All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.shiro.session.mgt.DefaultSessionManager Maven / Gradle / Ivy

There is a newer version: 3.9
Show newest version
/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.shiro.session.mgt;

import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.cache.CacheManagerAware;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.UnknownSessionException;
import org.apache.shiro.session.mgt.eis.MemorySessionDAO;
import org.apache.shiro.session.mgt.eis.SessionDAO;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import java.io.Serializable;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;

/**
 * Default business-tier implementation of a {@link ValidatingSessionManager}.  All session CRUD operations are
 * delegated to an internal {@link SessionDAO}.
 *
 * @since 0.1
 */
public class DefaultSessionManager extends AbstractValidatingSessionManager implements CacheManagerAware {

    //TODO - complete JavaDoc

    private static final Logger log = LoggerFactory.getLogger(DefaultSessionManager.class);

    private SessionFactory sessionFactory;

    protected SessionDAO sessionDAO;  //todo - move SessionDAO up to AbstractValidatingSessionManager?

    private CacheManager cacheManager;

    private boolean deleteInvalidSessions;

    public DefaultSessionManager() {
        this.deleteInvalidSessions = true;
        this.sessionFactory = new SimpleSessionFactory();
        this.sessionDAO = new MemorySessionDAO();
    }

    public void setSessionDAO(SessionDAO sessionDAO) {
        this.sessionDAO = sessionDAO;
        applyCacheManagerToSessionDAO();
    }

    public SessionDAO getSessionDAO() {
        return this.sessionDAO;
    }

    /**
     * Returns the {@code SessionFactory} used to generate new {@link Session} instances.  The default instance
     * is a {@link SimpleSessionFactory}.
     *
     * @return the {@code SessionFactory} used to generate new {@link Session} instances.
     * @since 1.0
     */
    public SessionFactory getSessionFactory() {
        return sessionFactory;
    }

    /**
     * Sets the {@code SessionFactory} used to generate new {@link Session} instances.  The default instance
     * is a {@link SimpleSessionFactory}.
     *
     * @param sessionFactory the {@code SessionFactory} used to generate new {@link Session} instances.
     * @since 1.0
     */
    public void setSessionFactory(SessionFactory sessionFactory) {
        this.sessionFactory = sessionFactory;
    }

    /**
     * Returns {@code true} if sessions should be automatically deleted after they are discovered to be invalid,
     * {@code false} if invalid sessions will be manually deleted by some process external to Shiro's control.  The
     * default is {@code true} to ensure no orphans exist in the underlying data store.
     * 

Usage

* It is ok to set this to {@code false} ONLY if you have some other process that you manage yourself * that periodically deletes invalid sessions from the backing data store over time, such as via a Quartz or Cron * job. If you do not do this, the invalid sessions will become 'orphans' and fill up the data store over time. *

* This property is provided because some systems need the ability to perform querying/reporting against sessions in * the data store, even after they have stopped or expired. Setting this attribute to {@code false} will allow * such querying, but with the caveat that the application developer/configurer deletes the sessions themselves by * some other means (cron, quartz, etc). * * @return {@code true} if sessions should be automatically deleted after they are discovered to be invalid, * {@code false} if invalid sessions will be manually deleted by some process external to Shiro's control. * @since 1.0 */ public boolean isDeleteInvalidSessions() { return deleteInvalidSessions; } /** * Sets whether or not sessions should be automatically deleted after they are discovered to be invalid. Default * value is {@code true} to ensure no orphans will exist in the underlying data store. *

WARNING

* Only set this value to {@code false} if you are manually going to delete sessions yourself by some process * (quartz, cron, etc) external to Shiro's control. See the * {@link #isDeleteInvalidSessions() isDeleteInvalidSessions()} JavaDoc for more. * * @param deleteInvalidSessions whether or not sessions should be automatically deleted after they are discovered * to be invalid. * @since 1.0 */ @SuppressWarnings({"UnusedDeclaration"}) public void setDeleteInvalidSessions(boolean deleteInvalidSessions) { this.deleteInvalidSessions = deleteInvalidSessions; } public void setCacheManager(CacheManager cacheManager) { this.cacheManager = cacheManager; applyCacheManagerToSessionDAO(); } /** * Sets the internal {@code CacheManager} on the {@code SessionDAO} if it implements the * {@link org.apache.shiro.cache.CacheManagerAware CacheManagerAware} interface. *

* This method is called after setting a cacheManager via the * {@link #setCacheManager(org.apache.shiro.cache.CacheManager) setCacheManager} method em when * setting a {@code SessionDAO} via the {@link #setSessionDAO} method to allow it to be propagated * in either case. * * @since 1.0 */ private void applyCacheManagerToSessionDAO() { if (this.cacheManager != null && this.sessionDAO != null && this.sessionDAO instanceof CacheManagerAware) { ((CacheManagerAware) this.sessionDAO).setCacheManager(this.cacheManager); } } protected Session doCreateSession(SessionContext context) { Session s = newSessionInstance(context); if (log.isTraceEnabled()) { log.trace("Creating session for host {}", s.getHost()); } create(s); return s; } protected Session newSessionInstance(SessionContext context) { return getSessionFactory().createSession(context); } /** * Persists the given session instance to an underlying EIS (Enterprise Information System). This implementation * delegates and calls * this.{@link SessionDAO sessionDAO}.{@link SessionDAO#create(org.apache.shiro.session.Session) create}(session); * * @param session the Session instance to persist to the underlying EIS. */ protected void create(Session session) { if (log.isDebugEnabled()) { log.debug("Creating new EIS record for new session instance [" + session + "]"); } sessionDAO.create(session); } @Override protected void onStop(Session session) { if (session instanceof SimpleSession) { SimpleSession ss = (SimpleSession) session; Date stopTs = ss.getStopTimestamp(); ss.setLastAccessTime(stopTs); } onChange(session); } @Override protected void afterStopped(Session session) { if (isDeleteInvalidSessions()) { delete(session); } } protected void onExpiration(Session session) { if (session instanceof SimpleSession) { ((SimpleSession) session).setExpired(true); } onChange(session); } @Override protected void afterExpired(Session session) { if (isDeleteInvalidSessions()) { delete(session); } } protected void onChange(Session session) { sessionDAO.update(session); } protected Session retrieveSession(SessionKey sessionKey) throws UnknownSessionException { Serializable sessionId = getSessionId(sessionKey); if (sessionId == null) { log.debug("Unable to resolve session ID from SessionKey [{}]. Returning null to indicate a " + "session could not be found.", sessionKey); return null; } Session s = retrieveSessionFromDataSource(sessionId); if (s == null) { //session ID was provided, meaning one is expected to be found, but we couldn't find one: String msg = "Could not find session with ID [" + sessionId + "]"; throw new UnknownSessionException(msg); } return s; } protected Serializable getSessionId(SessionKey sessionKey) { return sessionKey.getSessionId(); } protected Session retrieveSessionFromDataSource(Serializable sessionId) throws UnknownSessionException { return sessionDAO.readSession(sessionId); } protected void delete(Session session) { sessionDAO.delete(session); } protected Collection getActiveSessions() { Collection active = sessionDAO.getActiveSessions(); return active != null ? active : Collections.emptySet(); } }