src/org/jsecurity/mgt/SessionsSecurityManager.java - jsecurity - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.jsecurity.mgt;

 import org.jsecurity.authz.AuthorizationException;
 import org.jsecurity.authz.HostUnauthorizedException;
 import org.jsecurity.cache.CacheManager;
 import org.jsecurity.cache.CacheManagerAware;
 import org.jsecurity.session.InvalidSessionException;
 import org.jsecurity.session.Session;
 import org.jsecurity.session.SessionListener;
 import org.jsecurity.session.SessionListenerRegistrar;
 import org.jsecurity.session.mgt.DefaultSessionManager;
 import org.jsecurity.session.mgt.DelegatingSession;
 import org.jsecurity.session.mgt.SessionManager;
 import org.jsecurity.util.LifecycleUtils;

 import java.io.Serializable;
 import java.net.InetAddress;
 import java.util.Collection;

 /**
  * JSecurity support of a {@link SecurityManager} class hierarchy that delegates all
  * {@link org.jsecurity.session.Session session} operations to a wrapped {@link SessionManager SessionManager}
  * instance.  That is, this class implements the methods in the
  * {@link SessionManager SessionManager} interface, but in reality, those methods are merely passthrough calls to
  * the underlying 'real' <tt>SessionManager</tt> instance.
  *
  * <p>The remaining <tt>SecurityManager</tt> methods not implemented by this class or its parents are left to be
  * implemented by subclasses.
  *
  * <p>In keeping with the other classes in this hierarchy and JSecurity's desire to minimize configuration whenever
  * possible, suitable default instances for all dependencies will be created upon instantiation.
  *
  * @author Les Hazlewood
  * @since 0.9
  */
 public abstract class SessionsSecurityManager extends AuthorizingSecurityManager implements SessionListenerRegistrar {

     /**
      * The internal delegate <code>SessionManager</code> used by this security manager that manages all the
      * application's {@link Session Session}s.
      */
     protected SessionManager sessionManager;

     /**
      * Default no-arg constructor, internally creates a suitable default {@link SessionManager SessionManager} delegate
      * instance via the {@link #ensureSessionManager() ensureSessionManager()} method.
      */
     public SessionsSecurityManager() {
         ensureSessionManager();
     }

     /**
      * Sets the underlying delegate {@link SessionManager} instance that will be used to support this implementation's
      * <tt>SessionManager</tt> method calls.
      *
      * <p>This <tt>SecurityManager</tt> implementation does not provide logic to support the inherited
      * <tt>SessionManager</tt> interface, but instead delegates these calls to an internal
      * <tt>SessionManager</tt> instance.
      *
      * <p>If a <tt>SessionManager</tt> instance is not set, a default one will be automatically created and
      * initialized appropriately for the the existing runtime environment.
      *
      * @param sessionManager delegate instance to use to support this manager's <tt>SessionManager</tt> method calls.
      */
     public void setSessionManager(SessionManager sessionManager) {
         this.sessionManager = sessionManager;
     }

     /**
      * Returns this security manager's internal delegate {@link SessionManager SessionManager}.
      * @return this security manager's internal delegate {@link SessionManager SessionManager}.
      * @see #setSessionManager(org.jsecurity.session.mgt.SessionManager) setSessionManager
      */
     public SessionManager getSessionManager() {
         return this.sessionManager;
     }

     /**
      * Ensures that the internal delegate <code>SessionManager</code> exists, and if not, calls
      * {@link #createSessionManager createSessionManager} and sets the resulting instance via the
      * {@link #setSessionManager(org.jsecurity.session.mgt.SessionManager) setSessionManager} method.
      */
     protected void ensureSessionManager() {
         SessionManager sessionManager = getSessionManager();
         if (sessionManager == null) {
             sessionManager = createSessionManager();
             setSessionManager(sessionManager);
         }
     }

     /**
      * Constructs a new <code>SessionManager</code> instance to be used as the internal delegate for this security
      * manager.  After creation via the {@link #newSessionManagerInstance() newSessionManagerInstance()} call, the
      * internal {@link #getCacheManager CacheManager} is set on it if the session manager instance implements the
      * {@link CacheManagerAware CacheManagerAware} interface to allow it to utilize the cache manager for its own
      * internal caching needs.
      *
      * @return a new initialized {@link SessionManager SessionManager} to use as this security manager's internal
      * delegate.
      */
     protected SessionManager createSessionManager() {
         SessionManager sm = newSessionManagerInstance();
         CacheManager cm = getCacheManager();
         if (cm != null) {
             if (sm instanceof CacheManagerAware) {
                 ((CacheManagerAware) sm).setCacheManager(cm);
             }
         }
         return sm;
     }

     /**
      * Merely instantiates (but does not initalize) the default <code>SessionManager</code> implementation.  This method
      * merely returns <code>new {@link DefaultSessionManager DefaultSessionManager}()</code>.
      * @return a new, uninitialized {@link SessionManager SessionManager} instance.
      */
     protected SessionManager newSessionManagerInstance() {
         return new DefaultSessionManager();
     }

     /**
      * Calls {@link super#afterCacheManagerSet() super.afterCacheManagerSet()} and then immediately calls
      * {@link #applyCacheManagerToSessionManager() applyCacheManagerToSessionManager()} to ensure the
      * <code>CacheManager</code> is applied to the SessionManager as necessary.
      */
     protected void afterCacheManagerSet() {
         super.afterCacheManagerSet();
         applyCacheManagerToSessionManager();
     }

     /**
      * Ensures the internal delegate <code>SessionManager</code> is injected with the newly set
      * {@link #setCacheManager CacheManager} so it may use it for its internal caching needs.
      * <p/>
      * Note:  This implementation only injects the CacheManager into the SessionManager if the SessionManager
      * instance implements the {@link CacheManagerAware CacheManagerAware} interface.
      */
     protected void applyCacheManagerToSessionManager() {
         SessionManager sm = getSessionManager();
         if (sm instanceof CacheManagerAware) {
             ((CacheManagerAware) sm).setCacheManager(cacheManager);
         }
     }

     /**
      * This is a convenience method that allows registration of SessionListeners with the underlying delegate
      * SessionManager at startup.
      *
      * <p>This is more convenient than having to configure your own SessionManager instance, inject the listeners on
      * it, and then set that SessionManager instance as an attribute of this class.  Instead, you can just rely
      * on the <tt>SecurityManager</tt> to apply these <tt>SessionListener</tt>s on your behalf.
      *
      * <p>One notice however: The underlying SessionManager delegate must implement the
      * {@link SessionListenerRegistrar SessionListenerRegistrar} interface in order for these listeners to
      * be applied.  If it does not implement this interface, it is considered a configuration error and an exception
      * will be thrown.
      *
      * @param sessionListeners the <tt>SessionListener</tt>s to register with the underlying delegate
      *                         <tt>SessionManager</tt> at startup.
      */
     public void setSessionListeners(Collection<SessionListener> sessionListeners) {
         assertSessionListenerSupport();
         ((SessionListenerRegistrar) this.sessionManager).setSessionListeners(sessionListeners);
     }

     /**
      * Ensures the internal SessionManager instance is an <code>instanceof</code>
      * {@link org.jsecurity.session.SessionListenerRegistrar SessionListenerRegistrar} to ensure that any
      * listeners attempting to be registered can actually do so with the internal delegate instance.
      * @throws IllegalStateException if the internal delegate SessionManager instance does not implement the
      * <code>SessionListenerRegistrar</code> interface.
      */
     private void assertSessionListenerSupport() throws IllegalStateException {
         if (!(this.sessionManager instanceof SessionListenerRegistrar)) {
             String msg = "SessionListener registration failed:  The underlying SessionManager instance of " +
                     "type [" + sessionManager.getClass().getName() + "] does not implement the " +
                     SessionListenerRegistrar.class.getName() + " interface and therefore cannot support " +
                     "session notifications.";
             throw new IllegalStateException(msg);
         }
     }

     /**
      * Asserts the internal delegate <code>SessionManager</code> instance
      * {@link #assertSessionListenerSupport() supports session listener registration} and then
      * {@link SessionListenerRegistrar#add adds} the listener to the
      * delegate instance.
      * @param listener the <code>SessionListener</code> to register for session events.
      */
     public void add(SessionListener listener) {
         assertSessionListenerSupport();
         SessionManager sm = getSessionManager();
         ((SessionListenerRegistrar) sm).add(listener);
     }

     /**
      * Removes the specified listener from receiving session events from the internal delegate
      * {@link SessionManager} instance.
      *
      * @param listener the listener to remove that no longer wishes to be notified of session events.
      * @return <code>true</code> if the listener was removed from the internal delegate <code>SessionManager</code>
      * instance, <code>false</code> otherwise.
      */
     public boolean remove(SessionListener listener) {
         SessionManager sm = getSessionManager();
         return (sm instanceof SessionListenerRegistrar) &&
                 ((SessionListenerRegistrar) sm).remove(listener);
     }

     /**
      * Template hook for subclasses that wish to perform clean up behavior during shutdown.
      */
     protected void beforeSessionManagerDestroyed() {
     }

     /**
      * Cleans up ('destroys') the internal delegate <code>SessionManager</code> by calling
      * {@link LifecycleUtils#destroy LifecycleUtils.destroy(getSessionManager())}.
      */
     protected void destroySessionManager() {
         LifecycleUtils.destroy(getSessionManager());
     }

     /**
      * Calls {@link #beforeSessionManagerDestroyed() beforeSessionManagerDestroyed()} to allow subclass clean up and
      * then immediatley calls {@link #destroySessionManager() destroySessionManager()} to clean up the internal
      * delegate instance.
      */
     protected void beforeAuthorizerDestroyed() {
         beforeSessionManagerDestroyed();
         destroySessionManager();
     }

     public Session start(InetAddress hostAddress) throws HostUnauthorizedException, IllegalArgumentException {
         SessionManager sm = getSessionManager();
         Serializable sessionId = sm.start(hostAddress);
         return new DelegatingSession(sm, sessionId);
     }

     public Session getSession(Serializable sessionId) throws InvalidSessionException, AuthorizationException {
         SessionManager sm = getSessionManager();
         if (!sm.isValid(sessionId)) {
             String msg = "Specified id [" + sessionId + "] does not correspond to a valid Session  It either " +
                     "does not exist or the corresponding session has been stopped or expired.";
             throw new InvalidSessionException(msg, sessionId);
         }
         return new DelegatingSession(sm, sessionId);
     }

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.jsecurity.mgt;

	import org.jsecurity.authz.AuthorizationException;
	import org.jsecurity.authz.HostUnauthorizedException;
	import org.jsecurity.cache.CacheManager;
	import org.jsecurity.cache.CacheManagerAware;
	import org.jsecurity.session.InvalidSessionException;
	import org.jsecurity.session.Session;
	import org.jsecurity.session.SessionListener;
	import org.jsecurity.session.SessionListenerRegistrar;
	import org.jsecurity.session.mgt.DefaultSessionManager;
	import org.jsecurity.session.mgt.DelegatingSession;
	import org.jsecurity.session.mgt.SessionManager;
	import org.jsecurity.util.LifecycleUtils;

	import java.io.Serializable;
	import java.net.InetAddress;
	import java.util.Collection;

	/**
	* JSecurity support of a {@link SecurityManager} class hierarchy that delegates all
	* {@link org.jsecurity.session.Session session} operations to a wrapped {@link SessionManager SessionManager}
	* instance. That is, this class implements the methods in the
	* {@link SessionManager SessionManager} interface, but in reality, those methods are merely passthrough calls to
	* the underlying 'real' <tt>SessionManager</tt> instance.
	*
	* <p>The remaining <tt>SecurityManager</tt> methods not implemented by this class or its parents are left to be
	* implemented by subclasses.
	*
	* <p>In keeping with the other classes in this hierarchy and JSecurity's desire to minimize configuration whenever
	* possible, suitable default instances for all dependencies will be created upon instantiation.
	*
	* @author Les Hazlewood
	* @since 0.9
	*/
	public abstract class SessionsSecurityManager extends AuthorizingSecurityManager implements SessionListenerRegistrar {

	/**
	* The internal delegate <code>SessionManager</code> used by this security manager that manages all the
	* application's {@link Session Session}s.
	*/
	protected SessionManager sessionManager;

	/**
	* Default no-arg constructor, internally creates a suitable default {@link SessionManager SessionManager} delegate
	* instance via the {@link #ensureSessionManager() ensureSessionManager()} method.
	*/
	public SessionsSecurityManager() {
	ensureSessionManager();
	}

	/**
	* Sets the underlying delegate {@link SessionManager} instance that will be used to support this implementation's
	* <tt>SessionManager</tt> method calls.
	*
	* <p>This <tt>SecurityManager</tt> implementation does not provide logic to support the inherited
	* <tt>SessionManager</tt> interface, but instead delegates these calls to an internal
	* <tt>SessionManager</tt> instance.
	*
	* <p>If a <tt>SessionManager</tt> instance is not set, a default one will be automatically created and
	* initialized appropriately for the the existing runtime environment.
	*
	* @param sessionManager delegate instance to use to support this manager's <tt>SessionManager</tt> method calls.
	*/
	public void setSessionManager(SessionManager sessionManager) {
	this.sessionManager = sessionManager;
	}

	/**
	* Returns this security manager's internal delegate {@link SessionManager SessionManager}.
	* @return this security manager's internal delegate {@link SessionManager SessionManager}.
	* @see #setSessionManager(org.jsecurity.session.mgt.SessionManager) setSessionManager
	*/
	public SessionManager getSessionManager() {
	return this.sessionManager;
	}

	/**
	* Ensures that the internal delegate <code>SessionManager</code> exists, and if not, calls
	* {@link #createSessionManager createSessionManager} and sets the resulting instance via the
	* {@link #setSessionManager(org.jsecurity.session.mgt.SessionManager) setSessionManager} method.
	*/
	protected void ensureSessionManager() {
	SessionManager sessionManager = getSessionManager();
	if (sessionManager == null) {
	sessionManager = createSessionManager();
	setSessionManager(sessionManager);
	}
	}

	/**
	* Constructs a new <code>SessionManager</code> instance to be used as the internal delegate for this security
	* manager. After creation via the {@link #newSessionManagerInstance() newSessionManagerInstance()} call, the
	* internal {@link #getCacheManager CacheManager} is set on it if the session manager instance implements the
	* {@link CacheManagerAware CacheManagerAware} interface to allow it to utilize the cache manager for its own
	* internal caching needs.
	*
	* @return a new initialized {@link SessionManager SessionManager} to use as this security manager's internal
	* delegate.
	*/
	protected SessionManager createSessionManager() {
	SessionManager sm = newSessionManagerInstance();
	CacheManager cm = getCacheManager();
	if (cm != null) {
	if (sm instanceof CacheManagerAware) {
	((CacheManagerAware) sm).setCacheManager(cm);
	}
	}
	return sm;
	}

	/**
	* Merely instantiates (but does not initalize) the default <code>SessionManager</code> implementation. This method
	* merely returns <code>new {@link DefaultSessionManager DefaultSessionManager}()</code>.
	* @return a new, uninitialized {@link SessionManager SessionManager} instance.
	*/
	protected SessionManager newSessionManagerInstance() {
	return new DefaultSessionManager();
	}

	/**
	* Calls {@link super#afterCacheManagerSet() super.afterCacheManagerSet()} and then immediately calls
	* {@link #applyCacheManagerToSessionManager() applyCacheManagerToSessionManager()} to ensure the
	* <code>CacheManager</code> is applied to the SessionManager as necessary.
	*/
	protected void afterCacheManagerSet() {
	super.afterCacheManagerSet();
	applyCacheManagerToSessionManager();
	}

	/**
	* Ensures the internal delegate <code>SessionManager</code> is injected with the newly set
	* {@link #setCacheManager CacheManager} so it may use it for its internal caching needs.
	* <p/>
	* Note: This implementation only injects the CacheManager into the SessionManager if the SessionManager
	* instance implements the {@link CacheManagerAware CacheManagerAware} interface.
	*/
	protected void applyCacheManagerToSessionManager() {
	SessionManager sm = getSessionManager();
	if (sm instanceof CacheManagerAware) {
	((CacheManagerAware) sm).setCacheManager(cacheManager);
	}
	}

	/**
	* This is a convenience method that allows registration of SessionListeners with the underlying delegate
	* SessionManager at startup.
	*
	* <p>This is more convenient than having to configure your own SessionManager instance, inject the listeners on
	* it, and then set that SessionManager instance as an attribute of this class. Instead, you can just rely
	* on the <tt>SecurityManager</tt> to apply these <tt>SessionListener</tt>s on your behalf.
	*
	* <p>One notice however: The underlying SessionManager delegate must implement the
	* {@link SessionListenerRegistrar SessionListenerRegistrar} interface in order for these listeners to
	* be applied. If it does not implement this interface, it is considered a configuration error and an exception
	* will be thrown.
	*
	* @param sessionListeners the <tt>SessionListener</tt>s to register with the underlying delegate
	* <tt>SessionManager</tt> at startup.
	*/
	public void setSessionListeners(Collection<SessionListener> sessionListeners) {
	assertSessionListenerSupport();
	((SessionListenerRegistrar) this.sessionManager).setSessionListeners(sessionListeners);
	}

	/**
	* Ensures the internal SessionManager instance is an <code>instanceof</code>
	* {@link org.jsecurity.session.SessionListenerRegistrar SessionListenerRegistrar} to ensure that any
	* listeners attempting to be registered can actually do so with the internal delegate instance.
	* @throws IllegalStateException if the internal delegate SessionManager instance does not implement the
	* <code>SessionListenerRegistrar</code> interface.
	*/
	private void assertSessionListenerSupport() throws IllegalStateException {
	if (!(this.sessionManager instanceof SessionListenerRegistrar)) {
	String msg = "SessionListener registration failed: The underlying SessionManager instance of " +
	"type [" + sessionManager.getClass().getName() + "] does not implement the " +
	SessionListenerRegistrar.class.getName() + " interface and therefore cannot support " +
	"session notifications.";
	throw new IllegalStateException(msg);
	}
	}

	/**
	* Asserts the internal delegate <code>SessionManager</code> instance
	* {@link #assertSessionListenerSupport() supports session listener registration} and then
	* {@link SessionListenerRegistrar#add adds} the listener to the
	* delegate instance.
	* @param listener the <code>SessionListener</code> to register for session events.
	*/
	public void add(SessionListener listener) {
	assertSessionListenerSupport();
	SessionManager sm = getSessionManager();
	((SessionListenerRegistrar) sm).add(listener);
	}

	/**
	* Removes the specified listener from receiving session events from the internal delegate
	* {@link SessionManager} instance.
	*
	* @param listener the listener to remove that no longer wishes to be notified of session events.
	* @return <code>true</code> if the listener was removed from the internal delegate <code>SessionManager</code>
	* instance, <code>false</code> otherwise.
	*/
	public boolean remove(SessionListener listener) {
	SessionManager sm = getSessionManager();
	return (sm instanceof SessionListenerRegistrar) &&
	((SessionListenerRegistrar) sm).remove(listener);
	}

	/**
	* Template hook for subclasses that wish to perform clean up behavior during shutdown.
	*/
	protected void beforeSessionManagerDestroyed() {
	}

	/**
	* Cleans up ('destroys') the internal delegate <code>SessionManager</code> by calling
	* {@link LifecycleUtils#destroy LifecycleUtils.destroy(getSessionManager())}.
	*/
	protected void destroySessionManager() {
	LifecycleUtils.destroy(getSessionManager());
	}

	/**
	* Calls {@link #beforeSessionManagerDestroyed() beforeSessionManagerDestroyed()} to allow subclass clean up and
	* then immediatley calls {@link #destroySessionManager() destroySessionManager()} to clean up the internal
	* delegate instance.
	*/
	protected void beforeAuthorizerDestroyed() {
	beforeSessionManagerDestroyed();
	destroySessionManager();
	}

	public Session start(InetAddress hostAddress) throws HostUnauthorizedException, IllegalArgumentException {
	SessionManager sm = getSessionManager();
	Serializable sessionId = sm.start(hostAddress);
	return new DelegatingSession(sm, sessionId);
	}

	public Session getSession(Serializable sessionId) throws InvalidSessionException, AuthorizationException {
	SessionManager sm = getSessionManager();
	if (!sm.isValid(sessionId)) {
	String msg = "Specified id [" + sessionId + "] does not correspond to a valid Session It either " +
	"does not exist or the corresponding session has been stopped or expired.";
	throw new InvalidSessionException(msg, sessionId);
	}
	return new DelegatingSession(sm, sessionId);
	}

	}