Coverage Report

Coverage Report - org.apache.shiro.session.mgt.AbstractValidatingSessionManager

Classes in this File

Line Coverage

Branch Coverage

Complexity

AbstractValidatingSessionManager

81%

94/116

57%

24/42

2.074

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro.session.mgt;
 
 import org.apache.shiro.authz.AuthorizationException;
 import org.apache.shiro.session.ExpiredSessionException;
 import org.apache.shiro.session.InvalidSessionException;
 import org.apache.shiro.session.Session;
 import org.apache.shiro.session.UnknownSessionException;
 import org.apache.shiro.util.Destroyable;
 import org.apache.shiro.util.LifecycleUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
 import java.util.Collection;
 
 
 /**
  * Default business-tier implementation of the {@link ValidatingSessionManager} interface.
  *
  * @since 0.1
  */
 public abstract class AbstractValidatingSessionManager extends AbstractNativeSessionManager
         implements ValidatingSessionManager, Destroyable {
 
     //TODO - complete JavaDoc
 
     private static final Logger log = LoggerFactory.getLogger(AbstractValidatingSessionManager.class);
 
     /**
      * The default interval at which sessions will be validated (1 hour);
      * This can be overridden by calling {@link #setSessionValidationInterval(long)}
      */
     public static final long DEFAULT_SESSION_VALIDATION_INTERVAL = MILLIS_PER_HOUR;
 
     protected boolean sessionValidationSchedulerEnabled;
 
     /**
      * Scheduler used to validate sessions on a regular basis.
      */
     protected SessionValidationScheduler sessionValidationScheduler;
 
     protected long sessionValidationInterval;
 
     public AbstractValidatingSessionManager() {
         this.sessionValidationSchedulerEnabled = true;
         this.sessionValidationInterval = DEFAULT_SESSION_VALIDATION_INTERVAL;
     }
 
     public boolean isSessionValidationSchedulerEnabled() {
         return sessionValidationSchedulerEnabled;
     }
 
     @SuppressWarnings({"UnusedDeclaration"})
     public void setSessionValidationSchedulerEnabled(boolean sessionValidationSchedulerEnabled) {
         this.sessionValidationSchedulerEnabled = sessionValidationSchedulerEnabled;
     }
 
     public void setSessionValidationScheduler(SessionValidationScheduler sessionValidationScheduler) {
         this.sessionValidationScheduler = sessionValidationScheduler;
     }
 
     public SessionValidationScheduler getSessionValidationScheduler() {
         return sessionValidationScheduler;
     }
 
     private void enableSessionValidationIfNecessary() {
         SessionValidationScheduler scheduler = getSessionValidationScheduler();
         if (isSessionValidationSchedulerEnabled() && (scheduler == null || !scheduler.isEnabled())) {
             enableSessionValidation();
         }
     }
 
     /**
      * If using the underlying default <tt>SessionValidationScheduler</tt> (that is, the
      * {@link #setSessionValidationScheduler(SessionValidationScheduler) setSessionValidationScheduler} method is
      * never called) , this method allows one to specify how
      * frequently session should be validated (to check for orphans).  The default value is
      * {@link #DEFAULT_SESSION_VALIDATION_INTERVAL}.
      * <p/>
      * If you override the default scheduler, it is assumed that overriding instance 'knows' how often to
      * validate sessions, and this attribute will be ignored.
      * <p/>
      * Unless this method is called, the default value is {@link #DEFAULT_SESSION_VALIDATION_INTERVAL}.
      *
      * @param sessionValidationInterval the time in milliseconds between checking for valid sessions to reap orphans.
      */
     public void setSessionValidationInterval(long sessionValidationInterval) {
         this.sessionValidationInterval = sessionValidationInterval;
     }
 
     public long getSessionValidationInterval() {
         return sessionValidationInterval;
     }
 
     @Override
     protected final Session doGetSession(final SessionKey key) throws InvalidSessionException {
         enableSessionValidationIfNecessary();
 
         log.trace("Attempting to retrieve session with key {}", key);
 
         Session s = retrieveSession(key);
         if (s != null) {
             validate(s, key);
         }
         return s;
     }
 
     /**
      * Looks up a session from the underlying data store based on the specified session key.
      *
      * @param key the session key to use to look up the target session.
      * @return the session identified by {@code sessionId}.
      * @throws UnknownSessionException if there is no session identified by {@code sessionId}.
      */
     protected abstract Session retrieveSession(SessionKey key) throws UnknownSessionException;
 
     protected Session createSession(SessionContext context) throws AuthorizationException {
         enableSessionValidationIfNecessary();
         return doCreateSession(context);
     }
 
     protected abstract Session doCreateSession(SessionContext initData) throws AuthorizationException;
 
     protected void validate(Session session, SessionKey key) throws InvalidSessionException {
         try {
             doValidate(session);
         } catch (ExpiredSessionException ese) {
             onExpiration(session, ese, key);
             throw ese;
         } catch (InvalidSessionException ise) {
             onInvalidation(session, ise, key);
             throw ise;
         }
     }
 
     protected void onExpiration(Session s, ExpiredSessionException ese, SessionKey key) {
         log.trace("Session with id [{}] has expired.", s.getId());
         try {
             onExpiration(s);
             notifyExpiration(s);
         } finally {
             afterExpired(s);
         }
     }
 
     protected void onExpiration(Session session) {
         onChange(session);
     }
 
     protected void afterExpired(Session session) {
     }
 
     protected void onInvalidation(Session s, InvalidSessionException ise, SessionKey key) {
         if (ise instanceof ExpiredSessionException) {
             onExpiration(s, (ExpiredSessionException) ise, key);
             return;
         }
         log.trace("Session with id [{}] is invalid.", s.getId());
         try {
             onStop(s);
             notifyStop(s);
         } finally {
             afterStopped(s);
         }
     }
 
     protected void doValidate(Session session) throws InvalidSessionException {
         if (session instanceof ValidatingSession) {
             ((ValidatingSession) session).validate();
         } else {
             String msg = "The " + getClass().getName() + " implementation only supports validating " +
                     "Session implementations of the " + ValidatingSession.class.getName() + " interface.  " +
                     "Please either implement this interface in your session implementation or override the " +
                     AbstractValidatingSessionManager.class.getName() + ".doValidate(Session) method to perform validation.";
             throw new IllegalStateException(msg);
         }
     }
 
     /**
      * Subclass template hook in case per-session timeout is not based on
      * {@link org.apache.shiro.session.Session#getTimeout()}.
      * <p/>
      * <p>This implementation merely returns {@link org.apache.shiro.session.Session#getTimeout()}</p>
      *
      * @param session the session for which to determine session timeout.
      * @return the time in milliseconds the specified session may remain idle before expiring.
      */
     protected long getTimeout(Session session) {
         return session.getTimeout();
     }
 
     protected SessionValidationScheduler createSessionValidationScheduler() {
         ExecutorServiceSessionValidationScheduler scheduler;
 
         if (log.isDebugEnabled()) {
             log.debug("No sessionValidationScheduler set.  Attempting to create default instance.");
         }
         scheduler = new ExecutorServiceSessionValidationScheduler(this);
         scheduler.setInterval(getSessionValidationInterval());
         if (log.isTraceEnabled()) {
             log.trace("Created default SessionValidationScheduler instance of type [" + scheduler.getClass().getName() + "].");
         }
         return scheduler;
     }
 
     protected synchronized void enableSessionValidation() {
         SessionValidationScheduler scheduler = getSessionValidationScheduler();
         if (scheduler == null) {
             scheduler = createSessionValidationScheduler();
             setSessionValidationScheduler(scheduler);
             if (log.isInfoEnabled()) {
                 log.info("Enabling session validation scheduler...");
             }
             scheduler.enableSessionValidation();
             afterSessionValidationEnabled();
         }
     }
 
     protected void afterSessionValidationEnabled() {
     }
 
     protected void disableSessionValidation() {
         beforeSessionValidationDisabled();
         SessionValidationScheduler scheduler = getSessionValidationScheduler();
         if (scheduler != null) {
             try {
                 scheduler.disableSessionValidation();
                 if (log.isInfoEnabled()) {
                     log.info("Disabled session validation scheduler.");
                 }
             } catch (Exception e) {
                 if (log.isDebugEnabled()) {
                     String msg = "Unable to disable SessionValidationScheduler.  Ignoring (shutting down)...";
                     log.debug(msg, e);
                 }
             }
             LifecycleUtils.destroy(scheduler);
             setSessionValidationScheduler(null);
         }
     }
 
     protected void beforeSessionValidationDisabled() {
     }
 
     public void destroy() {
         disableSessionValidation();
     }
 
     /**
      * @see ValidatingSessionManager#validateSessions()
      */
     public void validateSessions() {
         if (log.isInfoEnabled()) {
             log.info("Validating all active sessions...");
         }
 
         int invalidCount = 0;
 
         Collection<Session> activeSessions = getActiveSessions();
 
         if (activeSessions != null && !activeSessions.isEmpty()) {
             for (Session s : activeSessions) {
                 try {
                     //simulate a lookup key to satisfy the method signature.
                     //this could probably stand to be cleaned up in future versions:
                     SessionKey key = new DefaultSessionKey(s.getId());
                     validate(s, key);
                 } catch (InvalidSessionException e) {
                     if (log.isDebugEnabled()) {
                         boolean expired = (e instanceof ExpiredSessionException);
                         String msg = "Invalidated session with id [" + s.getId() + "]" +
                                 (expired ? " (expired)" : " (stopped)");
                         log.debug(msg);
                     }
                     invalidCount++;
                 }
             }
         }
 
         if (log.isInfoEnabled()) {
             String msg = "Finished session validation.";
             if (invalidCount > 0) {
                 msg += "  [" + invalidCount + "] sessions were stopped.";
             } else {
                 msg += "  No sessions were stopped.";
             }
             log.info(msg);
         }
     }
 
     protected abstract Collection<Session> getActiveSessions();
 }

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one
3		* or more contributor license agreements. See the NOTICE file
4		* distributed with this work for additional information
5		* regarding copyright ownership. The ASF licenses this file
6		* to you under the Apache License, Version 2.0 (the
7		* "License"); you may not use this file except in compliance
8		* with the License. You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing,
13		* software distributed under the License is distributed on an
14		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15		* KIND, either express or implied. See the License for the
16		* specific language governing permissions and limitations
17		* under the License.
18		*/
19		package org.apache.shiro.session.mgt;
20
21		import org.apache.shiro.authz.AuthorizationException;
22		import org.apache.shiro.session.ExpiredSessionException;
23		import org.apache.shiro.session.InvalidSessionException;
24		import org.apache.shiro.session.Session;
25		import org.apache.shiro.session.UnknownSessionException;
26		import org.apache.shiro.util.Destroyable;
27		import org.apache.shiro.util.LifecycleUtils;
28		import org.slf4j.Logger;
29		import org.slf4j.LoggerFactory;
30
31		import java.util.Collection;
32
33
34		/**
35		* Default business-tier implementation of the {@link ValidatingSessionManager} interface.
36		*
37		* @since 0.1
38		*/
39		public abstract class AbstractValidatingSessionManager extends AbstractNativeSessionManager
40		implements ValidatingSessionManager, Destroyable {
41
42		//TODO - complete JavaDoc
43
44	1	private static final Logger log = LoggerFactory.getLogger(AbstractValidatingSessionManager.class);
45
46		/**
47		* The default interval at which sessions will be validated (1 hour);
48		* This can be overridden by calling {@link #setSessionValidationInterval(long)}
49		*/
50		public static final long DEFAULT_SESSION_VALIDATION_INTERVAL = MILLIS_PER_HOUR;
51
52		protected boolean sessionValidationSchedulerEnabled;
53
54		/**
55		* Scheduler used to validate sessions on a regular basis.
56		*/
57		protected SessionValidationScheduler sessionValidationScheduler;
58
59		protected long sessionValidationInterval;
60
61	45	public AbstractValidatingSessionManager() {
62	45	this.sessionValidationSchedulerEnabled = true;
63	45	this.sessionValidationInterval = DEFAULT_SESSION_VALIDATION_INTERVAL;
64	45	}
65
66		public boolean isSessionValidationSchedulerEnabled() {
67	231	return sessionValidationSchedulerEnabled;
68		}
69
70		@SuppressWarnings({"UnusedDeclaration"})
71		public void setSessionValidationSchedulerEnabled(boolean sessionValidationSchedulerEnabled) {
72	11	this.sessionValidationSchedulerEnabled = sessionValidationSchedulerEnabled;
73	11	}
74
75		public void setSessionValidationScheduler(SessionValidationScheduler sessionValidationScheduler) {
76	32	this.sessionValidationScheduler = sessionValidationScheduler;
77	32	}
78
79		public SessionValidationScheduler getSessionValidationScheduler() {
80	275	return sessionValidationScheduler;
81		}
82
83		private void enableSessionValidationIfNecessary() {
84	231	SessionValidationScheduler scheduler = getSessionValidationScheduler();
85	231	if (isSessionValidationSchedulerEnabled() && (scheduler == null \|\| !scheduler.isEnabled())) {
86	18	enableSessionValidation();
87		}
88	231	}
89
90		/**
91		* If using the underlying default <tt>SessionValidationScheduler</tt> (that is, the
92		* {@link #setSessionValidationScheduler(SessionValidationScheduler) setSessionValidationScheduler} method is
93		* never called) , this method allows one to specify how
94		* frequently session should be validated (to check for orphans). The default value is
95		* {@link #DEFAULT_SESSION_VALIDATION_INTERVAL}.
96		* <p/>
97		* If you override the default scheduler, it is assumed that overriding instance 'knows' how often to
98		* validate sessions, and this attribute will be ignored.
99		* <p/>
100		* Unless this method is called, the default value is {@link #DEFAULT_SESSION_VALIDATION_INTERVAL}.
101		*
102		* @param sessionValidationInterval the time in milliseconds between checking for valid sessions to reap orphans.
103		*/
104		public void setSessionValidationInterval(long sessionValidationInterval) {
105	0	this.sessionValidationInterval = sessionValidationInterval;
106	0	}
107
108		public long getSessionValidationInterval() {
109	18	return sessionValidationInterval;
110		}
111
112		@Override
113		protected final Session doGetSession(final SessionKey key) throws InvalidSessionException {
114	203	enableSessionValidationIfNecessary();
115
116	203	log.trace("Attempting to retrieve session with key {}", key);
117
118	203	Session s = retrieveSession(key);
119	203	if (s != null) {
120	203	validate(s, key);
121		}
122	199	return s;
123		}
124
125		/**
126		* Looks up a session from the underlying data store based on the specified session key.
127		*
128		* @param key the session key to use to look up the target session.
129		* @return the session identified by {@code sessionId}.
130		* @throws UnknownSessionException if there is no session identified by {@code sessionId}.
131		*/
132		protected abstract Session retrieveSession(SessionKey key) throws UnknownSessionException;
133
134		protected Session createSession(SessionContext context) throws AuthorizationException {
135	28	enableSessionValidationIfNecessary();
136	28	return doCreateSession(context);
137		}
138
139		protected abstract Session doCreateSession(SessionContext initData) throws AuthorizationException;
140
141		protected void validate(Session session, SessionKey key) throws InvalidSessionException {
142		try {
143	206	doValidate(session);
144	6	} catch (ExpiredSessionException ese) {
145	6	onExpiration(session, ese, key);
146	5	throw ese;
147	0	} catch (InvalidSessionException ise) {
148	0	onInvalidation(session, ise, key);
149	0	throw ise;
150	200	}
151	200	}
152
153		protected void onExpiration(Session s, ExpiredSessionException ese, SessionKey key) {
154	6	log.trace("Session with id [{}] has expired.", s.getId());
155		try {
156	6	onExpiration(s);
157	6	notifyExpiration(s);
158		} finally {
159	6	afterExpired(s);
160	5	}
161	5	}
162
163		protected void onExpiration(Session session) {
164	1	onChange(session);
165	1	}
166
167		protected void afterExpired(Session session) {
168	1	}
169
170		protected void onInvalidation(Session s, InvalidSessionException ise, SessionKey key) {
171	0	if (ise instanceof ExpiredSessionException) {
172	0	onExpiration(s, (ExpiredSessionException) ise, key);
173	0	return;
174		}
175	0	log.trace("Session with id [{}] is invalid.", s.getId());
176		try {
177	0	onStop(s);
178	0	notifyStop(s);
179		} finally {
180	0	afterStopped(s);
181	0	}
182	0	}
183
184		protected void doValidate(Session session) throws InvalidSessionException {
185	206	if (session instanceof ValidatingSession) {
186	206	((ValidatingSession) session).validate();
187		} else {
188	0	String msg = "The " + getClass().getName() + " implementation only supports validating " +
189		"Session implementations of the " + ValidatingSession.class.getName() + " interface. " +
190		"Please either implement this interface in your session implementation or override the " +
191		AbstractValidatingSessionManager.class.getName() + ".doValidate(Session) method to perform validation.";
192	0	throw new IllegalStateException(msg);
193		}
194	200	}
195
196		/**
197		* Subclass template hook in case per-session timeout is not based on
198		* {@link org.apache.shiro.session.Session#getTimeout()}.
199		* <p/>
200		* <p>This implementation merely returns {@link org.apache.shiro.session.Session#getTimeout()}</p>
201		*
202		* @param session the session for which to determine session timeout.
203		* @return the time in milliseconds the specified session may remain idle before expiring.
204		*/
205		protected long getTimeout(Session session) {
206	0	return session.getTimeout();
207		}
208
209		protected SessionValidationScheduler createSessionValidationScheduler() {
210		ExecutorServiceSessionValidationScheduler scheduler;
211
212	18	if (log.isDebugEnabled()) {
213	18	log.debug("No sessionValidationScheduler set. Attempting to create default instance.");
214		}
215	18	scheduler = new ExecutorServiceSessionValidationScheduler(this);
216	18	scheduler.setInterval(getSessionValidationInterval());
217	18	if (log.isTraceEnabled()) {
218	18	log.trace("Created default SessionValidationScheduler instance of type [" + scheduler.getClass().getName() + "].");
219		}
220	18	return scheduler;
221		}
222
223		protected synchronized void enableSessionValidation() {
224	18	SessionValidationScheduler scheduler = getSessionValidationScheduler();
225	18	if (scheduler == null) {
226	18	scheduler = createSessionValidationScheduler();
227	18	setSessionValidationScheduler(scheduler);
228	18	if (log.isInfoEnabled()) {
229	18	log.info("Enabling session validation scheduler...");
230		}
231	18	scheduler.enableSessionValidation();
232	18	afterSessionValidationEnabled();
233		}
234	18	}
235
236		protected void afterSessionValidationEnabled() {
237	18	}
238
239		protected void disableSessionValidation() {
240	26	beforeSessionValidationDisabled();
241	26	SessionValidationScheduler scheduler = getSessionValidationScheduler();
242	26	if (scheduler != null) {
243		try {
244	14	scheduler.disableSessionValidation();
245	14	if (log.isInfoEnabled()) {
246	14	log.info("Disabled session validation scheduler.");
247		}
248	0	} catch (Exception e) {
249	0	if (log.isDebugEnabled()) {
250	0	String msg = "Unable to disable SessionValidationScheduler. Ignoring (shutting down)...";
251	0	log.debug(msg, e);
252		}
253	14	}
254	14	LifecycleUtils.destroy(scheduler);
255	14	setSessionValidationScheduler(null);
256		}
257	26	}
258
259		protected void beforeSessionValidationDisabled() {
260	26	}
261
262		public void destroy() {
263	26	disableSessionValidation();
264	26	}
265
266		/**
267		* @see ValidatingSessionManager#validateSessions()
268		*/
269		public void validateSessions() {
270	2	if (log.isInfoEnabled()) {
271	2	log.info("Validating all active sessions...");
272		}
273
274	2	int invalidCount = 0;
275
276	2	Collection<Session> activeSessions = getActiveSessions();
277
278	2	if (activeSessions != null && !activeSessions.isEmpty()) {
279	2	for (Session s : activeSessions) {
280		try {
281		//simulate a lookup key to satisfy the method signature.
282		//this could probably stand to be cleaned up in future versions:
283	3	SessionKey key = new DefaultSessionKey(s.getId());
284	3	validate(s, key);
285	2	} catch (InvalidSessionException e) {
286	2	if (log.isDebugEnabled()) {
287	2	boolean expired = (e instanceof ExpiredSessionException);
288	2	String msg = "Invalidated session with id [" + s.getId() + "]" +
289		(expired ? " (expired)" : " (stopped)");
290	2	log.debug(msg);
291		}
292	2	invalidCount++;
293	1	}
294	3	}
295		}
296
297	2	if (log.isInfoEnabled()) {
298	2	String msg = "Finished session validation.";
299	2	if (invalidCount > 0) {
300	2	msg += " [" + invalidCount + "] sessions were stopped.";
301		} else {
302	0	msg += " No sessions were stopped.";
303		}
304	2	log.info(msg);
305		}
306	2	}
307
308		protected abstract Collection<Session> getActiveSessions();
309		}