|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.shiro.session.mgt.AbstractSessionManager org.apache.shiro.session.mgt.AbstractNativeSessionManager org.apache.shiro.session.mgt.AbstractValidatingSessionManager
public abstract class AbstractValidatingSessionManager
Default business-tier implementation of the ValidatingSessionManager
interface.
Field Summary | |
---|---|
static long |
DEFAULT_SESSION_VALIDATION_INTERVAL
The default interval at which sessions will be validated (1 hour); This can be overridden by calling setSessionValidationInterval(long) |
protected long |
sessionValidationInterval
|
protected SessionValidationScheduler |
sessionValidationScheduler
Scheduler used to validate sessions on a regular basis. |
protected boolean |
sessionValidationSchedulerEnabled
|
Fields inherited from class org.apache.shiro.session.mgt.AbstractSessionManager |
---|
DEFAULT_GLOBAL_SESSION_TIMEOUT, MILLIS_PER_HOUR, MILLIS_PER_MINUTE, MILLIS_PER_SECOND |
Constructor Summary | |
---|---|
AbstractValidatingSessionManager()
|
Method Summary | |
---|---|
protected void |
afterExpired(Session session)
|
protected void |
afterSessionValidationEnabled()
|
protected void |
beforeSessionValidationDisabled()
|
protected Session |
createSession(SessionContext context)
Creates a new Session Session instance based on the specified (possibly null )
initialization data. |
protected SessionValidationScheduler |
createSessionValidationScheduler()
|
void |
destroy()
Called when this object is being destroyed, allowing any necessary cleanup of internal resources. |
protected void |
disableSessionValidation()
|
protected abstract Session |
doCreateSession(SessionContext initData)
|
protected Session |
doGetSession(SessionKey key)
|
protected void |
doValidate(Session session)
|
protected void |
enableSessionValidation()
|
protected abstract Collection<Session> |
getActiveSessions()
|
long |
getSessionValidationInterval()
|
SessionValidationScheduler |
getSessionValidationScheduler()
|
protected long |
getTimeout(Session session)
Subclass template hook in case per-session timeout is not based on Session.getTimeout() . |
boolean |
isSessionValidationSchedulerEnabled()
|
protected void |
onExpiration(Session session)
|
protected void |
onExpiration(Session s,
ExpiredSessionException ese,
SessionKey key)
|
protected void |
onInvalidation(Session s,
InvalidSessionException ise,
SessionKey key)
|
protected abstract Session |
retrieveSession(SessionKey key)
Looks up a session from the underlying data store based on the specified session key. |
void |
setSessionValidationInterval(long sessionValidationInterval)
If using the underlying default SessionValidationScheduler (that is, the setSessionValidationScheduler method is
never called) , this method allows one to specify how
frequently session should be validated (to check for orphans). |
void |
setSessionValidationScheduler(SessionValidationScheduler sessionValidationScheduler)
|
void |
setSessionValidationSchedulerEnabled(boolean sessionValidationSchedulerEnabled)
|
protected void |
validate(Session session,
SessionKey key)
|
void |
validateSessions()
Performs session validation for all open/active sessions in the system (those that have not been stopped or expired), and validates each one. |
Methods inherited from class org.apache.shiro.session.mgt.AbstractNativeSessionManager |
---|
afterStopped, applyGlobalSessionTimeout, beforeInvalidNotification, checkValid, createExposedSession, createExposedSession, getAttribute, getAttributeKeys, getHost, getLastAccessTime, getSession, getSessionListeners, getStartTimestamp, getTimeout, isValid, notifyExpiration, notifyStart, notifyStop, onChange, onStart, onStop, onStop, removeAttribute, setAttribute, setSessionListeners, setTimeout, start, stop, touch |
Methods inherited from class org.apache.shiro.session.mgt.AbstractSessionManager |
---|
getGlobalSessionTimeout, setGlobalSessionTimeout |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface org.apache.shiro.session.mgt.SessionManager |
---|
getSession, start |
Field Detail |
---|
public static final long DEFAULT_SESSION_VALIDATION_INTERVAL
setSessionValidationInterval(long)
protected boolean sessionValidationSchedulerEnabled
protected SessionValidationScheduler sessionValidationScheduler
protected long sessionValidationInterval
Constructor Detail |
---|
public AbstractValidatingSessionManager()
Method Detail |
---|
public boolean isSessionValidationSchedulerEnabled()
public void setSessionValidationSchedulerEnabled(boolean sessionValidationSchedulerEnabled)
public void setSessionValidationScheduler(SessionValidationScheduler sessionValidationScheduler)
public SessionValidationScheduler getSessionValidationScheduler()
public void setSessionValidationInterval(long sessionValidationInterval)
setSessionValidationScheduler
method is
never called) , this method allows one to specify how
frequently session should be validated (to check for orphans). The default value is
DEFAULT_SESSION_VALIDATION_INTERVAL
.
If you override the default scheduler, it is assumed that overriding instance 'knows' how often to
validate sessions, and this attribute will be ignored.
Unless this method is called, the default value is DEFAULT_SESSION_VALIDATION_INTERVAL
.
sessionValidationInterval
- the time in milliseconds between checking for valid sessions to reap orphans.public long getSessionValidationInterval()
protected final Session doGetSession(SessionKey key) throws InvalidSessionException
doGetSession
in class AbstractNativeSessionManager
InvalidSessionException
protected abstract Session retrieveSession(SessionKey key) throws UnknownSessionException
key
- the session key to use to look up the target session.
sessionId
.
UnknownSessionException
- if there is no session identified by sessionId
.protected Session createSession(SessionContext context) throws AuthorizationException
AbstractNativeSessionManager
Session Session
instance based on the specified (possibly null
)
initialization data. Implementing classes must manage the persistent state of the returned session such that it
could later be acquired via the AbstractNativeSessionManager.getSession(SessionKey)
method.
createSession
in class AbstractNativeSessionManager
context
- the initialization data that can be used by the implementation or underlying
SessionFactory
when instantiating the internal Session
instance.
Session
instance.
HostUnauthorizedException
- if the system access control policy restricts access based
on client location/IP and the specified hostAddress hasn't been enabled.
AuthorizationException
- if the system access control policy does not allow the currently executing
caller to start sessions.protected abstract Session doCreateSession(SessionContext initData) throws AuthorizationException
AuthorizationException
protected void validate(Session session, SessionKey key) throws InvalidSessionException
InvalidSessionException
protected void onExpiration(Session s, ExpiredSessionException ese, SessionKey key)
protected void onExpiration(Session session)
protected void afterExpired(Session session)
protected void onInvalidation(Session s, InvalidSessionException ise, SessionKey key)
protected void doValidate(Session session) throws InvalidSessionException
InvalidSessionException
protected long getTimeout(Session session)
Session.getTimeout()
.
This implementation merely returns Session.getTimeout()
session
- the session for which to determine session timeout.
protected SessionValidationScheduler createSessionValidationScheduler()
protected void enableSessionValidation()
protected void afterSessionValidationEnabled()
protected void disableSessionValidation()
protected void beforeSessionValidationDisabled()
public void destroy()
Destroyable
destroy
in interface Destroyable
public void validateSessions()
ValidatingSessionManager
getSession(SessionKey)
method on any
ValidatingSessionManager
instance as that method is expected to
validate the session before retrieving it. Note that even with proactive calls to getSession
,
this validateSessions()
method should be invoked regularly anyway to guarantee no
orphans exist.
Note: Shiro supports automatic execution of this method at a regular interval
by using SessionValidationScheduler
s. The Shiro default SecurityManager implementations
needing session validation will create and use one by default if one is not provided by the
application configuration.
validateSessions
in interface ValidatingSessionManager
ValidatingSessionManager.validateSessions()
protected abstract Collection<Session> getActiveSessions()
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |