View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.mgt;
20  
21  import org.apache.shiro.authz.AuthorizationException;
22  import org.apache.shiro.cache.CacheManagerAware;
23  import org.apache.shiro.session.Session;
24  import org.apache.shiro.session.SessionException;
25  import org.apache.shiro.session.mgt.DefaultSessionManager;
26  import org.apache.shiro.session.mgt.SessionContext;
27  import org.apache.shiro.session.mgt.SessionKey;
28  import org.apache.shiro.session.mgt.SessionManager;
29  import org.apache.shiro.util.LifecycleUtils;
30  
31  
32  /**
33   * Shiro support of a {@link SecurityManager} class hierarchy that delegates all
34   * {@link org.apache.shiro.session.Session session} operations to a wrapped
35   * {@link org.apache.shiro.session.mgt.SessionManager SessionManager} instance.  That is, this class implements the
36   * methods in the {@link SessionManager SessionManager} interface, but in reality, those methods are merely
37   * passthrough calls to the underlying 'real' {@code SessionManager} instance.
38   * <p/>
39   * The remaining {@code SecurityManager} methods not implemented by this class or its parents are left to be
40   * implemented by subclasses.
41   * <p/>
42   * In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever
43   * possible, suitable default instances for all dependencies will be created upon instantiation.
44   *
45   * @since 0.9
46   */
47  public abstract class SessionsSecurityManager extends AuthorizingSecurityManager {
48  
49      /**
50       * The internal delegate <code>SessionManager</code> used by this security manager that manages all the
51       * application's {@link Session Session}s.
52       */
53      private SessionManager sessionManager;
54  
55      /**
56       * Default no-arg constructor, internally creates a suitable default {@link SessionManager SessionManager} delegate
57       * instance.
58       */
59      public SessionsSecurityManager() {
60          super();
61          this.sessionManager = new DefaultSessionManager();
62          applyCacheManagerToSessionManager();
63      }
64  
65      /**
66       * Sets the underlying delegate {@link SessionManager} instance that will be used to support this implementation's
67       * <tt>SessionManager</tt> method calls.
68       * <p/>
69       * This <tt>SecurityManager</tt> implementation does not provide logic to support the inherited
70       * <tt>SessionManager</tt> interface, but instead delegates these calls to an internal
71       * <tt>SessionManager</tt> instance.
72       * <p/>
73       * If a <tt>SessionManager</tt> instance is not set, a default one will be automatically created and
74       * initialized appropriately for the the existing runtime environment.
75       *
76       * @param sessionManager delegate instance to use to support this manager's <tt>SessionManager</tt> method calls.
77       */
78      public void setSessionManager(SessionManager sessionManager) {
79          this.sessionManager = sessionManager;
80          afterSessionManagerSet();
81      }
82  
83      protected void afterSessionManagerSet() {
84          applyCacheManagerToSessionManager();
85      }
86  
87      /**
88       * Returns this security manager's internal delegate {@link SessionManager SessionManager}.
89       *
90       * @return this security manager's internal delegate {@link SessionManager SessionManager}.
91       * @see #setSessionManager(org.apache.shiro.session.mgt.SessionManager) setSessionManager
92       */
93      public SessionManager getSessionManager() {
94          return this.sessionManager;
95      }
96  
97      /**
98       * Calls {@link org.apache.shiro.mgt.AuthorizingSecurityManager#afterCacheManagerSet() super.afterCacheManagerSet()} and then immediately calls
99       * {@link #applyCacheManagerToSessionManager() applyCacheManagerToSessionManager()} to ensure the
100      * <code>CacheManager</code> is applied to the SessionManager as necessary.
101      */
102     protected void afterCacheManagerSet() {
103         super.afterCacheManagerSet();
104         applyCacheManagerToSessionManager();
105     }
106 
107     /**
108      * Ensures the internal delegate <code>SessionManager</code> is injected with the newly set
109      * {@link #setCacheManager CacheManager} so it may use it for its internal caching needs.
110      * <p/>
111      * Note:  This implementation only injects the CacheManager into the SessionManager if the SessionManager
112      * instance implements the {@link CacheManagerAware CacheManagerAware} interface.
113      */
114     protected void applyCacheManagerToSessionManager() {
115         if (this.sessionManager instanceof CacheManagerAware) {
116             ((CacheManagerAware) this.sessionManager).setCacheManager(getCacheManager());
117         }
118     }
119 
120     public Session start(SessionContext context) throws AuthorizationException {
121         return this.sessionManager.start(context);
122     }
123 
124     public Session getSession(SessionKey key) throws SessionException {
125         return this.sessionManager.getSession(key);
126     }
127 
128     public void destroy() {
129         LifecycleUtils.destroy(getSessionManager());
130         this.sessionManager = null;
131         super.destroy();
132     }
133 }