1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19 package org.apache.shiro.session.mgt;
20
21 import org.apache.shiro.session.Session;
22
23 /**
24 * Base abstract class of the {@link SessionManager SessionManager} interface, enabling configuration of an
25 * application-wide {@link #getGlobalSessionTimeout() globalSessionTimeout}. Default global session timeout is
26 * {@code 30} minutes.
27 *
28 * @since 0.1
29 */
30 //TODO - deprecate this class (see SHIRO-240):
31 //This is only here to make available a common attribute 'globalSessionTimeout' to subclasses, particularly to make it
32 //available to both AbstractNativeSessionManager and ServletContainerSessionManager subclass trees. However, the
33 //ServletContainerSessionManager implementation does not use this value
34 //(see https://issues.apache.org/jira/browse/SHIRO-240 for why). That means that only the Native session managers
35 //need a globalSessionTimeout property, making this class unnecessary.
36 public abstract class AbstractSessionManager implements SessionManager {
37
38 protected static final long MILLIS_PER_SECOND = 1000;
39 protected static final long MILLIS_PER_MINUTE = 60 * MILLIS_PER_SECOND;
40 protected static final long MILLIS_PER_HOUR = 60 * MILLIS_PER_MINUTE;
41
42 /**
43 * Default main session timeout value, equal to {@code 30} minutes.
44 */
45 public static final long DEFAULT_GLOBAL_SESSION_TIMEOUT = 30 * MILLIS_PER_MINUTE;
46
47 private long globalSessionTimeout = DEFAULT_GLOBAL_SESSION_TIMEOUT;
48
49 public AbstractSessionManager() {
50 }
51
52 /**
53 * Returns the system-wide default time in milliseconds that any session may remain idle before expiring. This
54 * value is the main default for all sessions and may be overridden on a <em>per-session</em> basis by calling
55 * {@code Subject.getSession().}{@link Session#setTimeout setTimeout(long)} if so desired.
56 * <ul>
57 * <li>A negative return value means sessions never expire.</li>
58 * <li>A non-negative return value (0 or greater) means session timeout will occur as expected.</li>
59 * </ul>
60 * <p/>
61 * Unless overridden via the {@link #setGlobalSessionTimeout} method, the default value is
62 * {@link #DEFAULT_GLOBAL_SESSION_TIMEOUT}.
63 *
64 * @return the time in milliseconds that any session may remain idle before expiring.
65 */
66 public long getGlobalSessionTimeout() {
67 return this.globalSessionTimeout;
68 }
69
70 /**
71 * Sets the system-wide default time in milliseconds that any session may remain idle before expiring. This
72 * value is the main default for all sessions and may be overridden on a <em>per-session</em> basis by calling
73 * {@code Subject.getSession().}{@link Session#setTimeout setTimeout(long)} if so desired.
74 * <p/>
75 * <ul>
76 * <li>A negative return value means sessions never expire.</li>
77 * <li>A non-negative return value (0 or greater) means session timeout will occur as expected.</li>
78 * </ul>
79 * <p/>
80 * Unless overridden by calling this method, the default value is {@link #DEFAULT_GLOBAL_SESSION_TIMEOUT}.
81 *
82 * @param globalSessionTimeout the time in milliseconds that any session may remain idle before expiring.
83 */
84 public void setGlobalSessionTimeout(long globalSessionTimeout) {
85 this.globalSessionTimeout = globalSessionTimeout;
86 }
87 }