use of org.apache.shiro.session.InvalidSessionException in project shiro by apache.
the class AbstractValidatingSessionManager method validateSessions.
/**
* @see ValidatingSessionManager#validateSessions()
*/
public void validateSessions() {
if (log.isInfoEnabled()) {
log.info("Validating all active sessions...");
}
int invalidCount = 0;
Collection<Session> activeSessions = getActiveSessions();
if (activeSessions != null && !activeSessions.isEmpty()) {
for (Session s : activeSessions) {
try {
// simulate a lookup key to satisfy the method signature.
// this could probably stand to be cleaned up in future versions:
SessionKey key = new DefaultSessionKey(s.getId());
validate(s, key);
} catch (InvalidSessionException e) {
if (log.isDebugEnabled()) {
boolean expired = (e instanceof ExpiredSessionException);
String msg = "Invalidated session with id [" + s.getId() + "]" + (expired ? " (expired)" : " (stopped)");
log.debug(msg);
}
invalidCount++;
}
}
}
if (log.isInfoEnabled()) {
String msg = "Finished session validation.";
if (invalidCount > 0) {
msg += " [" + invalidCount + "] sessions were stopped.";
} else {
msg += " No sessions were stopped.";
}
log.info(msg);
}
}
use of org.apache.shiro.session.InvalidSessionException in project shiro by apache.
the class HttpServletSession method touch.
public void touch() throws InvalidSessionException {
// just manipulate the session to update the access time:
try {
httpSession.setAttribute(TOUCH_OBJECT_SESSION_KEY, TOUCH_OBJECT_SESSION_KEY);
httpSession.removeAttribute(TOUCH_OBJECT_SESSION_KEY);
} catch (Exception e) {
throw new InvalidSessionException(e);
}
}
use of org.apache.shiro.session.InvalidSessionException in project shiro by apache.
the class HttpServletSession method removeAttribute.
public Object removeAttribute(Object key) throws InvalidSessionException {
try {
String sKey = assertString(key);
Object removed = httpSession.getAttribute(sKey);
httpSession.removeAttribute(sKey);
return removed;
} catch (Exception e) {
throw new InvalidSessionException(e);
}
}
use of org.apache.shiro.session.InvalidSessionException in project shiro by apache.
the class HttpServletSession method setTimeout.
public void setTimeout(long maxIdleTimeInMillis) throws InvalidSessionException {
try {
int timeout = Long.valueOf(maxIdleTimeInMillis / 1000).intValue();
httpSession.setMaxInactiveInterval(timeout);
} catch (Exception e) {
throw new InvalidSessionException(e);
}
}
use of org.apache.shiro.session.InvalidSessionException in project mica2 by obiba.
the class CurrentSessionResource method deleteSession.
@DELETE
public Response deleteSession() {
// Delete the Shiro session
try {
Session session = SecurityUtils.getSubject().getSession();
Object cookieValue = session.getAttribute(HttpHeaders.SET_COOKIE);
SecurityUtils.getSubject().logout();
if (cookieValue != null) {
NewCookie cookie = NewCookie.valueOf(cookieValue.toString());
if (OBIBA_ID_COOKIE_NAME.equals(cookie.getName())) {
return Response.ok().header(HttpHeaders.SET_COOKIE, new NewCookie(OBIBA_ID_COOKIE_NAME, null, micaConfigService.getContextPath() + "/", cookie.getDomain(), "Obiba session deleted", 0, true, true)).build();
}
}
} catch (InvalidSessionException e) {
// Ignore
}
return Response.ok().build();
}
Aggregations