use of org.apache.shiro.session.mgt.SessionKey in project shiro by apache.
the class DefaultWebSessionManager method createExposedSession.
protected Session createExposedSession(Session session, SessionKey key) {
if (!WebUtils.isWeb(key)) {
return super.createExposedSession(session, key);
}
ServletRequest request = WebUtils.getRequest(key);
ServletResponse response = WebUtils.getResponse(key);
SessionKey sessionKey = new WebSessionKey(session.getId(), request, response);
return new DelegatingSession(this, sessionKey);
}
use of org.apache.shiro.session.mgt.SessionKey in project shiro by apache.
the class SecureRemoteInvocationFactory method createRemoteInvocation.
/**
* Creates a {@link RemoteInvocation} with the current session ID as an
* {@link RemoteInvocation#getAttribute(String) attribute}.
*
* @param mi the method invocation that the remote invocation should be based on.
* @return a remote invocation object containing the current session ID as an attribute.
*/
public RemoteInvocation createRemoteInvocation(MethodInvocation mi) {
Serializable sessionId = null;
String host = null;
boolean sessionManagerMethodInvocation = false;
// If the calling MI is for a remoting SessionManager delegate, we need to acquire the session ID from the method
// argument and NOT interact with SecurityUtils/subject.getSession to avoid a stack overflow
Class miDeclaringClass = mi.getMethod().getDeclaringClass();
if (SessionManager.class.equals(miDeclaringClass) || NativeSessionManager.class.equals(miDeclaringClass)) {
sessionManagerMethodInvocation = true;
// as the first argument, so just get it from there:
if (!mi.getMethod().getName().equals("start")) {
SessionKey key = (SessionKey) mi.getArguments()[0];
sessionId = key.getSessionId();
}
}
// tried the delegate. Use the injected session id if given
if (sessionId == null)
sessionId = this.sessionId;
// If sessionId is null, only then try the Subject:
if (sessionId == null) {
try {
// HACK Check if can get the securityManager - this'll cause an exception if it's not set
SecurityUtils.getSecurityManager();
if (!sessionManagerMethodInvocation) {
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession(false);
if (session != null) {
sessionId = session.getId();
host = session.getHost();
}
}
} catch (Exception e) {
log.trace("No security manager set. Trying next to get session id from system property");
}
}
// as a last result:
if (sessionId == null) {
if (log.isTraceEnabled()) {
log.trace("No Session found for the currently executing subject via subject.getSession(false). " + "Attempting to revert back to the 'shiro.session.id' system property...");
}
sessionId = System.getProperty(SESSION_ID_SYSTEM_PROPERTY_NAME);
if (sessionId == null && log.isTraceEnabled()) {
log.trace("No 'shiro.session.id' system property found. Heuristics have been exhausted; " + "RemoteInvocation will not contain a sessionId.");
}
}
RemoteInvocation ri = new RemoteInvocation(mi);
if (sessionId != null) {
ri.addAttribute(SESSION_ID_KEY, sessionId);
}
if (host != null) {
ri.addAttribute(HOST_KEY, host);
}
return ri;
}
use of org.apache.shiro.session.mgt.SessionKey in project shiro by apache.
the class SecureRemoteInvocationFactoryTest method testSessionManagerProxyNonStartRemoteInvocation.
@Test
public void testSessionManagerProxyNonStartRemoteInvocation() throws Exception {
SecureRemoteInvocationFactory factory = new SecureRemoteInvocationFactory();
MethodInvocation mi = createMock(MethodInvocation.class);
Method method = getMethod("getSession", SessionManager.class);
expect(mi.getMethod()).andReturn(method).anyTimes();
String dummySessionId = UUID.randomUUID().toString();
SessionKey sessionKey = new DefaultSessionKey(dummySessionId);
Object[] args = { sessionKey };
expect(mi.getArguments()).andReturn(args).anyTimes();
replay(mi);
RemoteInvocation ri = factory.createRemoteInvocation(mi);
verify(mi);
assertEquals(dummySessionId, ri.getAttribute(SecureRemoteInvocationFactory.SESSION_ID_KEY));
}
use of org.apache.shiro.session.mgt.SessionKey in project shiro by apache.
the class DefaultWebSessionManager method createExposedSession.
protected Session createExposedSession(Session session, SessionContext context) {
if (!WebUtils.isWeb(context)) {
return super.createExposedSession(session, context);
}
ServletRequest request = WebUtils.getRequest(context);
ServletResponse response = WebUtils.getResponse(context);
SessionKey key = new WebSessionKey(session.getId(), request, response);
return new DelegatingSession(this, key);
}
Aggregations