSessionException
* if the session id is invalid (it does not exist or it is stopped or expired).
- * @since 1.0
*/
- void checkValid(Serializable sessionId) throws InvalidSessionException;
+ void checkValid(SessionKey key) throws InvalidSessionException;
/**
- * Returns the time in milliseconds that the specified session may remain idle before expiring.
+ * Returns the time in milliseconds that the associated session may remain idle before expiring.
* <ul>
* <li>A negative return value means the session will never expire.</li>
* <li>A non-negative return value (0 or greater) means the session expiration will occur if idle for that
* length of time.</li>
* </ul>
*
- * @param sessionId the system identifier of the session of interest.
- * @return the time in milliseconds that the specified session may remain idle before expiring.
+ * @param key the session key to use to look up the target session.
+ * @return the time in milliseconds that the associated session may remain idle before expiring.
* @throws org.apache.shiro.session.InvalidSessionException
* if the session has been stopped or expired prior to calling this method.
- * @since 0.2
*/
- long getTimeout(Serializable sessionId) throws InvalidSessionException;
+ long getTimeout(SessionKey key) throws InvalidSessionException;
/**
- * Sets the time in milliseconds that the specified session may remain idle before expiring.
+ * Sets the time in milliseconds that the associated session may remain idle before expiring.
* <ul>
* <li>A negative return value means the session will never expire.</li>
* <li>A non-negative return value (0 or greater) means the session expiration will occur if idle for that
* length of time.</li>
* </ul>
*
- * @param sessionId the system identifier of the session of interest.
- * @param maxIdleTimeInMillis the time in milliseconds that the specified session may remain idle before expiring.
+ * @param key the session key to use to look up the target session.
+ * @param maxIdleTimeInMillis the time in milliseconds that the associated session may remain idle before expiring.
* @throws org.apache.shiro.session.InvalidSessionException
* if the session has been stopped or expired prior to calling this method.
- * @since 0.2
*/
- void setTimeout(Serializable sessionId, long maxIdleTimeInMillis) throws InvalidSessionException;
+ void setTimeout(SessionKey key, long maxIdleTimeInMillis) throws InvalidSessionException;
/**
* Updates the last accessed time of the session identified by <code>sessionId</code>. This
* can be used to explicitly ensure that a session does not time out.
*
- * @param sessionId the id of the session to update.
+ * @param key the session key to use to look up the target session.
* @throws org.apache.shiro.session.InvalidSessionException
* if the session has been stopped or expired prior to calling this method.
* @see org.apache.shiro.session.Session#touch
*/
- void touch(Serializable sessionId) throws InvalidSessionException;
+ void touch(SessionKey key) throws InvalidSessionException;
/**
* Returns the host name or IP string of the host where the session was started, if known. If
* no host name or IP was specified when starting the session, this method returns {@code null}
*
- * @param sessionId the id of the session to query.
+ * @param key the session key to use to look up the target session.
* @return the host name or ip address of the host where the session originated, if known. If unknown,
* this method returns {@code null}.
- * @since 1.0
*/
- String getHost(Serializable sessionId);
+ String getHost(SessionKey key);
/**
- * Explicitly stops the session identified by {@code sessionId}, thereby releasing all
- * associated resources.
+ * Explicitly stops the associated session, thereby releasing all of its resources.
*
- * @param sessionId the system identfier of the system to destroy.
- * @throws InvalidSessionException if the session has stopped or expired prior to calling
- * this method.
+ * @param key the session key to use to look up the target session.
+ * @throws InvalidSessionException if the session has stopped or expired prior to calling this method.
* @see org.apache.shiro.session.Session#stop
*/
- void stop(Serializable sessionId) throws InvalidSessionException;
+ void stop(SessionKey key) throws InvalidSessionException;
/**
- * Returns the keys of all the attributes stored under the session identified by {@code sessionId}.
- * If there are no attributes, this returns an empty collection.
+ * Returns all attribute keys maintained by the target session or an empty collection if there are no attributes.
*
- * @param sessionId the system identifier of the system to access.
- * @return the keys of all attributes stored under the specified session, or an empty collection if
- * there are no session attributes.
- * @throws InvalidSessionException if the specified session has stopped or expired prior to calling this method.
+ * @param sessionKey the session key to use to look up the target session.
+ * @return all attribute keys maintained by the target session or an empty collection if there are no attributes.
+ * @throws InvalidSessionException if the associated session has stopped or expired prior to calling this method.
* @see org.apache.shiro.session.Session#getAttributeKeys()
- * @since 0.2
*/
- Collection<Object> getAttributeKeys(Serializable sessionId);
+ Collection<Object> getAttributeKeys(SessionKey sessionKey);
/**
- * Returns the object bound to the specified session identified by the specified key. If there
- * is noobject bound under the key for the given session, {@code null} is returned.
+ * Returns the object bound to the associated session identified by the specified attribute key. If there
+ * is no object bound under the attribute key for the given session, {@code null} is returned.
*
- * @param sessionId the system identifier of the session of interest
- * @param key the unique name of the object bound to the specified session
- * @return the object bound under the specified {@code key} name or {@code null} if there is
- * no object bound under that name.
+ * @param sessionKey session key to use to look up the target session.
+ * @param attributeKey the unique name of the object bound to the associated session
+ * @return the object bound under the {@code attributeKey} or {@code null} if there is no object bound.
* @throws InvalidSessionException if the specified session has stopped or expired prior to calling this method.
* @see org.apache.shiro.session.Session#getAttribute(Object key)
*/
- Object getAttribute(Serializable sessionId, Object key) throws InvalidSessionException;
+ Object getAttribute(SessionKey sessionKey, Object attributeKey) throws InvalidSessionException;
/**
- * Binds the specified {@code value} to the specified session uniquely identified by the
- * specifed {@code key} name. If there is already an object bound under the {@code key}
- * name, that existing object will be replaced by the new {@code value}.
+ * Binds the specified {@code value} to the associated session uniquely identified by the {@code attributeKey}.
+ * If there is already a session attribute bound under the {@code attributeKey}, that existing object will be
+ * replaced by the new {@code value}.
* <p/>
* If the {@code value} parameter is null, it has the same effect as if the
- * {@link #removeAttribute(Serializable sessionId, Object key)} method was called.
+ * {@link #removeAttribute(SessionKey sessionKey, Object attributeKey)} method was called.
*
- * @param sessionId the system identifier of the session of interest
- * @param key the name under which the {@code value} object will be bound in this session
- * @param value the object to bind in this session.
+ * @param sessionKey the session key to use to look up the target session.
+ * @param attributeKey the key under which the {@code value} object will be bound in this session
+ * @param value the object to bind in this session.
* @throws InvalidSessionException if the specified session has stopped or expired prior to calling this method.
* @see org.apache.shiro.session.Session#setAttribute(Object key, Object value)
*/
- void setAttribute(Serializable sessionId, Object key, Object value) throws InvalidSessionException;
+ void setAttribute(SessionKey sessionKey, Object attributeKey, Object value) throws InvalidSessionException;
/**
- * Removes (unbinds) the object bound to this session under the specified {@code key} name.
+ * Removes (unbinds) the object bound to associated {@code Session} under the given {@code attributeKey}.
*
- * @param sessionId the system identifier of the session of interest
- * @param key the name uniquely identifying the object to remove
- * @return the object removed or {@code null} if there was no object bound under the specified
- * {@code key} name.
+ * @param sessionKey session key to use to look up the target session.
+ * @param attributeKey the key uniquely identifying the object to remove
+ * @return the object removed or {@code null} if there was no object bound under the specified {@code attributeKey}.
* @throws InvalidSessionException if the specified session has stopped or expired prior to calling this method.
* @see org.apache.shiro.session.Session#removeAttribute(Object key)
*/
- Object removeAttribute(Serializable sessionId, Object key) throws InvalidSessionException;
+ Object removeAttribute(SessionKey sessionKey, Object attributeKey) throws InvalidSessionException;
}
Added: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SessionKey.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SessionKey.java?rev=945994&view=auto
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SessionKey.java (added)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SessionKey.java Wed May 19 01:47:43 2010
@@ -0,0 +1,47 @@
+/*
+ * Copyright 2008 Les Hazlewood
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.shiro.session.mgt;
+
+import java.io.Serializable;
+
+/**
+ * A {@code SessionKey} is a key that allows look-up of any particular {@link org.apache.shiro.session.Session Session}
+ * instance. This is not to be confused what is probably better recognized as a session <em>attribute</em> key - a key
+ * that is used to acquire a session attribute via the
+ * {@link org.apache.shiro.session.Session#getAttribute(Object) Session.getAttribute} method. A {@code SessionKey}
+ * looks up a Session object directly.
+ * <p/>
+ * While a {@code SessionKey} allows lookup of <em>any</em> Session that might exist, this is not something in practice
+ * done too often by most Shiro end-users. Instead, it is usually more convenient to acquire the currently executing
+ * {@code Subject}'s session via the {@link org.apache.shiro.subject.Subject#getSession} method. This interface and
+ * its usages are best suited for framework development.
+ *
+ * @author Les Hazlewood
+ * @since 1.0
+ */
+public interface SessionKey {
+
+ /**
+ * Returns the id of the session to acquire.
+ * <p/>
+ * Acquiring sessions by ID only is a suitable strategy when sessions are natively managed by Shiro directly.
+ * For example, the Servlet specification does not have an API that allows session acquisition by session ID, so
+ * the session ID alone is not sufficient for ServletContainer-based SessionManager implementations.
+ *
+ * @return the id of the session to acquire.
+ */
+ Serializable getSessionId();
+}
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SessionManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SessionManager.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SessionManager.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SessionManager.java Wed May 19 01:47:43 2010
@@ -52,11 +52,11 @@ public interface SessionManager {
* {@code null} if no Session could be found. If a session is found but invalid (stopped or expired), a
* {@link SessionException} will be thrown.
*
- * @param context the context data that can be used for lookup data to acquire the Session
- * @return the {@code Session} instance corresponding to the given context lookup data or {@code null} if no session
+ * @param key the Session key to use to look-up the Session
+ * @return the {@code Session} instance corresponding to the given lookup key or {@code null} if no session
* could be acquired.
* @throws SessionException if a session was found but it was invalid (stopped/expired).
* @since 1.0
*/
- Session getSession(SessionContext context) throws SessionException;
+ Session getSession(SessionKey key) throws SessionException;
}
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java Wed May 19 01:47:43 2010
@@ -252,7 +252,7 @@ public class SimpleSession implements Va
String msg = "Session with id [" + getId() + "] has been " +
"explicitly stopped. No further interaction under this session is " +
"allowed.";
- throw new StoppedSessionException(msg, getId());
+ throw new StoppedSessionException(msg);
}
//check for expiration
@@ -274,7 +274,7 @@ public class SimpleSession implements Va
if (log.isTraceEnabled()) {
log.trace(msg);
}
- throw new ExpiredSessionException(msg, sessionId);
+ throw new ExpiredSessionException(msg);
}
}
Modified: incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/ValidatingSessionManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/ValidatingSessionManager.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/ValidatingSessionManager.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/main/java/org/apache/shiro/session/mgt/ValidatingSessionManager.java Wed May 19 01:47:43 2010
@@ -18,11 +18,6 @@
*/
package org.apache.shiro.session.mgt;
-import java.io.Serializable;
-
-import org.apache.shiro.session.InvalidSessionException;
-
-
/**
* A ValidatingSessionManager is a SessionManager that can proactively validate any or all sessions
* that may be expired.
@@ -37,13 +32,13 @@ public interface ValidatingSessionManage
* have not been stopped or expired), and validates each one. If a session is
* found to be invalid (e.g. it has expired), it is updated and saved to the EIS.
* <p/>
- * <p>This method is necessary in order to handle orphaned sessions and is expected to be run at
+ * This method is necessary in order to handle orphaned sessions and is expected to be run at
* a regular interval, such as once an hour, once a day or once a week, etc.
* The "best" frequency to run this method is entirely dependent upon the application
* and would be based on factors such as performance, average number of active users, hours of
* least activity, and other things.
* <p/>
- * <p>Most enterprise applications use a request/response programming model.
+ * Most enterprise applications use a request/response programming model.
* This is obvious in the case of web applications due to the HTTP protocol, but it is
* equally true of remote client applications making remote method invocations. The server
* essentially sits idle and only "works" when responding to client requests and/or
@@ -52,34 +47,27 @@ public interface ValidatingSessionManage
* "lazy" behavior enables the system to lie stateless and/or idle and only incur
* overhead for session validation when necessary.
* <p/>
- * <p>However, if a client forgets to log-out, or in the event of a server failure, it is
+ * However, if a client forgets to log-out, or in the event of a server failure, it is
* possible for sessions to be orphaned since no further requests would utilize that session.
* Because of these lower-probability cases, it might be required to regularly clean-up the sessions
* maintained by the system, especially if sessions are backed by a persistent data store.
* <p/>
- * <p>Even in applications that aren't primarily based on a request/response model,
+ * Even in applications that aren't primarily based on a request/response model,
* such as those that use enterprise asynchronous messaging (where data is pushed to
* a client without first receiving a client request), it is almost always acceptable to
* utilize this lazy approach and run this method at defined interval.
* <p/>
- * <p>Systems that want to proactively validate individual sessions may call the
- * {@link #validateSession(Serializable) validateSession} method. Note that even in such
- * proactive systems, this {@code validateSessions} method should be invoked regularaly
- * anyway to <em>guarantee</em> no orphans exist.
+ * Systems that want to proactively validate individual sessions may simply call the
+ * {@link #getSession(SessionKey) getSession(SessionKey)} method on any
+ * {@code ValidatingSessionManager} instance as that method is expected to
+ * validate the session before retrieving it. Note that even with proactive calls to {@code getSession},
+ * this {@code validateSessions()} method should be invoked regularly anyway to <em>guarantee</em> no
+ * orphans exist.
* <p/>
- * <p><b>Note:</b> Shiro supports automatic execution of this method at a regular interval
+ * <b>Note:</b> Shiro supports automatic execution of this method at a regular interval
* by using {@link SessionValidationScheduler}s. The Shiro default SecurityManager implementations
* needing session validation will create and use one by default if one is not provided by the
* application configuration.
*/
void validateSessions();
-
- /**
- * Proactively validates a single session.
- *
- * @param sessionId the id of the session to validate
- * @throws org.apache.shiro.session.InvalidSessionException
- * if, upon validation, the session was stopped or expired.
- */
- void validateSession(Serializable sessionId) throws InvalidSessionException;
}
Modified: incubator/shiro/branches/session_manager_API_change/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/test/java/org/apache/shiro/session/mgt/DefaultSessionManagerTest.java Wed May 19 01:47:43 2010
@@ -92,7 +92,7 @@ public class DefaultSessionManagerTest {
};
sm.getSessionListeners().add(listener);
Session session = sm.start(null);
- sm.stop(session.getId());
+ sm.stop(new DefaultSessionKey(session.getId()));
assertTrue(stopped[0]);
}
@@ -109,7 +109,7 @@ public class DefaultSessionManagerTest {
Session session = sm.start(null);
sleep(150);
try {
- sm.checkValid(session.getId());
+ sm.checkValid(new DefaultSessionKey(session.getId()));
fail("check should have thrown an exception.");
} catch (InvalidSessionException expected) {
//do nothing - expected.
@@ -147,7 +147,7 @@ public class DefaultSessionManagerTest {
expect(sessionDAO.readSession(sessionId1)).andReturn(session1).anyTimes();
sessionDAO.update(eq(session1));
replay(sessionDAO);
- sm.setTimeout(sessionId1, 1);
+ sm.setTimeout(new DefaultSessionKey(sessionId1), 1);
verify(sessionDAO);
reset(sessionDAO);
@@ -160,7 +160,7 @@ public class DefaultSessionManagerTest {
//Try to access the same session, but it should throw an UnknownSessionException due to timeout:
try {
- sm.getTimeout(sessionId1);
+ sm.getTimeout(new DefaultSessionKey(sessionId1));
fail("Session with id [" + sessionId1 + "] should have expired due to timeout.");
} catch (ExpiredSessionException expected) {
//expected
Modified: incubator/shiro/branches/session_manager_API_change/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java (original)
+++ incubator/shiro/branches/session_manager_API_change/core/src/test/java/org/apache/shiro/session/mgt/DelegatingSessionTest.java Wed May 19 01:47:43 2010
@@ -41,7 +41,7 @@ public class DelegatingSessionTest {
public void setup() {
ThreadContext.remove();
sm = new DefaultSessionManager();
- this.session = new DelegatingSession(sm, sm.start(null).getId());
+ this.session = new DelegatingSession(sm, new DefaultSessionKey(sm.start(null).getId()));
}
@After
Modified: incubator/shiro/branches/session_manager_API_change/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactory.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactory.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactory.java (original)
+++ incubator/shiro/branches/session_manager_API_change/support/spring/src/main/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactory.java Wed May 19 01:47:43 2010
@@ -21,7 +21,8 @@ package org.apache.shiro.spring.remoting
import org.aopalliance.intercept.MethodInvocation;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.session.Session;
-import org.apache.shiro.session.mgt.SessionContext;
+import org.apache.shiro.session.mgt.NativeSessionManager;
+import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.subject.Subject;
import org.slf4j.Logger;
@@ -78,13 +79,14 @@ public class SecureRemoteInvocationFacto
//If the calling MI is for a remoting SessionManager delegate, we need to acquire the session ID from the method
//argument and NOT interact with SecurityUtils/subject.getSession to avoid a stack overflow
- if (SessionManager.class.equals(mi.getMethod().getDeclaringClass())) {
+ Class miDeclaringClass = mi.getMethod().getDeclaringClass();
+ if (SessionManager.class.equals(miDeclaringClass) || NativeSessionManager.class.equals(miDeclaringClass)) {
sessionManagerMethodInvocation = true;
- //for SessionManager calls, all method calls except the 'start' methods require the session id
+ //for SessionManager calls, all method calls except the 'start' methods require a SessionKey
// as the first argument, so just get it from there:
if (!mi.getMethod().getName().equals("start")) {
- SessionContext context = (SessionContext) mi.getArguments()[0];
- sessionId = context.getSessionId();
+ SessionKey key = (SessionKey) mi.getArguments()[0];
+ sessionId = key.getSessionId();
}
}
Modified: incubator/shiro/branches/session_manager_API_change/support/spring/src/test/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactoryTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/support/spring/src/test/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactoryTest.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/support/spring/src/test/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactoryTest.java (original)
+++ incubator/shiro/branches/session_manager_API_change/support/spring/src/test/java/org/apache/shiro/spring/remoting/SecureRemoteInvocationFactoryTest.java Wed May 19 01:47:43 2010
@@ -19,8 +19,8 @@
package org.apache.shiro.spring.remoting;
import org.aopalliance.intercept.MethodInvocation;
-import org.apache.shiro.session.mgt.DefaultSessionContext;
-import org.apache.shiro.session.mgt.SessionContext;
+import org.apache.shiro.session.mgt.DefaultSessionKey;
+import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.util.ThreadContext;
import org.junit.After;
@@ -93,9 +93,8 @@ public class SecureRemoteInvocationFacto
expect(mi.getMethod()).andReturn(method).anyTimes();
String dummySessionId = UUID.randomUUID().toString();
- SessionContext sessionContext = new DefaultSessionContext();
- sessionContext.setSessionId(dummySessionId);
- Object[] args = {sessionContext};
+ SessionKey sessionKey = new DefaultSessionKey(dummySessionId);
+ Object[] args = {sessionKey};
expect(mi.getArguments()).andReturn(args).anyTimes();
replay(mi);
Modified: incubator/shiro/branches/session_manager_API_change/web/src/main/java/org/apache/shiro/web/DefaultWebSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/branches/session_manager_API_change/web/src/main/java/org/apache/shiro/web/DefaultWebSecurityManager.java?rev=945994&r1=945993&r2=945994&view=diff
==============================================================================
--- incubator/shiro/branches/session_manager_API_change/web/src/main/java/org/apache/shiro/web/DefaultWebSecurityManager.java (original)
+++ incubator/shiro/branches/session_manager_API_change/web/src/main/java/org/apache/shiro/web/DefaultWebSecurityManager.java Wed May 19 01:47:43 2010
@@ -21,6 +21,7 @@ package org.apache.shiro.web;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.mgt.SessionContext;
+import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.subject.SubjectContext;
@@ -31,6 +32,7 @@ import org.apache.shiro.web.servlet.Shir
import org.apache.shiro.web.session.DefaultWebSessionContext;
import org.apache.shiro.web.session.DefaultWebSessionManager;
import org.apache.shiro.web.session.ServletContainerSessionManager;
+import org.apache.shiro.web.session.WebSessionKey;
import org.apache.shiro.web.subject.WebSubject;
import org.apache.shiro.web.subject.WebSubjectContext;
import org.apache.shiro.web.subject.support.DefaultWebSubjectContext;
@@ -39,6 +41,7 @@ import org.slf4j.LoggerFactory;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
+import java.io.Serializable;
import java.util.Collection;
@@ -155,12 +158,26 @@ public class DefaultWebSecurityManager e
if (response != null) {
webSessionContext.setServletResponse(response);
}
+
sessionContext = webSessionContext;
}
return sessionContext;
}
@Override
+ protected SessionKey getSessionKey(SubjectContext context) {
+ if (WebUtils.isWeb(context)) {
+ Serializable sessionId = context.getSessionId();
+ ServletRequest request = WebUtils.getRequest(context);
+ ServletResponse response = WebUtils.getResponse(context);
+ return new WebSessionKey(sessionId, request, response);
+ } else {
+ return super.getSessionKey(context);
+
+ }
+ }
+
+ @Override
protected void beforeLogout(Subject subject) {
super.beforeLogout(subject);
removeRequestIdentity(subject);