shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r795246 - in /incubator/shiro/trunk: core/src/main/java/org/apache/shiro/mgt/ core/src/main/java/org/apache/shiro/session/ core/src/main/java/org/apache/shiro/session/mgt/ core/src/test/java/org/apache/shiro/mgt/ samples/spring-hibernate/sr...
Date Fri, 17 Jul 2009 22:03:42 GMT
Author: lhazlewood
Date: Fri Jul 17 22:03:42 2009
New Revision: 795246

URL: http://svn.apache.org/viewvc?rev=795246&view=rev
Log:
Added DelegatingWebSecurityManager and supporting components.  Cleaned up some JavaDoc

Added:
    incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/DelegatingWebSecurityManager.java
    incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/session/DelegatingWebSessionManager.java
Modified:
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/Session.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/SessionListenerRegistrar.java
    incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractSessionManager.java
    incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java
    incubator/shiro/trunk/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml
    incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml
    incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/DefaultWebSecurityManager.java
    incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java?rev=795246&r1=795245&r2=795246&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/mgt/SessionsSecurityManager.java
Fri Jul 17 22:03:42 2009
@@ -188,7 +188,7 @@
                     "The current SessionManager is of type [" + this.sessionManager.getClass().getName()
+ "].  " +
                     "This might occur for example if you're trying to set the validation
interval or auto session " +
                     "creation in a servlet container-backed session environment ('http' session
mode).  If that is " +
-                    "the case however, that property is only useful when using 'shiro' session
mode and using " +
+                    "the case however, that property is only useful when using 'native' session
mode and using " +
                     "Shiro enterprise sessions which do not rely on a servlet container.";
             throw new IllegalStateException(msg);
         }

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/Session.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/Session.java?rev=795246&r1=795245&r2=795246&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/Session.java (original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/Session.java Fri Jul
17 22:03:42 2009
@@ -24,7 +24,7 @@
 import java.util.Date;
 
 /**
- * A {@code Session} is a stateful data context associated with a single Subject (user, 3rd
party process,
+ * A {@code Session} is a stateful data context associated with a single Subject (user, daemon
process,
  * etc) who interacts with a software system over a period of time.
  * <p/>
  * A {@code Session} is intended to be managed by the business tier and accessible via other

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/SessionListenerRegistrar.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/SessionListenerRegistrar.java?rev=795246&r1=795245&r2=795246&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/SessionListenerRegistrar.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/SessionListenerRegistrar.java
Fri Jul 17 22:03:42 2009
@@ -21,13 +21,12 @@
 import java.util.Collection;
 
 /**
- * A <code>SessionListenerRegistrar</code> is a component that is capable of
registering interested
- * {@link SessionListener SessionListener}s that wish to be notified during
- * {@link Session Session} lifecycle events.
+ * A {@code SessionListenerRegistrar} is a component that is capable of registering interested
+ * {@link SessionListener SessionListener}s that wish to be notified during {@link Session
Session} lifecycle events.
  * <p/>
- * This interface only guarantees that registered listeners will be notified during a <code>Session</code>'s
- * lifecycle.  How that notification occurs is implementation specific (e.g. iteration over
a collection of
- * listeners, JMS, etc.).
+ * This interface only specifies that registered listeners will be notified during a {@code
Session}'s
+ * lifecycle.  How that notification occurs is implementation specific (e.g. synchronous
iteration over a collection of
+ * listeners, or asynchronous JMS, etc.).
  *
  * @author Les Hazlewood
  * @since 0.9
@@ -35,24 +34,26 @@
 public interface SessionListenerRegistrar {
 
     /**
-     * Sets the <code>SessionListener</code>(s) that wish to be notified during
<code>Session</code> lifecycles.
+     * Sets the {@code SessionListener}(s) that wish to be notified during {@code Session}
lifecycle events.
      *
-     * @param listeners one or more <code>SessionListener</code>s that should
be notified during
-     * <code>Session</code> lifecycles.
+     * @param listeners one or more {@code SessionListener}s that should be notified during
{@code Session} lifecycle events.
      */
     void setSessionListeners(Collection<SessionListener> listeners);
 
     /**
-     * Registeres a single <code>listener</code> that wishes to be notified during
<code>Session</code> lifecycles.
-     * @param listener the single <code>listener</code> that wishes to be notified
during <code>Session</code> lifecycles.
+     * Registers a single {@code listener} that wishes to be notified during {@code Session}
lifecycle events.
+     *
+     * @param listener the single {@code listener} that wishes to be notified during {@code
Session} lifecycle events.
      */
     void add(SessionListener listener);
 
     /**
-     * Removes a single <code>listener</code> that no longer wishes to be notified
during <code>Session</code> lifecycles.
-     * @param listener the single <code>listener</code> that no longer wishes
to be notified during <code>Session</code> lifecycles.
-     * @return <code>true</code> if the listener was removed (i.e. it was previously
registered), or <code>false</code>
-     * if the listener was not removed (i.e. it wasn't registered yet, effectively a no-op).
+     * Removes a single {@code listener} that no longer wishes to be notified during {@code
Session} lifecycle events.
+     *
+     * @param listener the single {@code listener} that no longer wishes to be notified during
{@code Session} lifecycle
+     *                 events.
+     * @return {@code true} if the listener was removed (i.e. it was previously registered),
or {@code false}
+     *         if the listener was not removed (i.e. it wasn't registered yet, effectively
a no-op).
      */
     boolean remove(SessionListener listener);
 }

Modified: incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractSessionManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractSessionManager.java?rev=795246&r1=795245&r2=795246&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractSessionManager.java
(original)
+++ incubator/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/AbstractSessionManager.java
Fri Jul 17 22:03:42 2009
@@ -120,21 +120,27 @@
 
 
     /**
-     * Returns the session instance to use to pass to registered <code>SessionListener</code>s
for notification
+     * Returns the session instance to use to pass to registered {@code SessionListener}s
for notification
      * that the session has been invalidated (stopped or expired).
      * <p/>
-     * The default implementation returns an
-     * {@link ImmutableProxiedSession ImmutableProxiedSession} instance to ensure
-     * that the specified <code>session</code> argument is not modified by any
listeners.
+     * The default implementation returns an {@link ImmutableProxiedSession ImmutableProxiedSession}
instance to ensure
+     * that the specified {@code session} argument is not modified by any listeners.
      *
-     * @param session the <code>Session</code> object being invalidated.
-     * @return the <code>Session</code> instance to use to pass to registered
<code>SessionListener</code>s for
-     *         notification.
+     * @param session the {@code Session} object being invalidated.
+     * @return the {@code Session} instance to use to pass to registered {@code SessionListener}s
for notification.
      */
     protected Session beforeInvalidNotification(Session session) {
         return new ImmutableProxiedSession(session);
     }
 
+    /**
+     * Notifies any interested {@link SessionListener}s that a Session has started.  This
method is invoked
+     * <em>after</em> the {@link #onStart(org.apache.shiro.session.Session)}
method is called.
+     *
+     * @param session the session that has just started that will be delivered to any
+     * {@link #setSessionListeners(java.util.Collection) registered} session listeners.
+     * @see SessionListener#onStart(org.apache.shiro.session.Session)
+     */
     protected void notifyStart(Session session) {
         for (SessionListener listener : this.listeners) {
             listener.onStart(session);

Modified: incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java?rev=795246&r1=795245&r2=795246&view=diff
==============================================================================
--- incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java
(original)
+++ incubator/shiro/trunk/core/src/test/java/org/apache/shiro/mgt/DefaultSecurityManagerTest.java
Fri Jul 17 22:03:42 2009
@@ -18,13 +18,6 @@
  */
 package org.apache.shiro.mgt;
 
-import java.io.Serializable;
-
-import org.junit.After;
-import static org.junit.Assert.*;
-import org.junit.Before;
-import org.junit.Test;
-
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.UsernamePasswordToken;
@@ -33,6 +26,12 @@
 import org.apache.shiro.session.mgt.AbstractValidatingSessionManager;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.util.ThreadContext;
+import org.junit.After;
+import static org.junit.Assert.*;
+import org.junit.Before;
+import org.junit.Test;
+
+import java.io.Serializable;
 
 
 /**
@@ -92,7 +91,7 @@
         String key = "foo";
         String value1 = "bar";
         session.setAttribute(key, value1);
-        assertEquals(value1, session.getAttribute(key) );
+        assertEquals(value1, session.getAttribute(key));
 
         //now test auto creation:
         session.setTimeout(100);
@@ -136,13 +135,13 @@
         assertNull(subject.getPrincipal());
         assertNull(subject.getPrincipals());
 
-        subject.login( new UsernamePasswordToken("lonestarr", "vespa") );
+        subject.login(new UsernamePasswordToken("lonestarr", "vespa"));
         assertTrue(subject.isAuthenticated());
         assertTrue("lonestarr".equals(subject.getPrincipal()));
-        assertTrue(subject.hasRole("goodguy") );
+        assertTrue(subject.hasRole("goodguy"));
 
-        assertNotNull( subject.getSession() );
-        assertFalse( firstSessionId.equals(subject.getSession().getId() ) );
+        assertNotNull(subject.getSession());
+        assertFalse(firstSessionId.equals(subject.getSession().getId()));
 
         subject.logout();
 

Modified: incubator/shiro/trunk/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml?rev=795246&r1=795245&r2=795246&view=diff
==============================================================================
--- incubator/shiro/trunk/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml
(original)
+++ incubator/shiro/trunk/samples/spring-hibernate/src/main/webapp/WEB-INF/applicationContext.xml
Fri Jul 17 22:03:42 2009
@@ -94,7 +94,7 @@
         <!-- Uncomment this next property if you want heterogenous session access or clusterable/distributable
              sessions.  The default value is 'http' which uses the Servlet container's HttpSession
as the underlying
              Session implementation.
-        <property name="sessionMode" value="shiro"/> -->
+        <property name="sessionMode" value="native"/> -->
     </bean>
 
 

Modified: incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml?rev=795246&r1=795245&r2=795246&view=diff
==============================================================================
--- incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml (original)
+++ incubator/shiro/trunk/samples/spring/src/main/webapp/WEB-INF/applicationContext.xml Fri
Jul 17 22:03:42 2009
@@ -43,7 +43,7 @@
     <bean id="securityManager" class="org.apache.shiro.web.DefaultWebSecurityManager">
         <!-- Single realm app.  If you have multiple realms, use the 'realms' property
instead. -->
         <property name="realm" ref="jdbcRealm"/>
-        <property name="sessionMode" value="shiro"/>
+        <property name="sessionMode" value="native"/>
     </bean>
 
     <!-- Used by the SecurityManager to access security data (users, roles, etc).

Modified: incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/DefaultWebSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/DefaultWebSecurityManager.java?rev=795246&r1=795245&r2=795246&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/DefaultWebSecurityManager.java
(original)
+++ incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/DefaultWebSecurityManager.java
Fri Jul 17 22:03:42 2009
@@ -50,7 +50,7 @@
     private static final Logger log = LoggerFactory.getLogger(DefaultWebSecurityManager.class);
 
     public static final String HTTP_SESSION_MODE = "http";
-    public static final String KI_SESSION_MODE = "shiro";
+    public static final String NATIVE_SESSION_MODE = "native";
 
     /**
      * The key that is used to store subject principals in the session.
@@ -207,10 +207,10 @@
             throw new IllegalArgumentException("sessionMode argument cannot be null.");
         }
         mode = sessionMode.toLowerCase();
-        if (!HTTP_SESSION_MODE.equals(mode) && !KI_SESSION_MODE.equals(mode)) {
+        if (!HTTP_SESSION_MODE.equals(mode) && !NATIVE_SESSION_MODE.equals(mode))
{
             String msg = "Invalid sessionMode [" + sessionMode + "].  Allowed values are
" +
                     "public static final String constants in the " + getClass().getName()
+ " class: '"
-                    + HTTP_SESSION_MODE + "' or '" + KI_SESSION_MODE + "', with '" +
+                    + HTTP_SESSION_MODE + "' or '" + NATIVE_SESSION_MODE + "', with '" +
                     HTTP_SESSION_MODE + "' being the default.";
             throw new IllegalArgumentException(msg);
         }
@@ -235,7 +235,7 @@
             return new ServletContainerSessionManager();
         } else {
             if (log.isInfoEnabled()) {
-                log.info(KI_SESSION_MODE + " mode - enabling DefaultWebSessionManager (HTTP
+ heterogeneous-client sessions)");
+                log.info(NATIVE_SESSION_MODE + " mode - enabling DefaultWebSessionManager
(HTTP + heterogeneous-client sessions)");
             }
             return new DefaultWebSessionManager();
         }

Added: incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/DelegatingWebSecurityManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/DelegatingWebSecurityManager.java?rev=795246&view=auto
==============================================================================
--- incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/DelegatingWebSecurityManager.java
(added)
+++ incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/DelegatingWebSecurityManager.java
Fri Jul 17 22:03:42 2009
@@ -0,0 +1,121 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.web;
+
+import org.apache.shiro.mgt.SecurityManager;
+import org.apache.shiro.web.session.DelegatingWebSessionManager;
+import org.apache.shiro.web.session.WebSessionManager;
+
+/**
+ * A {@code DelegatingWebSecurityManager} performs all normal web-related operations of the
superclass
+ * {@link DefaultWebSecurityManager} (handling cookies, HTTP requests, and other similar
tasks), but delegates all of
+ * its authentication, authorization and session operations to a delegate {@link SecurityManager
SecurityManager}
+ * instance.
+ * <p/>
+ * The {@code DelegatingWebSecurityManager} plays a part in some enterprise environments
where the web tier and
+ * business-logic tier do not reside in the same virtual machine.  In these environments,
this component performs all
+ * standard Web/Http security operations, but delegates the 'real' authentication, authorization
and session management
+ * operations to a wrapped {@code SecurityManager} instance responsible for those operations.
 Usually the wrapped
+ * {@code SecurityManager} instance is a remoting proxy that communicates with a remote/back-end
{@code SecurityManager}
+ * that is responsible for the 'real' security duties.
+ * <p/>
+ * In such distributed environments, all components in the web-tier VM use the {@link DelegatingWebSecurityManager}
+ * instance as if it were the normal primary {@code SecurityManager} and are unaware of the
distributed nature of the
+ * application's configuration.
+ *
+ * @since 1.0
+ */
+public class DelegatingWebSecurityManager extends DefaultWebSecurityManager {
+
+    public DelegatingWebSecurityManager() {
+        super();
+        //disable caching for now (delegate SecurityManager should cache if necessary):
+        setCacheManager(null);
+        //default to native sessions, since http sessions hosted in a web server would not
+        //be accessible to a back-end SecurityManager and native Sessions are:
+        setSessionMode(DefaultWebSecurityManager.NATIVE_SESSION_MODE);
+    }
+
+    public DelegatingWebSecurityManager(SecurityManager delegate) {
+        this();
+        setDelegateSecurityManager(delegate);
+    }
+
+    /**
+     * Receives the target/delegate {@link SecurityManager SecurityManager} instance, often
a
+     * {@code SecurityManager} remoting proxy in distributed/federated environments.
+     * <p/>
+     * This implementation immediately sets this instance as the
+     * {@link #setAuthenticator(org.apache.shiro.authc.Authenticator) delegate authenticator}
and
+     * {@link #setAuthorizer(org.apache.shiro.authz.Authorizer) delegate authorizer}.  It
then constructs a
+     * wrapping {@link WebSessionManager WebSubjectFactory} and {@link WebSubjectFactory
WebSubjectFactory} based on
+     * the delegate {@code SecurityManager} instance and uses them as this component's
+     * {@link #setSessionManager(org.apache.shiro.session.mgt.SessionManager) sessionManager}
and
+     * {@link #setSubjectFactory(org.apache.shiro.mgt.SubjectFactory) subjectFactory}, respectively.
+     *
+     * @param delegate the {@link SecurityManager} to which all authentication, authorization,
and
+     *                 session management operations will be delegated.
+     * @see #createWebSessionManager(org.apache.shiro.mgt.SecurityManager)
+     * @see #createWebSubjectFactory(org.apache.shiro.mgt.SecurityManager, org.apache.shiro.web.session.WebSessionManager)
+     */
+    public void setDelegateSecurityManager(SecurityManager delegate) {
+        if (delegate == null) {
+            throw new IllegalArgumentException("sessionManager cannot be null");
+        }
+
+        setAuthenticator(delegate);
+        setAuthorizer(delegate);
+
+        WebSessionManager sessionManager = createWebSessionManager(delegate);
+        setSessionManager(sessionManager);
+
+        WebSubjectFactory webSubjectFactory = createWebSubjectFactory(delegate, sessionManager);
+        setSubjectFactory(webSubjectFactory);
+    }
+
+    /**
+     * Creates a WebSessionManager that will be used for all Session operations based on
the specified
+     * {@code SecurityManager} delegate.  This implementation returns a new {@link DelegatingWebSessionManager}
instance.
+     *
+     * @param delegate the delegate {@code SecurityManager} instance to use for all session
operations.
+     * @return a WebSessionManager to use for all session operations for this {@link SecurityManager}
instance.
+     * @see #setSessionManager(org.apache.shiro.session.mgt.SessionManager)
+     */
+    protected WebSessionManager createWebSessionManager(SecurityManager delegate) {
+        return new DelegatingWebSessionManager(delegate);
+    }
+
+    /**
+     * Creates a {@code WebSubjectFactory} to use when creating Subject instances for the
application's use.
+     * <p/>
+     * The default implementation ignores the {@code SecurityManager} argument and merely
returns
+     * <pre><code>new {@link org.apache.shiro.web.WebSubjectFactory#WebSubjectFactory(org.apache.shiro.mgt.SecurityManager,
org.apache.shiro.web.session.WebSessionManager) WebSubjectFactory}(this, sessionManagerArgument);</code></pre>
+     *
+     * @param delegate       the delegate {@code SecurityManager} instance to delegate all
security operations.
+     * @param sessionManager the webSessionManager created from {@link #createWebSessionManager(org.apache.shiro.mgt.SecurityManager)
createWebSessionManager}(delegate);.
+     * @return the {@code WebSubjectFactory} for this {@code WebSecurityManager} to use when
creating Subject instances
+     *         for the application's use.
+     * @see #setSubjectFactory(org.apache.shiro.mgt.SubjectFactory)
+     */
+    @SuppressWarnings({"UnusedDeclaration"})
+    protected WebSubjectFactory createWebSubjectFactory(SecurityManager delegate, WebSessionManager
sessionManager) {
+        return new WebSubjectFactory(this, sessionManager);
+    }
+
+}

Added: incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/session/DelegatingWebSessionManager.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/session/DelegatingWebSessionManager.java?rev=795246&view=auto
==============================================================================
--- incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/session/DelegatingWebSessionManager.java
(added)
+++ incubator/shiro/trunk/web/src/main/java/org/apache/shiro/web/session/DelegatingWebSessionManager.java
Fri Jul 17 22:03:42 2009
@@ -0,0 +1,108 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.web.session;
+
+import org.apache.shiro.session.InvalidSessionException;
+import org.apache.shiro.session.Session;
+import org.apache.shiro.session.mgt.DelegatingSession;
+import org.apache.shiro.session.mgt.SessionFactory;
+import org.apache.shiro.session.mgt.SessionManager;
+
+import java.io.Serializable;
+import java.net.InetAddress;
+import java.util.Map;
+
+/**
+ * A {@code DelegatingWebSessionManager} performs all normal operations of the superclass
{@link DefaultWebSessionManager}
+ * except it does not perform {@code Session} creation or lookup duties itself and instead
delegates those duties
+ * to a target/wrapped {@link SessionManager SessionManager} instance.  It is primarily used
to support
+ * the functionality of the {@link org.apache.shiro.web.DelegatingWebSecurityManager DelegatingWebSecurityManager}
and
+ * for the most part is considered an infrastructural component that would rarely need to
be referenced by Shiro users.
+ * <p/>
+ * The {@code DelegatingWebSessionManager} plays a part in some enterprise environments where
the web tier and
+ * business-logic tier do not reside in the same virtual machine.  In these environments,
this component performs all
+ * standard Web/Http session operations, but delegates {@code Session} creation and lookup
to a wrapped
+ * {@code SessionManager} instance responsible for those operations.  Usually the wrapped
{@code SessionManager}
+ * instance is a remoting proxy that communicates with a remote/back-end SessionManager that
is responsible for the
+ * 'real' creation/lookup duties.
+ *
+ * @since 1.0
+ */
+public class DelegatingWebSessionManager extends DefaultWebSessionManager {
+
+    private SessionManager delegateSessionManager = null;
+
+    public DelegatingWebSessionManager() {
+        setSessionValidationSchedulerEnabled(false);
+    }
+
+    public DelegatingWebSessionManager(SessionManager delegateSessionManager) {
+        this();
+        this.delegateSessionManager = delegateSessionManager;
+    }
+
+    public void setDelegateSessionManager(SessionManager delegateSessionManager) {
+        this.delegateSessionManager = delegateSessionManager;
+    }
+
+    private void assertDelegateExists() {
+        //can only be null in a Dependency Injection environment, so check to ensure it is
not null:
+        if (this.delegateSessionManager == null) {
+            throw new IllegalStateException("delegateSessionManager property has not been
set.  Please check your " +
+                    "configuration to ensure the " + getClass().getName() + " instance has
been injected with a " +
+                    SessionManager.class.getName() + " delegate instance.");
+        }
+    }
+
+    /**
+     * Can be used in DI environments to ensure the
+     * {@link #setDelegateSessionManager(org.apache.shiro.session.mgt.SessionManager) delegateSessionManager}
exists and
+     * has been set correctly.
+     *
+     * @throws IllegalStateException if the {@code delegateSessionManager} property has not
been set.
+     */
+    public void init() throws IllegalStateException {
+        assertDelegateExists();
+    }
+
+    @Override
+    protected Session doCreateSession(Map initData) {
+        assertDelegateExists();
+        InetAddress host = null;
+        if (initData != null && initData.containsKey(SessionFactory.ORIGINATING_HOST_KEY))
{
+            host = (InetAddress) initData.get(SessionFactory.ORIGINATING_HOST_KEY);
+        }
+        Serializable sessionId = this.delegateSessionManager.start(host);
+        return new DelegatingSession(this, sessionId);
+    }
+
+    @Override
+    protected Session retrieveSessionFromDataSource(Serializable id) throws InvalidSessionException
{
+        assertDelegateExists();
+        this.delegateSessionManager.checkValid(id);
+        //we need the DelegatingSession to reference the delegateSessionManager and not 'this'
so
+        //we avoid an infinite loop:
+        return new DelegatingSession(this.delegateSessionManager, id);
+    }
+
+    @Override
+    protected void doValidate(Session session) throws InvalidSessionException {
+        session.touch();
+    }
+}

Modified: incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java?rev=795246&r1=795245&r2=795246&view=diff
==============================================================================
--- incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java
(original)
+++ incubator/shiro/trunk/web/src/test/java/org/apache/shiro/web/DefaultWebSecurityManagerTest.java
Fri Jul 17 22:03:42 2009
@@ -18,13 +18,11 @@
  */
 package org.apache.shiro.web;
 
+import org.apache.shiro.util.ThreadContext;
 import org.junit.After;
 import org.junit.Before;
 import org.junit.Test;
 
-import org.apache.shiro.util.ThreadContext;
-import org.apache.shiro.web.DefaultWebSecurityManager;
-
 /**
  * @author Les Hazlewood
  * @since 0.9
@@ -47,7 +45,7 @@
 
     @Test
     public void shiroSessionModeInit() {
-        sm.setSessionMode(DefaultWebSecurityManager.KI_SESSION_MODE);
+        sm.setSessionMode(DefaultWebSecurityManager.NATIVE_SESSION_MODE);
     }
 
 }



Mime
View raw message