org.apache.shiro.session.mgt

Class DefaultSessionManager

java.lang.Object

org.apache.shiro.session.mgt.AbstractSessionManager

org.apache.shiro.session.mgt.AbstractNativeSessionManager

org.apache.shiro.session.mgt.AbstractValidatingSessionManager

org.apache.shiro.session.mgt.DefaultSessionManager

All Implemented Interfaces:

CacheManagerAware, EventBusAware, NativeSessionManager, SessionManager, ValidatingSessionManager, Destroyable

public class DefaultSessionManager
extends AbstractValidatingSessionManager
implements CacheManagerAware

Default business-tier implementation of a ValidatingSessionManager. All session CRUD operations are delegated to an internal SessionDAO.

Since:

0.1

Field Summary

Fields

Modifier and Type	Field and Description
protected SessionDAO	sessionDAO

Fields inherited from class org.apache.shiro.session.mgt.AbstractValidatingSessionManager

DEFAULT_SESSION_VALIDATION_INTERVAL, sessionValidationInterval, sessionValidationScheduler, sessionValidationSchedulerEnabled

Fields inherited from class org.apache.shiro.session.mgt.AbstractSessionManager

DEFAULT_GLOBAL_SESSION_TIMEOUT, MILLIS_PER_HOUR, MILLIS_PER_MINUTE, MILLIS_PER_SECOND

Constructor Summary

Constructors

Constructor and Description
DefaultSessionManager()

Method Summary

Modifier and Type	Method and Description
protected void	afterExpired(Session session)
protected void	afterStopped(Session session)
protected void	create(Session session) Persists the given session instance to an underlying EIS (Enterprise Information System).
protected void	delete(Session session)
protected Session	doCreateSession(SessionContext context)
protected Collection<Session>	getActiveSessions()
SessionDAO	getSessionDAO()
SessionFactory	getSessionFactory() Returns the SessionFactory used to generate new Session instances.
protected Serializable	getSessionId(SessionKey sessionKey)
boolean	isDeleteInvalidSessions() Returns true if sessions should be automatically deleted after they are discovered to be invalid, false if invalid sessions will be manually deleted by some process external to Shiro's control.
protected Session	newSessionInstance(SessionContext context)
protected void	onChange(Session session)
protected void	onExpiration(Session session)
protected void	onStop(Session session)
protected Session	retrieveSession(SessionKey sessionKey) Looks up a session from the underlying data store based on the specified session key.
protected Session	retrieveSessionFromDataSource(Serializable sessionId)
void	setCacheManager(CacheManager cacheManager) Sets the available CacheManager instance on this component.
void	setDeleteInvalidSessions(boolean deleteInvalidSessions) Sets whether or not sessions should be automatically deleted after they are discovered to be invalid.
void	setSessionDAO(SessionDAO sessionDAO)
void	setSessionFactory(SessionFactory sessionFactory) Sets the SessionFactory used to generate new Session instances.

Methods inherited from class org.apache.shiro.session.mgt.AbstractValidatingSessionManager

afterSessionValidationEnabled, beforeSessionValidationDisabled, createSession, createSessionValidationScheduler, destroy, disableSessionValidation, doGetSession, doValidate, enableSessionValidation, getSessionValidationInterval, getSessionValidationScheduler, getTimeout, isSessionValidationSchedulerEnabled, onExpiration, onInvalidation, setSessionValidationInterval, setSessionValidationScheduler, setSessionValidationSchedulerEnabled, validate, validateSessions

Methods inherited from class org.apache.shiro.session.mgt.AbstractNativeSessionManager

applyGlobalSessionTimeout, beforeInvalidNotification, checkValid, createExposedSession, createExposedSession, getAttribute, getAttributeKeys, getEventBus, getHost, getLastAccessTime, getSession, getSessionListeners, getStartTimestamp, getTimeout, isValid, notifyExpiration, notifyStart, notifyStop, onStart, onStop, publishEvent, removeAttribute, setAttribute, setEventBus, setSessionListeners, setTimeout, start, stop, touch

Methods inherited from class org.apache.shiro.session.mgt.AbstractSessionManager

getGlobalSessionTimeout, setGlobalSessionTimeout

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.shiro.session.mgt.SessionManager

getSession, start

Field Detail

sessionDAO

protected SessionDAO sessionDAO

Constructor Detail

DefaultSessionManager

public DefaultSessionManager()

Method Detail

setSessionDAO

public void setSessionDAO(SessionDAO sessionDAO)

getSessionDAO

public SessionDAO getSessionDAO()

getSessionFactory

public SessionFactory getSessionFactory()

Returns the SessionFactory used to generate new Session instances. The default instance is a SimpleSessionFactory.

Returns:

the SessionFactory used to generate new Session instances.

Since:

1.0

setSessionFactory

public void setSessionFactory(SessionFactory sessionFactory)

Sets the SessionFactory used to generate new Session instances. The default instance is a SimpleSessionFactory.

Parameters:

sessionFactory - the SessionFactory used to generate new Session instances.

Since:

1.0

isDeleteInvalidSessions

public boolean isDeleteInvalidSessions()

Returns true if sessions should be automatically deleted after they are discovered to be invalid, false if invalid sessions will be manually deleted by some process external to Shiro's control. The default is true to ensure no orphans exist in the underlying data store.

Usage

It is ok to set this to false ONLY if you have some other process that you manage yourself that periodically deletes invalid sessions from the backing data store over time, such as via a Quartz or Cron job. If you do not do this, the invalid sessions will become 'orphans' and fill up the data store over time.

This property is provided because some systems need the ability to perform querying/reporting against sessions in the data store, even after they have stopped or expired. Setting this attribute to false will allow such querying, but with the caveat that the application developer/configurer deletes the sessions themselves by some other means (cron, quartz, etc).

Returns:

true if sessions should be automatically deleted after they are discovered to be invalid, false if invalid sessions will be manually deleted by some process external to Shiro's control.

Since:

1.0

setDeleteInvalidSessions

public void setDeleteInvalidSessions(boolean deleteInvalidSessions)

Sets whether or not sessions should be automatically deleted after they are discovered to be invalid. Default value is true to ensure no orphans will exist in the underlying data store.

WARNING

Only set this value to false if you are manually going to delete sessions yourself by some process (quartz, cron, etc) external to Shiro's control. See the isDeleteInvalidSessions() JavaDoc for more.

Parameters:

deleteInvalidSessions - whether or not sessions should be automatically deleted after they are discovered to be invalid.

Since:

1.0

setCacheManager

public void setCacheManager(CacheManager cacheManager)

Description copied from interface: CacheManagerAware

Sets the available CacheManager instance on this component.

Specified by:

setCacheManager in interface CacheManagerAware

Parameters:

cacheManager - the CacheManager instance to set on this component.

doCreateSession

protected Session doCreateSession(SessionContext context)

Specified by:

doCreateSession in class AbstractValidatingSessionManager

newSessionInstance

protected Session newSessionInstance(SessionContext context)

create

protected void create(Session session)

Persists the given session instance to an underlying EIS (Enterprise Information System). This implementation delegates and calls this.sessionDAO.create(session);

Parameters:

session - the Session instance to persist to the underlying EIS.

onStop

protected void onStop(Session session)

Overrides:

onStop in class AbstractNativeSessionManager

afterStopped

protected void afterStopped(Session session)

Overrides:

afterStopped in class AbstractNativeSessionManager

onExpiration

protected void onExpiration(Session session)

Overrides:

onExpiration in class AbstractValidatingSessionManager

afterExpired

protected void afterExpired(Session session)

Overrides:

afterExpired in class AbstractValidatingSessionManager

onChange

protected void onChange(Session session)

Overrides:

onChange in class AbstractNativeSessionManager

retrieveSession

protected Session retrieveSession(SessionKey sessionKey)
                           throws UnknownSessionException

Description copied from class: AbstractValidatingSessionManager

Looks up a session from the underlying data store based on the specified session key.

Specified by:

retrieveSession in class AbstractValidatingSessionManager

Parameters:

sessionKey - the session key to use to look up the target session.

Returns:

the session identified by sessionId.

Throws:

UnknownSessionException - if there is no session identified by sessionId.

getSessionId

protected Serializable getSessionId(SessionKey sessionKey)

retrieveSessionFromDataSource

protected Session retrieveSessionFromDataSource(Serializable sessionId)
                                         throws UnknownSessionException

Throws:

UnknownSessionException

delete

protected void delete(Session session)

getActiveSessions

protected Collection<Session> getActiveSessions()

Specified by:

getActiveSessions in class AbstractValidatingSessionManager