Examples with SessionKey org.apache.shiro.session.mgt.SessionKey used on opensource projects

Example 1 with SessionKey

use of org.apache.shiro.session.mgt.SessionKey in project shiro by apache.

the class DefaultWebSessionManager method createExposedSession.

protected Session createExposedSession(Session session, SessionKey key) {
    if (!WebUtils.isWeb(key)) {
        return super.createExposedSession(session, key);
    }
    ServletRequest request = WebUtils.getRequest(key);
    ServletResponse response = WebUtils.getResponse(key);
    SessionKey sessionKey = new WebSessionKey(session.getId(), request, response);
    return new DelegatingSession(this, sessionKey);
}

Example 2 with SessionKey

use of org.apache.shiro.session.mgt.SessionKey in project shiro by apache.

the class SecureRemoteInvocationFactory method createRemoteInvocation.

/**
 * Creates a {@link RemoteInvocation} with the current session ID as an
 * {@link RemoteInvocation#getAttribute(String) attribute}.
 *
 * @param mi the method invocation that the remote invocation should be based on.
 * @return a remote invocation object containing the current session ID as an attribute.
 */
public RemoteInvocation createRemoteInvocation(MethodInvocation mi) {
    Serializable sessionId = null;
    String host = null;
    boolean sessionManagerMethodInvocation = false;
    // If the calling MI is for a remoting SessionManager delegate, we need to acquire the session ID from the method
    // argument and NOT interact with SecurityUtils/subject.getSession to avoid a stack overflow
    Class miDeclaringClass = mi.getMethod().getDeclaringClass();
    if (SessionManager.class.equals(miDeclaringClass) || NativeSessionManager.class.equals(miDeclaringClass)) {
        sessionManagerMethodInvocation = true;
        // as the first argument, so just get it from there:
        if (!mi.getMethod().getName().equals("start")) {
            SessionKey key = (SessionKey) mi.getArguments()[0];
            sessionId = key.getSessionId();
        }
    }
    // tried the delegate. Use the injected session id if given
    if (sessionId == null)
        sessionId = this.sessionId;
    // If sessionId is null, only then try the Subject:
    if (sessionId == null) {
        try {
            // HACK Check if can get the securityManager - this'll cause an exception if it's not set
            SecurityUtils.getSecurityManager();
            if (!sessionManagerMethodInvocation) {
                Subject subject = SecurityUtils.getSubject();
                Session session = subject.getSession(false);
                if (session != null) {
                    sessionId = session.getId();
                    host = session.getHost();
                }
            }
        } catch (Exception e) {
            log.trace("No security manager set. Trying next to get session id from system property");
        }
    }
    // as a last result:
    if (sessionId == null) {
        if (log.isTraceEnabled()) {
            log.trace("No Session found for the currently executing subject via subject.getSession(false).  " + "Attempting to revert back to the 'shiro.session.id' system property...");
        }
        sessionId = System.getProperty(SESSION_ID_SYSTEM_PROPERTY_NAME);
        if (sessionId == null && log.isTraceEnabled()) {
            log.trace("No 'shiro.session.id' system property found.  Heuristics have been exhausted; " + "RemoteInvocation will not contain a sessionId.");
        }
    }
    RemoteInvocation ri = new RemoteInvocation(mi);
    if (sessionId != null) {
        ri.addAttribute(SESSION_ID_KEY, sessionId);
    }
    if (host != null) {
        ri.addAttribute(HOST_KEY, host);
    }
    return ri;
}

Example 3 with SessionKey

use of org.apache.shiro.session.mgt.SessionKey in project shiro by apache.

the class SecureRemoteInvocationFactoryTest method testSessionManagerProxyNonStartRemoteInvocation.

@Test
public void testSessionManagerProxyNonStartRemoteInvocation() throws Exception {
    SecureRemoteInvocationFactory factory = new SecureRemoteInvocationFactory();
    MethodInvocation mi = createMock(MethodInvocation.class);
    Method method = getMethod("getSession", SessionManager.class);
    expect(mi.getMethod()).andReturn(method).anyTimes();
    String dummySessionId = UUID.randomUUID().toString();
    SessionKey sessionKey = new DefaultSessionKey(dummySessionId);
    Object[] args = { sessionKey };
    expect(mi.getArguments()).andReturn(args).anyTimes();
    replay(mi);
    RemoteInvocation ri = factory.createRemoteInvocation(mi);
    verify(mi);
    assertEquals(dummySessionId, ri.getAttribute(SecureRemoteInvocationFactory.SESSION_ID_KEY));
}

Example 4 with SessionKey

use of org.apache.shiro.session.mgt.SessionKey in project shiro by apache.

the class DefaultWebSessionManager method createExposedSession.

protected Session createExposedSession(Session session, SessionContext context) {
    if (!WebUtils.isWeb(context)) {
        return super.createExposedSession(session, context);
    }
    ServletRequest request = WebUtils.getRequest(context);
    ServletResponse response = WebUtils.getResponse(context);
    SessionKey key = new WebSessionKey(session.getId(), request, response);
    return new DelegatingSession(this, key);
}