|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.shiro.session.mgt.SimpleSession
public class SimpleSession
Simple Session
JavaBeans-compatible POJO implementation, intended to be used on the
business/server tier.
Field Summary | |
---|---|
protected static long |
MILLIS_PER_HOUR
|
protected static long |
MILLIS_PER_MINUTE
|
protected static long |
MILLIS_PER_SECOND
|
Constructor Summary | |
---|---|
SimpleSession()
|
|
SimpleSession(String host)
|
Method Summary | |
---|---|
boolean |
equals(Object obj)
Returns true if the specified argument is an instanceof SimpleSession and both
id s are equal. |
protected void |
expire()
|
Object |
getAttribute(Object key)
Returns the object bound to this session identified by the specified key. |
Collection<Object> |
getAttributeKeys()
Returns the keys of all the attributes stored under this session. |
Map<Object,Object> |
getAttributes()
|
String |
getHost()
Returns the host name or IP string of the host that originated this session, or null
if the host is unknown. |
Serializable |
getId()
Returns the unique identifier assigned by the system upon session creation. |
Date |
getLastAccessTime()
Returns the last time the application received a request or method invocation from the user associated with this session. |
Date |
getStartTimestamp()
Returns the time the session was started; that is, the time the system created the instance. |
Date |
getStopTimestamp()
Returns the time the session was stopped, or null if the session is still active. |
long |
getTimeout()
Returns the time in milliseconds that the session session may remain idle before expiring. |
int |
hashCode()
Returns the hashCode. |
boolean |
isExpired()
Returns true if this session has expired, false otherwise. |
protected boolean |
isStopped()
|
protected boolean |
isTimedOut()
Determines if this session is expired. |
boolean |
isValid()
|
protected boolean |
onEquals(SimpleSession ss)
Provides an attribute-based comparison (no ID comparison) - incurred only when 'this' or the session object being compared for equality do not have a session id. |
Object |
removeAttribute(Object key)
Removes (unbinds) the object bound to this session under the specified key name. |
void |
setAttribute(Object key,
Object value)
Binds the specified value to this session, uniquely identified by the specifed
key name. |
void |
setAttributes(Map<Object,Object> attributes)
|
void |
setExpired(boolean expired)
|
void |
setHost(String host)
|
void |
setId(Serializable id)
|
void |
setLastAccessTime(Date lastAccessTime)
|
void |
setStartTimestamp(Date startTimestamp)
|
void |
setStopTimestamp(Date stopTimestamp)
|
void |
setTimeout(long timeout)
Sets the time in milliseconds that the session may remain idle before expiring. |
void |
stop()
Explicitly stops (invalidates) this session and releases all associated resources. |
String |
toString()
Returns the string representation of this SimpleSession, equal to getClass().getName() + ",id=" + getId() . |
void |
touch()
Explicitly updates the lastAccessTime of this session to the current time when
this method is invoked. |
void |
validate()
|
Methods inherited from class java.lang.Object |
---|
clone, finalize, getClass, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
protected static final long MILLIS_PER_SECOND
protected static final long MILLIS_PER_MINUTE
protected static final long MILLIS_PER_HOUR
Constructor Detail |
---|
public SimpleSession()
public SimpleSession(String host)
Method Detail |
---|
public Serializable getId()
Session
toString()
,
equals()
, and hashCode()
implementations. Good candidates for such
an identifier are UUID
s, Integer
s, and
String
s.
getId
in interface Session
public void setId(Serializable id)
public Date getStartTimestamp()
Session
getStartTimestamp
in interface Session
public void setStartTimestamp(Date startTimestamp)
public Date getStopTimestamp()
stop()
public void setStopTimestamp(Date stopTimestamp)
public Date getLastAccessTime()
Session
getLastAccessTime
in interface Session
Session.touch()
public void setLastAccessTime(Date lastAccessTime)
public boolean isExpired()
public void setExpired(boolean expired)
public long getTimeout()
Session
HttpSession
's getMaxInactiveInterval()
method, the scale on
this method is different: Shiro Sessions use millisecond values for timeout whereas
HttpSession.getMaxInactiveInterval
uses seconds. Always use millisecond values with Shiro sessions.
getTimeout
in interface Session
public void setTimeout(long timeout)
Session
HttpSession
's getMaxInactiveInterval()
method, the scale on
this method is different: Shiro Sessions use millisecond values for timeout whereas
HttpSession.getMaxInactiveInterval
uses seconds. Always use millisecond values with Shiro sessions.
setTimeout
in interface Session
timeout
- the time in milliseconds that the session may remain idle before expiring.public String getHost()
Session
null
if the host is unknown.
getHost
in interface Session
null
if the host address is unknown.public void setHost(String host)
public Map<Object,Object> getAttributes()
public void setAttributes(Map<Object,Object> attributes)
public void touch()
Session
lastAccessTime
of this session to the current time when
this method is invoked. This method can be used to ensure a session does not time out.
Most programmers won't use this method directly and will instead rely on the last access time to be updated
automatically as a result of an incoming web request or remote procedure call/method invocation.
However, this method is particularly useful when supporting rich-client applications such as
Java Web Start appp, Java or Flash applets, etc. Although rare, it is possible in a rich-client
environment that a user continuously interacts with the client-side application without a
server-side method call ever being invoked. If this happens over a long enough period of
time, the user's server-side session could time-out. Again, such cases are rare since most
rich-clients frequently require server-side method invocations.
In this example though, the user's session might still be considered valid because
the user is actively "using" the application, just not communicating with the
server. But because no server-side method calls are invoked, there is no way for the server
to know if the user is sitting idle or not, so it must assume so to maintain session
integrity. This touch()
method could be invoked by the rich-client application code during those
times to ensure that the next time a server-side method is invoked, the invocation will not
throw an ExpiredSessionException
. In short terms, it could be used periodically
to ensure a session does not time out.
How often this rich-client "maintenance" might occur is entirely dependent upon
the application and would be based on variables such as session timeout configuration,
usage characteristics of the client application, network utilization and application server
performance.
touch
in interface Session
public void stop()
Session
Subject
that
owns this session has logged-in), calling this method explicitly might have undesired side effects:
It is common for a Subject
implementation to retain authentication state in the
Session
. If the session
is explicitly stopped by application code by calling this method directly, it could clear out any
authentication state that might exist, thereby effectively "unauthenticating" the Subject
.
As such, you might consider logging-out
the 'owning'
Subject
instead of manually calling this method, as a log out is expected to stop the
corresponding session automatically, and also allows framework code to execute additional cleanup logic.
stop
in interface Session
protected boolean isStopped()
protected void expire()
public boolean isValid()
isValid
in interface ValidatingSession
protected boolean isTimedOut()
public void validate() throws InvalidSessionException
validate
in interface ValidatingSession
InvalidSessionException
public Collection<Object> getAttributeKeys() throws InvalidSessionException
Session
getAttributeKeys
in interface Session
InvalidSessionException
- if this session has stopped or expired prior to calling this method.public Object getAttribute(Object key)
Session
null
is returned.
getAttribute
in interface Session
key
- the unique name of the object bound to this session
key
name or null
if there is
no object bound under that name.public void setAttribute(Object key, Object value)
Session
value
to this session, uniquely identified by the specifed
key
name. If there is already an object bound under the key
name, that
existing object will be replaced by the new value
.
If the value
parameter is null, it has the same effect as if
removeAttribute
was called.
setAttribute
in interface Session
key
- the name under which the value
object will be bound in this sessionvalue
- the object to bind in this session.public Object removeAttribute(Object key)
Session
key
name.
removeAttribute
in interface Session
key
- the name uniquely identifying the object to remove
null
if there was no object bound under the name
key
.public boolean equals(Object obj)
true
if the specified argument is an instanceof
SimpleSession
and both
id
s are equal. If the argument is a SimpleSession
and either 'this' or the argument
does not yet have an ID assigned, the value of onEquals
is returned, which
does a necessary attribute-based comparison when IDs are not available.
Do your best to ensure SimpleSession
instances receive an ID very early in their lifecycle to
avoid the more expensive attributes-based comparison.
equals
in class Object
obj
- the object to compare with this one for equality.
true
if this object is equivalent to the specified argument, false
otherwise.protected boolean onEquals(SimpleSession ss)
ss
- the SimpleSession instance to compare for equality.
public int hashCode()
id
is not null
, its hashcode is returned immediately.
If it is null
, an attributes-based hashCode will be calculated and returned.
Do your best to ensure SimpleSession
instances receive an ID very early in their lifecycle to
avoid the more expensive attributes-based calculation.
hashCode
in class Object
public String toString()
getClass().getName() + ",id=" + getId()
.
toString
in class Object
getClass().getName() + ",id=" + getId()
.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |