Examples with SessionManager org.apache.shiro.session.mgt.SessionManager used on opensource projects
Example 1 with SessionManager
use of org.apache.shiro.session.mgt.SessionManager in project shiro by apache.
the class DefaultWebSecurityManager method setSessionMode.
/**
* @param sessionMode
* @deprecated since 1.2
*/
@Deprecated
public void setSessionMode(String sessionMode) {
log.warn("The 'sessionMode' property has been deprecated. Please configure an appropriate WebSessionManager " + "instance instead of using this property. This property/method will be removed in a later version.");
String mode = sessionMode;
if (mode == null) {
throw new IllegalArgumentException("sessionMode argument cannot be null.");
}
mode = sessionMode.toLowerCase();
if (!HTTP_SESSION_MODE.equals(mode) && !NATIVE_SESSION_MODE.equals(mode)) {
String msg = "Invalid sessionMode [" + sessionMode + "]. Allowed values are " + "public static final String constants in the " + getClass().getName() + " class: '" + HTTP_SESSION_MODE + "' or '" + NATIVE_SESSION_MODE + "', with '" + HTTP_SESSION_MODE + "' being the default.";
throw new IllegalArgumentException(msg);
}
boolean recreate = this.sessionMode == null || !this.sessionMode.equals(mode);
this.sessionMode = mode;
if (recreate) {
LifecycleUtils.destroy(getSessionManager());
SessionManager sessionManager = createSessionManager(mode);
this.setInternalSessionManager(sessionManager);
}
}
Also used :
SessionManager(org.apache.shiro.session.mgt.SessionManager)
Example 2 with SessionManager
use of org.apache.shiro.session.mgt.SessionManager in project shiro by apache.
the class SecureRemoteInvocationFactory method createRemoteInvocation.
/**
* Creates a {@link RemoteInvocation} with the current session ID as an
* {@link RemoteInvocation#getAttribute(String) attribute}.
*
* @param mi the method invocation that the remote invocation should be based on.
* @return a remote invocation object containing the current session ID as an attribute.
*/
public RemoteInvocation createRemoteInvocation(MethodInvocation mi) {
Serializable sessionId = null;
String host = null;
boolean sessionManagerMethodInvocation = false;
// If the calling MI is for a remoting SessionManager delegate, we need to acquire the session ID from the method
// argument and NOT interact with SecurityUtils/subject.getSession to avoid a stack overflow
Class miDeclaringClass = mi.getMethod().getDeclaringClass();
if (SessionManager.class.equals(miDeclaringClass) || NativeSessionManager.class.equals(miDeclaringClass)) {
sessionManagerMethodInvocation = true;
// as the first argument, so just get it from there:
if (!mi.getMethod().getName().equals("start")) {
SessionKey key = (SessionKey) mi.getArguments()[0];
sessionId = key.getSessionId();
}
}
// tried the delegate. Use the injected session id if given
if (sessionId == null)
sessionId = this.sessionId;
// If sessionId is null, only then try the Subject:
if (sessionId == null) {
try {
// HACK Check if can get the securityManager - this'll cause an exception if it's not set
SecurityUtils.getSecurityManager();
if (!sessionManagerMethodInvocation) {
Subject subject = SecurityUtils.getSubject();
Session session = subject.getSession(false);
if (session != null) {
sessionId = session.getId();
host = session.getHost();
}
}
} catch (Exception e) {
log.trace("No security manager set. Trying next to get session id from system property");
}
}
// as a last result:
if (sessionId == null) {
if (log.isTraceEnabled()) {
log.trace("No Session found for the currently executing subject via subject.getSession(false). " + "Attempting to revert back to the 'shiro.session.id' system property...");
}
sessionId = System.getProperty(SESSION_ID_SYSTEM_PROPERTY_NAME);
if (sessionId == null && log.isTraceEnabled()) {
log.trace("No 'shiro.session.id' system property found. Heuristics have been exhausted; " + "RemoteInvocation will not contain a sessionId.");
}
}
RemoteInvocation ri = new RemoteInvocation(mi);
if (sessionId != null) {
ri.addAttribute(SESSION_ID_KEY, sessionId);
}
if (host != null) {
ri.addAttribute(HOST_KEY, host);
}
return ri;
}
Also used :
RemoteInvocation(org.springframework.remoting.support.RemoteInvocation)
Serializable(java.io.Serializable)
NativeSessionManager(org.apache.shiro.session.mgt.NativeSessionManager)
SessionManager(org.apache.shiro.session.mgt.SessionManager)
SessionKey(org.apache.shiro.session.mgt.SessionKey)
NativeSessionManager(org.apache.shiro.session.mgt.NativeSessionManager)
Subject(org.apache.shiro.subject.Subject)
Session(org.apache.shiro.session.Session)
Example 3 with SessionManager
use of org.apache.shiro.session.mgt.SessionManager in project geode by apache.
the class IntegratedSecurityService method increaseShiroGlobalSessionTimeout.
private void increaseShiroGlobalSessionTimeout(final DefaultSecurityManager shiroManager) {
SessionManager sessionManager = shiroManager.getSessionManager();
if (DefaultSessionManager.class.isInstance(sessionManager)) {
DefaultSessionManager defaultSessionManager = (DefaultSessionManager) sessionManager;
defaultSessionManager.setGlobalSessionTimeout(Long.MAX_VALUE);
long value = defaultSessionManager.getGlobalSessionTimeout();
if (value != Long.MAX_VALUE) {
logger.error("Unable to set Shiro Global Session Timeout. Current value is '{}'.", value);
}
} else {
logger.error("Unable to set Shiro Global Session Timeout. Current SessionManager is '{}'.", sessionManager == null ? "null" : sessionManager.getClass());
}
}
Also used :
DefaultSessionManager(org.apache.shiro.session.mgt.DefaultSessionManager)
SessionManager(org.apache.shiro.session.mgt.SessionManager)
DefaultSessionManager(org.apache.shiro.session.mgt.DefaultSessionManager)
Example 4 with SessionManager
use of org.apache.shiro.session.mgt.SessionManager in project shiro by apache.
the class ShiroWebModuleTest method basicInstantiation.
@Test
public void basicInstantiation() {
final ShiroModuleTest.MockRealm mockRealm = createMock(ShiroModuleTest.MockRealm.class);
ServletContext servletContext = createMock(ServletContext.class);
Injector injector = Guice.createInjector(new ShiroWebModule(servletContext) {
@Override
protected void configureShiroWeb() {
bindRealm().to(ShiroModuleTest.MockRealm.class);
expose(SessionManager.class);
}
@Provides
public ShiroModuleTest.MockRealm createRealm() {
return mockRealm;
}
});
// we're not getting a WebSecurityManager here b/c it's not exposed. There didn't seem to be a good reason to
// expose it outside of the Shiro module.
SecurityManager securityManager = injector.getInstance(SecurityManager.class);
assertNotNull(securityManager);
assertTrue(securityManager instanceof WebSecurityManager);
SessionManager sessionManager = injector.getInstance(SessionManager.class);
assertNotNull(sessionManager);
assertTrue(sessionManager instanceof ServletContainerSessionManager);
assertTrue(((DefaultWebSecurityManager) securityManager).getSessionManager() instanceof ServletContainerSessionManager);
}
Also used :
WebSecurityManager(org.apache.shiro.web.mgt.WebSecurityManager)
DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager)
WebSecurityManager(org.apache.shiro.web.mgt.WebSecurityManager)
SecurityManager(org.apache.shiro.mgt.SecurityManager)
DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager)
DefaultWebSessionManager(org.apache.shiro.web.session.mgt.DefaultWebSessionManager)
ServletContainerSessionManager(org.apache.shiro.web.session.mgt.ServletContainerSessionManager)
SessionManager(org.apache.shiro.session.mgt.SessionManager)
DefaultWebSecurityManager(org.apache.shiro.web.mgt.DefaultWebSecurityManager)
Provides(com.google.inject.Provides)
ServletContainerSessionManager(org.apache.shiro.web.session.mgt.ServletContainerSessionManager)
Injector(com.google.inject.Injector)
ServletContext(javax.servlet.ServletContext)
ShiroModuleTest(org.apache.shiro.guice.ShiroModuleTest)
Test(org.junit.Test)
ShiroModuleTest(org.apache.shiro.guice.ShiroModuleTest)
Example 5 with SessionManager
use of org.apache.shiro.session.mgt.SessionManager in project shiro by apache.
the class ShiroModuleTest method testBindSessionManager.
@Test
public void testBindSessionManager() {
final MockRealm mockRealm = createMock(MockRealm.class);
Injector injector = Guice.createInjector(new ShiroModule() {
@Override
protected void configureShiro() {
bindRealm().to(MockRealm.class);
}
@Provides
public MockRealm createRealm() {
return mockRealm;
}
@Override
protected void bindSessionManager(AnnotatedBindingBuilder<SessionManager> bind) {
bind.to(MyDefaultSessionManager.class);
}
});
DefaultSecurityManager securityManager = (DefaultSecurityManager) injector.getInstance(SecurityManager.class);
assertNotNull(securityManager);
assertNotNull(securityManager.getSessionManager());
assertTrue(securityManager.getSessionManager() instanceof MyDefaultSessionManager);
}
Also used :
SecurityManager(org.apache.shiro.mgt.SecurityManager)
DefaultSecurityManager(org.apache.shiro.mgt.DefaultSecurityManager)
Injector(com.google.inject.Injector)
DefaultSessionManager(org.apache.shiro.session.mgt.DefaultSessionManager)
SessionManager(org.apache.shiro.session.mgt.SessionManager)
Provides(com.google.inject.Provides)
DefaultSecurityManager(org.apache.shiro.mgt.DefaultSecurityManager)
Test(org.junit.Test)
Aggregations
SessionManager (org.apache.shiro.session.mgt.SessionManager)5
Injector (com.google.inject.Injector)2
Provides (com.google.inject.Provides)2
SecurityManager (org.apache.shiro.mgt.SecurityManager)2
DefaultSessionManager (org.apache.shiro.session.mgt.DefaultSessionManager)2
Test (org.junit.Test)2
Serializable (java.io.Serializable)1
ServletContext (javax.servlet.ServletContext)1
ShiroModuleTest (org.apache.shiro.guice.ShiroModuleTest)1
DefaultSecurityManager (org.apache.shiro.mgt.DefaultSecurityManager)1
Session (org.apache.shiro.session.Session)1
NativeSessionManager (org.apache.shiro.session.mgt.NativeSessionManager)1
SessionKey (org.apache.shiro.session.mgt.SessionKey)1
Subject (org.apache.shiro.subject.Subject)1
DefaultWebSecurityManager (org.apache.shiro.web.mgt.DefaultWebSecurityManager)1
WebSecurityManager (org.apache.shiro.web.mgt.WebSecurityManager)1
DefaultWebSessionManager (org.apache.shiro.web.session.mgt.DefaultWebSessionManager)1
ServletContainerSessionManager (org.apache.shiro.web.session.mgt.ServletContainerSessionManager)1
RemoteInvocation (org.springframework.remoting.support.RemoteInvocation)1
