1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.shiro.mgt; 20 21 import org.apache.shiro.authz.AuthorizationException; 22 import org.apache.shiro.cache.CacheManagerAware; 23 import org.apache.shiro.event.EventBus; 24 import org.apache.shiro.event.EventBusAware; 25 import org.apache.shiro.session.Session; 26 import org.apache.shiro.session.SessionException; 27 import org.apache.shiro.session.mgt.DefaultSessionManager; 28 import org.apache.shiro.session.mgt.SessionContext; 29 import org.apache.shiro.session.mgt.SessionKey; 30 import org.apache.shiro.session.mgt.SessionManager; 31 import org.apache.shiro.util.LifecycleUtils; 32 33 34 /** 35 * Shiro support of a {@link SecurityManager} class hierarchy that delegates all 36 * {@link org.apache.shiro.session.Session session} operations to a wrapped 37 * {@link org.apache.shiro.session.mgt.SessionManager SessionManager} instance. That is, this class implements the 38 * methods in the {@link SessionManager SessionManager} interface, but in reality, those methods are merely 39 * passthrough calls to the underlying 'real' {@code SessionManager} instance. 40 * <p/> 41 * The remaining {@code SecurityManager} methods not implemented by this class or its parents are left to be 42 * implemented by subclasses. 43 * <p/> 44 * In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever 45 * possible, suitable default instances for all dependencies will be created upon instantiation. 46 * 47 * @since 0.9 48 */ 49 public abstract class SessionsSecurityManager extends AuthorizingSecurityManager { 50 51 /** 52 * The internal delegate <code>SessionManager</code> used by this security manager that manages all the 53 * application's {@link Session Session}s. 54 */ 55 private SessionManager sessionManager; 56 57 /** 58 * Default no-arg constructor, internally creates a suitable default {@link SessionManager SessionManager} delegate 59 * instance. 60 */ 61 public SessionsSecurityManager() { 62 super(); 63 this.sessionManager = new DefaultSessionManager(); 64 applyCacheManagerToSessionManager(); 65 } 66 67 /** 68 * Sets the underlying delegate {@link SessionManager} instance that will be used to support this implementation's 69 * <tt>SessionManager</tt> method calls. 70 * <p/> 71 * This <tt>SecurityManager</tt> implementation does not provide logic to support the inherited 72 * <tt>SessionManager</tt> interface, but instead delegates these calls to an internal 73 * <tt>SessionManager</tt> instance. 74 * <p/> 75 * If a <tt>SessionManager</tt> instance is not set, a default one will be automatically created and 76 * initialized appropriately for the the existing runtime environment. 77 * 78 * @param sessionManager delegate instance to use to support this manager's <tt>SessionManager</tt> method calls. 79 */ 80 public void setSessionManager(SessionManager sessionManager) { 81 this.sessionManager = sessionManager; 82 afterSessionManagerSet(); 83 } 84 85 protected void afterSessionManagerSet() { 86 applyCacheManagerToSessionManager(); 87 applyEventBusToSessionManager(); 88 } 89 90 /** 91 * Returns this security manager's internal delegate {@link SessionManager SessionManager}. 92 * 93 * @return this security manager's internal delegate {@link SessionManager SessionManager}. 94 * @see #setSessionManager(org.apache.shiro.session.mgt.SessionManager) setSessionManager 95 */ 96 public SessionManager getSessionManager() { 97 return this.sessionManager; 98 } 99 100 /** 101 * Calls {@link org.apache.shiro.mgt.AuthorizingSecurityManager#afterCacheManagerSet() super.afterCacheManagerSet()} and then immediately calls 102 * {@link #applyCacheManagerToSessionManager() applyCacheManagerToSessionManager()} to ensure the 103 * <code>CacheManager</code> is applied to the SessionManager as necessary. 104 */ 105 @Override 106 protected void afterCacheManagerSet() { 107 super.afterCacheManagerSet(); 108 applyCacheManagerToSessionManager(); 109 } 110 111 /** 112 * Sets any configured EventBus on the SessionManager if necessary. 113 * 114 * @since 1.3 115 */ 116 @Override 117 protected void afterEventBusSet() { 118 super.afterEventBusSet(); 119 applyEventBusToSessionManager(); 120 } 121 122 /** 123 * Ensures the internal delegate <code>SessionManager</code> is injected with the newly set 124 * {@link #setCacheManager CacheManager} so it may use it for its internal caching needs. 125 * <p/> 126 * Note: This implementation only injects the CacheManager into the SessionManager if the SessionManager 127 * instance implements the {@link CacheManagerAware CacheManagerAware} interface. 128 */ 129 protected void applyCacheManagerToSessionManager() { 130 if (this.sessionManager instanceof CacheManagerAware) { 131 ((CacheManagerAware) this.sessionManager).setCacheManager(getCacheManager()); 132 } 133 } 134 135 /** 136 * Ensures the internal delegate <code>SessionManager</code> is injected with the newly set 137 * {@link #setEventBus EventBus} so it may use it for its internal event needs. 138 * <p/> 139 * Note: This implementation only injects the EventBus into the SessionManager if the SessionManager 140 * instance implements the {@link EventBusAware EventBusAware} interface. 141 * 142 * @since 1.3 143 */ 144 protected void applyEventBusToSessionManager() { 145 EventBus eventBus = getEventBus(); 146 if (eventBus != null && this.sessionManager instanceof EventBusAware) { 147 ((EventBusAware)this.sessionManager).setEventBus(eventBus); 148 } 149 } 150 151 public Session start(SessionContext context) throws AuthorizationException { 152 return this.sessionManager.start(context); 153 } 154 155 public Session getSession(SessionKey key) throws SessionException { 156 return this.sessionManager.getSession(key); 157 } 158 159 public void destroy() { 160 LifecycleUtils.destroy(getSessionManager()); 161 this.sessionManager = null; 162 super.destroy(); 163 } 164 }