| /* |
| * Licensed to the Apache Software Foundation (ASF) under one |
| * or more contributor license agreements. See the NOTICE file |
| * distributed with this work for additional information |
| * regarding copyright ownership. The ASF licenses this file |
| * to you under the Apache License, Version 2.0 (the |
| * "License"); you may not use this file except in compliance |
| * with the License. You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, |
| * software distributed under the License is distributed on an |
| * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| * KIND, either express or implied. See the License for the |
| * specific language governing permissions and limitations |
| * under the License. |
| */ |
| package org.apache.shiro.mgt; |
| |
| import org.apache.shiro.authz.AuthorizationException; |
| import org.apache.shiro.cache.CacheManagerAware; |
| import org.apache.shiro.session.Session; |
| import org.apache.shiro.session.SessionException; |
| import org.apache.shiro.session.mgt.DefaultSessionManager; |
| import org.apache.shiro.session.mgt.SessionContext; |
| import org.apache.shiro.session.mgt.SessionKey; |
| import org.apache.shiro.session.mgt.SessionManager; |
| import org.apache.shiro.util.LifecycleUtils; |
| |
| |
| /** |
| * Shiro support of a {@link SecurityManager} class hierarchy that delegates all |
| * {@link org.apache.shiro.session.Session session} operations to a wrapped |
| * {@link org.apache.shiro.session.mgt.SessionManager SessionManager} instance. That is, this class implements the |
| * methods in the {@link SessionManager SessionManager} interface, but in reality, those methods are merely |
| * passthrough calls to the underlying 'real' {@code SessionManager} instance. |
| * <p/> |
| * The remaining {@code SecurityManager} methods not implemented by this class or its parents are left to be |
| * implemented by subclasses. |
| * <p/> |
| * In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever |
| * possible, suitable default instances for all dependencies will be created upon instantiation. |
| * |
| * @since 0.9 |
| */ |
| public abstract class SessionsSecurityManager extends AuthorizingSecurityManager { |
| |
| /** |
| * The internal delegate <code>SessionManager</code> used by this security manager that manages all the |
| * application's {@link Session Session}s. |
| */ |
| private SessionManager sessionManager; |
| |
| /** |
| * Default no-arg constructor, internally creates a suitable default {@link SessionManager SessionManager} delegate |
| * instance. |
| */ |
| public SessionsSecurityManager() { |
| super(); |
| this.sessionManager = new DefaultSessionManager(); |
| applyCacheManagerToSessionManager(); |
| } |
| |
| /** |
| * Sets the underlying delegate {@link SessionManager} instance that will be used to support this implementation's |
| * <tt>SessionManager</tt> method calls. |
| * <p/> |
| * This <tt>SecurityManager</tt> implementation does not provide logic to support the inherited |
| * <tt>SessionManager</tt> interface, but instead delegates these calls to an internal |
| * <tt>SessionManager</tt> instance. |
| * <p/> |
| * If a <tt>SessionManager</tt> instance is not set, a default one will be automatically created and |
| * initialized appropriately for the the existing runtime environment. |
| * |
| * @param sessionManager delegate instance to use to support this manager's <tt>SessionManager</tt> method calls. |
| */ |
| public void setSessionManager(SessionManager sessionManager) { |
| this.sessionManager = sessionManager; |
| afterSessionManagerSet(); |
| } |
| |
| protected void afterSessionManagerSet() { |
| applyCacheManagerToSessionManager(); |
| } |
| |
| /** |
| * Returns this security manager's internal delegate {@link SessionManager SessionManager}. |
| * |
| * @return this security manager's internal delegate {@link SessionManager SessionManager}. |
| * @see #setSessionManager(org.apache.shiro.session.mgt.SessionManager) setSessionManager |
| */ |
| public SessionManager getSessionManager() { |
| return this.sessionManager; |
| } |
| |
| /** |
| * Calls {@link org.apache.shiro.mgt.AuthorizingSecurityManager#afterCacheManagerSet() super.afterCacheManagerSet()} and then immediately calls |
| * {@link #applyCacheManagerToSessionManager() applyCacheManagerToSessionManager()} to ensure the |
| * <code>CacheManager</code> is applied to the SessionManager as necessary. |
| */ |
| protected void afterCacheManagerSet() { |
| super.afterCacheManagerSet(); |
| applyCacheManagerToSessionManager(); |
| } |
| |
| /** |
| * Ensures the internal delegate <code>SessionManager</code> is injected with the newly set |
| * {@link #setCacheManager CacheManager} so it may use it for its internal caching needs. |
| * <p/> |
| * Note: This implementation only injects the CacheManager into the SessionManager if the SessionManager |
| * instance implements the {@link CacheManagerAware CacheManagerAware} interface. |
| */ |
| protected void applyCacheManagerToSessionManager() { |
| if (this.sessionManager instanceof CacheManagerAware) { |
| ((CacheManagerAware) this.sessionManager).setCacheManager(getCacheManager()); |
| } |
| } |
| |
| public Session start(SessionContext context) throws AuthorizationException { |
| return this.sessionManager.start(context); |
| } |
| |
| public Session getSession(SessionKey key) throws SessionException { |
| return this.sessionManager.getSession(key); |
| } |
| |
| public void destroy() { |
| LifecycleUtils.destroy(getSessionManager()); |
| this.sessionManager = null; |
| super.destroy(); |
| } |
| } |