public class ServletContainerSessionManager extends Object implements WebSessionManager
Session
implementations that are merely wrappers for the
Servlet container's HttpSession
.
Despite its name, this implementation does not itself manage Sessions since the Servlet container
provides the actual management support. This class mainly exists to 'impersonate' a regular Shiro
SessionManager
so it can be pluggable into a normal Shiro configuration in a pure web application.
Note that because this implementation relies on the HttpSession
, it is only functional in a
servlet container - it is not capable of supporting Sessions for any clients other than those using the HTTP
protocol.
Therefore, if you need Session
support for heterogeneous clients (e.g. web browsers,
RMI clients, etc), use the DefaultWebSessionManager
instead. The DefaultWebSessionManager
supports both traditional web-based access as well as non web-based
clients.DefaultWebSessionManager
Constructor and Description |
---|
ServletContainerSessionManager() |
Modifier and Type | Method and Description |
---|---|
protected Session |
createSession(HttpSession httpSession,
String host) |
protected Session |
createSession(SessionContext sessionContext) |
Session |
getSession(SessionKey key)
Retrieves the session corresponding to the specified contextual data (such as a session ID if applicable), or
null if no Session could be found. |
boolean |
isServletContainerSessions()
This implementation always delegates to the servlet container for sessions, so this method returns
true always. |
Session |
start(SessionContext context)
Starts a new session based on the specified contextual initialization data, which can be used by the underlying
implementation to determine how exactly to create the internal Session instance.
|
public ServletContainerSessionManager()
public Session start(SessionContext context) throws AuthorizationException
SessionManager
SessionFactory
which could use the context to construct the internal Session
instance in a specific manner. This allows pluggable Session
creation
logic by simply injecting a SessionFactory
into the SessionManager
instance.start
in interface SessionManager
context
- the contextual initialization data that can be used by the implementation or underlying
SessionFactory
when instantiating the internal Session
instance.AuthorizationException
SessionFactory.createSession(SessionContext)
public Session getSession(SessionKey key) throws SessionException
SessionManager
null
if no Session could be found. If a session is found but invalid (stopped or expired), a
SessionException
will be thrown.getSession
in interface SessionManager
key
- the Session key to use to look-up the SessionSession
instance corresponding to the given lookup key or null
if no session
could be acquired.SessionException
- if a session was found but it was invalid (stopped/expired).protected Session createSession(SessionContext sessionContext) throws AuthorizationException
AuthorizationException
protected Session createSession(HttpSession httpSession, String host)
public boolean isServletContainerSessions()
true
always.isServletContainerSessions
in interface WebSessionManager
true
alwaysCopyright © 2004–2020 The Apache Software Foundation. All rights reserved.