org.apache.shiro.mgt
Class SessionsSecurityManager

java.lang.Object
  extended by org.apache.shiro.mgt.CachingSecurityManager
      extended by org.apache.shiro.mgt.RealmSecurityManager
          extended by org.apache.shiro.mgt.AuthenticatingSecurityManager
              extended by org.apache.shiro.mgt.AuthorizingSecurityManager
                  extended by org.apache.shiro.mgt.SessionsSecurityManager
All Implemented Interfaces:
Authenticator, Authorizer, CacheManagerAware, SecurityManager, SessionManager, Destroyable
Direct Known Subclasses:
DefaultSecurityManager

public abstract class SessionsSecurityManager
extends AuthorizingSecurityManager

Shiro support of a SecurityManager class hierarchy that delegates all session operations to a wrapped SessionManager instance. That is, this class implements the methods in the SessionManager interface, but in reality, those methods are merely passthrough calls to the underlying 'real' SessionManager instance.

The remaining SecurityManager methods not implemented by this class or its parents are left to be implemented by subclasses.

In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever possible, suitable default instances for all dependencies will be created upon instantiation.

Since:
0.9

Constructor Summary
SessionsSecurityManager()
          Default no-arg constructor, internally creates a suitable default SessionManager delegate instance.
 
Method Summary
protected  void afterCacheManagerSet()
          Calls super.afterCacheManagerSet() and then immediately calls applyCacheManagerToSessionManager() to ensure the CacheManager is applied to the SessionManager as necessary.
protected  void afterSessionManagerSet()
           
protected  void applyCacheManagerToSessionManager()
          Ensures the internal delegate SessionManager is injected with the newly set CacheManager so it may use it for its internal caching needs.
 void destroy()
          Destroys the cacheManager via LifecycleUtils.destroy.
 Session getSession(SessionKey key)
          Retrieves the session corresponding to the specified contextual data (such as a session ID if applicable), or null if no Session could be found.
 SessionManager getSessionManager()
          Returns this security manager's internal delegate SessionManager.
 void setSessionManager(SessionManager sessionManager)
          Sets the underlying delegate SessionManager instance that will be used to support this implementation's SessionManager method calls.
 Session start(SessionContext context)
          Starts a new session based on the specified contextual initialization data, which can be used by the underlying implementation to determine how exactly to create the internal Session instance.
 
Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer
 
Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager
authenticate, getAuthenticator, setAuthenticator
 
Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager
applyCacheManagerToRealms, getRealms, setRealm, setRealms
 
Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager
getCacheManager, setCacheManager
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.shiro.mgt.SecurityManager
createSubject, login, logout
 

Constructor Detail

SessionsSecurityManager

public SessionsSecurityManager()
Default no-arg constructor, internally creates a suitable default SessionManager delegate instance.

Method Detail

setSessionManager

public void setSessionManager(SessionManager sessionManager)
Sets the underlying delegate SessionManager instance that will be used to support this implementation's SessionManager method calls.

This SecurityManager implementation does not provide logic to support the inherited SessionManager interface, but instead delegates these calls to an internal SessionManager instance.

If a SessionManager instance is not set, a default one will be automatically created and initialized appropriately for the the existing runtime environment.

Parameters:
sessionManager - delegate instance to use to support this manager's SessionManager method calls.

afterSessionManagerSet

protected void afterSessionManagerSet()

getSessionManager

public SessionManager getSessionManager()
Returns this security manager's internal delegate SessionManager.

Returns:
this security manager's internal delegate SessionManager.
See Also:
setSessionManager

afterCacheManagerSet

protected void afterCacheManagerSet()
Calls super.afterCacheManagerSet() and then immediately calls applyCacheManagerToSessionManager() to ensure the CacheManager is applied to the SessionManager as necessary.

Overrides:
afterCacheManagerSet in class RealmSecurityManager

applyCacheManagerToSessionManager

protected void applyCacheManagerToSessionManager()
Ensures the internal delegate SessionManager is injected with the newly set CacheManager so it may use it for its internal caching needs.

Note: This implementation only injects the CacheManager into the SessionManager if the SessionManager instance implements the CacheManagerAware interface.


start

public Session start(SessionContext context)
              throws AuthorizationException
Description copied from interface: SessionManager
Starts a new session based on the specified contextual initialization data, which can be used by the underlying implementation to determine how exactly to create the internal Session instance.

This method is mainly used in framework development, as the implementation will often relay the argument to an underlying SessionFactory which could use the context to construct the internal Session instance in a specific manner. This allows pluggable Session creation logic by simply injecting a SessionFactory into the SessionManager instance.

Parameters:
context - the contextual initialization data that can be used by the implementation or underlying SessionFactory when instantiating the internal Session instance.
Returns:
the newly created session.
Throws:
AuthorizationException
See Also:
SessionFactory.createSession(SessionContext)

getSession

public Session getSession(SessionKey key)
                   throws SessionException
Description copied from interface: SessionManager
Retrieves the session corresponding to the specified contextual data (such as a session ID if applicable), or null if no Session could be found. If a session is found but invalid (stopped or expired), a SessionException will be thrown.

Parameters:
key - the Session key to use to look-up the Session
Returns:
the Session instance corresponding to the given lookup key or null if no session could be acquired.
Throws:
SessionException - if a session was found but it was invalid (stopped/expired).

destroy

public void destroy()
Description copied from class: CachingSecurityManager
Destroys the cacheManager via LifecycleUtils.destroy.

Specified by:
destroy in interface Destroyable
Overrides:
destroy in class AuthorizingSecurityManager


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.