org.apache.shiro.session.mgt
Class DefaultSessionManager

java.lang.Object
  extended by org.apache.shiro.session.mgt.AbstractSessionManager
      extended by org.apache.shiro.session.mgt.AbstractNativeSessionManager
          extended by org.apache.shiro.session.mgt.AbstractValidatingSessionManager
              extended by org.apache.shiro.session.mgt.DefaultSessionManager
All Implemented Interfaces:
CacheManagerAware, NativeSessionManager, SessionManager, ValidatingSessionManager, Destroyable
Direct Known Subclasses:
DefaultWebSessionManager

public class DefaultSessionManager
extends AbstractValidatingSessionManager
implements CacheManagerAware

Default business-tier implementation of a ValidatingSessionManager. All session CRUD operations are delegated to an internal SessionDAO.

Since:
0.1

Field Summary
protected  SessionDAO sessionDAO
           
 
Fields inherited from class org.apache.shiro.session.mgt.AbstractValidatingSessionManager
DEFAULT_SESSION_VALIDATION_INTERVAL, sessionValidationInterval, sessionValidationScheduler, sessionValidationSchedulerEnabled
 
Fields inherited from class org.apache.shiro.session.mgt.AbstractSessionManager
DEFAULT_GLOBAL_SESSION_TIMEOUT, MILLIS_PER_HOUR, MILLIS_PER_MINUTE, MILLIS_PER_SECOND
 
Constructor Summary
DefaultSessionManager()
           
 
Method Summary
protected  void afterExpired(Session session)
           
protected  void afterStopped(Session session)
           
protected  void create(Session session)
          Persists the given session instance to an underlying EIS (Enterprise Information System).
protected  void delete(Session session)
           
protected  Session doCreateSession(SessionContext context)
           
protected  Collection<Session> getActiveSessions()
           
 SessionDAO getSessionDAO()
           
 SessionFactory getSessionFactory()
          Returns the SessionFactory used to generate new Session instances.
protected  Serializable getSessionId(SessionKey sessionKey)
           
 boolean isDeleteInvalidSessions()
          Returns true if sessions should be automatically deleted after they are discovered to be invalid, false if invalid sessions will be manually deleted by some process external to Shiro's control.
protected  Session newSessionInstance(SessionContext context)
           
protected  void onChange(Session session)
           
protected  void onExpiration(Session session)
           
protected  void onStop(Session session)
           
protected  Session retrieveSession(SessionKey sessionKey)
          Looks up a session from the underlying data store based on the specified session key.
protected  Session retrieveSessionFromDataSource(Serializable sessionId)
           
 void setCacheManager(CacheManager cacheManager)
          Sets the available CacheManager instance on this component.
 void setDeleteInvalidSessions(boolean deleteInvalidSessions)
          Sets whether or not sessions should be automatically deleted after they are discovered to be invalid.
 void setSessionDAO(SessionDAO sessionDAO)
           
 void setSessionFactory(SessionFactory sessionFactory)
          Sets the SessionFactory used to generate new Session instances.
 
Methods inherited from class org.apache.shiro.session.mgt.AbstractValidatingSessionManager
afterSessionValidationEnabled, beforeSessionValidationDisabled, createSession, createSessionValidationScheduler, destroy, disableSessionValidation, doGetSession, doValidate, enableSessionValidation, getSessionValidationInterval, getSessionValidationScheduler, getTimeout, isSessionValidationSchedulerEnabled, onExpiration, onInvalidation, setSessionValidationInterval, setSessionValidationScheduler, setSessionValidationSchedulerEnabled, validate, validateSessions
 
Methods inherited from class org.apache.shiro.session.mgt.AbstractNativeSessionManager
applyGlobalSessionTimeout, beforeInvalidNotification, checkValid, createExposedSession, createExposedSession, getAttribute, getAttributeKeys, getHost, getLastAccessTime, getSession, getSessionListeners, getStartTimestamp, getTimeout, isValid, notifyExpiration, notifyStart, notifyStop, onStart, onStop, removeAttribute, setAttribute, setSessionListeners, setTimeout, start, stop, touch
 
Methods inherited from class org.apache.shiro.session.mgt.AbstractSessionManager
getGlobalSessionTimeout, setGlobalSessionTimeout
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.shiro.session.mgt.SessionManager
getSession, start
 

Field Detail

sessionDAO

protected SessionDAO sessionDAO
Constructor Detail

DefaultSessionManager

public DefaultSessionManager()
Method Detail

setSessionDAO

public void setSessionDAO(SessionDAO sessionDAO)

getSessionDAO

public SessionDAO getSessionDAO()

getSessionFactory

public SessionFactory getSessionFactory()
Returns the SessionFactory used to generate new Session instances. The default instance is a SimpleSessionFactory.

Returns:
the SessionFactory used to generate new Session instances.
Since:
1.0

setSessionFactory

public void setSessionFactory(SessionFactory sessionFactory)
Sets the SessionFactory used to generate new Session instances. The default instance is a SimpleSessionFactory.

Parameters:
sessionFactory - the SessionFactory used to generate new Session instances.
Since:
1.0

isDeleteInvalidSessions

public boolean isDeleteInvalidSessions()
Returns true if sessions should be automatically deleted after they are discovered to be invalid, false if invalid sessions will be manually deleted by some process external to Shiro's control. The default is true to ensure no orphans exist in the underlying data store.

Usage

It is ok to set this to false ONLY if you have some other process that you manage yourself that periodically deletes invalid sessions from the backing data store over time, such as via a Quartz or Cron job. If you do not do this, the invalid sessions will become 'orphans' and fill up the data store over time.

This property is provided because some systems need the ability to perform querying/reporting against sessions in the data store, even after they have stopped or expired. Setting this attribute to false will allow such querying, but with the caveat that the application developer/configurer deletes the sessions themselves by some other means (cron, quartz, etc).

Returns:
true if sessions should be automatically deleted after they are discovered to be invalid, false if invalid sessions will be manually deleted by some process external to Shiro's control.
Since:
1.0

setDeleteInvalidSessions

public void setDeleteInvalidSessions(boolean deleteInvalidSessions)
Sets whether or not sessions should be automatically deleted after they are discovered to be invalid. Default value is true to ensure no orphans will exist in the underlying data store.

WARNING

Only set this value to false if you are manually going to delete sessions yourself by some process (quartz, cron, etc) external to Shiro's control. See the isDeleteInvalidSessions() JavaDoc for more.

Parameters:
deleteInvalidSessions - whether or not sessions should be automatically deleted after they are discovered to be invalid.
Since:
1.0

setCacheManager

public void setCacheManager(CacheManager cacheManager)
Description copied from interface: CacheManagerAware
Sets the available CacheManager instance on this component.

Specified by:
setCacheManager in interface CacheManagerAware
Parameters:
cacheManager - the CacheManager instance to set on this component.

doCreateSession

protected Session doCreateSession(SessionContext context)
Specified by:
doCreateSession in class AbstractValidatingSessionManager

newSessionInstance

protected Session newSessionInstance(SessionContext context)

create

protected void create(Session session)
Persists the given session instance to an underlying EIS (Enterprise Information System). This implementation delegates and calls this.sessionDAO.create(session);

Parameters:
session - the Session instance to persist to the underlying EIS.

onStop

protected void onStop(Session session)
Overrides:
onStop in class AbstractNativeSessionManager

afterStopped

protected void afterStopped(Session session)
Overrides:
afterStopped in class AbstractNativeSessionManager

onExpiration

protected void onExpiration(Session session)
Overrides:
onExpiration in class AbstractValidatingSessionManager

afterExpired

protected void afterExpired(Session session)
Overrides:
afterExpired in class AbstractValidatingSessionManager

onChange

protected void onChange(Session session)
Overrides:
onChange in class AbstractNativeSessionManager

retrieveSession

protected Session retrieveSession(SessionKey sessionKey)
                           throws UnknownSessionException
Description copied from class: AbstractValidatingSessionManager
Looks up a session from the underlying data store based on the specified session key.

Specified by:
retrieveSession in class AbstractValidatingSessionManager
Parameters:
sessionKey - the session key to use to look up the target session.
Returns:
the session identified by sessionId.
Throws:
UnknownSessionException - if there is no session identified by sessionId.

getSessionId

protected Serializable getSessionId(SessionKey sessionKey)

retrieveSessionFromDataSource

protected Session retrieveSessionFromDataSource(Serializable sessionId)
                                         throws UnknownSessionException
Throws:
UnknownSessionException

delete

protected void delete(Session session)

getActiveSessions

protected Collection<Session> getActiveSessions()
Specified by:
getActiveSessions in class AbstractValidatingSessionManager


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.