shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r1149709 - in /shiro/trunk/web/src: main/java/org/apache/shiro/web/mgt/ main/java/org/apache/shiro/web/session/mgt/ test/java/org/apache/shiro/web/mgt/
Date Fri, 22 Jul 2011 19:58:17 GMT
Author: lhazlewood
Date: Fri Jul 22 19:58:16 2011
New Revision: 1149709

URL: http://svn.apache.org/viewvc?rev=1149709&view=rev
Log:
SHIRO-312: applied patch w/ minor adjustments.

Added:
    shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/WebSessionManager.java
Modified:
    shiro/trunk/web/src/main/java/org/apache/shiro/web/mgt/DefaultWebSecurityManager.java
    shiro/trunk/web/src/main/java/org/apache/shiro/web/mgt/WebSecurityManager.java
    shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.java
    shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/ServletContainerSessionManager.java
    shiro/trunk/web/src/test/java/org/apache/shiro/web/mgt/DefaultWebSecurityManagerTest.java

Modified: shiro/trunk/web/src/main/java/org/apache/shiro/web/mgt/DefaultWebSecurityManager.java
URL: http://svn.apache.org/viewvc/shiro/trunk/web/src/main/java/org/apache/shiro/web/mgt/DefaultWebSecurityManager.java?rev=1149709&r1=1149708&r2=1149709&view=diff
==============================================================================
--- shiro/trunk/web/src/main/java/org/apache/shiro/web/mgt/DefaultWebSecurityManager.java
(original)
+++ shiro/trunk/web/src/main/java/org/apache/shiro/web/mgt/DefaultWebSecurityManager.java
Fri Jul 22 19:58:16 2011
@@ -28,10 +28,7 @@ import org.apache.shiro.subject.Subject;
 import org.apache.shiro.subject.SubjectContext;
 import org.apache.shiro.util.LifecycleUtils;
 import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
-import org.apache.shiro.web.session.mgt.DefaultWebSessionContext;
-import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
-import org.apache.shiro.web.session.mgt.ServletContainerSessionManager;
-import org.apache.shiro.web.session.mgt.WebSessionKey;
+import org.apache.shiro.web.session.mgt.*;
 import org.apache.shiro.web.subject.WebSubject;
 import org.apache.shiro.web.subject.WebSubjectContext;
 import org.apache.shiro.web.subject.support.DefaultWebSubjectContext;
@@ -57,9 +54,15 @@ public class DefaultWebSecurityManager e
 
     private static final Logger log = LoggerFactory.getLogger(DefaultWebSecurityManager.class);
 
+    @Deprecated
     public static final String HTTP_SESSION_MODE = "http";
+    @Deprecated
     public static final String NATIVE_SESSION_MODE = "native";
 
+	/**
+	 * @deprecated as of 1.2.  This should NOT be used for anything other than determining if
the sessionMode has changed.
+	 */
+	@Deprecated
     private String sessionMode;
 
     public DefaultWebSecurityManager() {
@@ -97,11 +100,19 @@ public class DefaultWebSecurityManager e
     }
 
     @SuppressWarnings({"UnusedDeclaration"})
+    @Deprecated
     public String getSessionMode() {
         return sessionMode;
     }
 
+    /**
+     * @param sessionMode
+     * @deprecated since 1.2
+     */
+    @Deprecated
     public void setSessionMode(String sessionMode) {
+        log.warn("The 'sessionMode' property has been deprecated.  Please configure an appropriate
WebSessionManager " +
+                "instance instead of using this property.  This property/method will be removed
in a later version.");
         String mode = sessionMode;
         if (mode == null) {
             throw new IllegalArgumentException("sessionMode argument cannot be null.");
@@ -119,15 +130,35 @@ public class DefaultWebSecurityManager e
         if (recreate) {
             LifecycleUtils.destroy(getSessionManager());
             SessionManager sessionManager = createSessionManager(mode);
-            setSessionManager(sessionManager);
+            this.setInternalSessionManager(sessionManager);
         }
     }
 
+	@Override
+	public void setSessionManager(SessionManager sessionManager) {
+		this.sessionMode = null;
+		this.setInternalSessionManager(sessionManager);
+	}
+
     /**
+     * @param sessionManager
+     * @since 1.2
+     */
+	private void setInternalSessionManager(SessionManager sessionManager) {
+		super.setSessionManager(sessionManager);
+	}
+
+	/**
      * @since 1.0
      */
     public boolean isHttpSessionMode() {
-        return this.sessionMode == null || !this.sessionMode.equals(NATIVE_SESSION_MODE);
+        SessionManager sessionManager = getSessionManager();
+
+	    if(sessionManager instanceof WebSessionManager) {
+		    return ((WebSessionManager)sessionManager).isServletContainerSessions();
+	    }
+        //use Servlet container sessions by default:
+		return true;
     }
 
     protected SessionManager createSessionManager(String sessionMode) {

Modified: shiro/trunk/web/src/main/java/org/apache/shiro/web/mgt/WebSecurityManager.java
URL: http://svn.apache.org/viewvc/shiro/trunk/web/src/main/java/org/apache/shiro/web/mgt/WebSecurityManager.java?rev=1149709&r1=1149708&r2=1149709&view=diff
==============================================================================
--- shiro/trunk/web/src/main/java/org/apache/shiro/web/mgt/WebSecurityManager.java (original)
+++ shiro/trunk/web/src/main/java/org/apache/shiro/web/mgt/WebSecurityManager.java Fri Jul
22 19:58:16 2011
@@ -21,12 +21,12 @@ package org.apache.shiro.web.mgt;
 import org.apache.shiro.mgt.SecurityManager;
 
 /**
- * This interface represents a {@link SecurityManager} implementation that can
- * be used in a servlet container.
+ * This interface represents a {@link SecurityManager} implementation that can used in web-enabled
applications.
  *
  * @since 1.0
  */
 public interface WebSecurityManager extends SecurityManager {
+
     /**
      * Security information needs to be retained from request to request, so Shiro makes
use of a
      * session for this. Typically, a security manager will use the servlet container's HTTP
session

Modified: shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.java
URL: http://svn.apache.org/viewvc/shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.java?rev=1149709&r1=1149708&r2=1149709&view=diff
==============================================================================
--- shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.java
(original)
+++ shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.java
Fri Jul 22 19:58:16 2011
@@ -45,7 +45,7 @@ import java.io.Serializable;
  *
  * @since 0.9
  */
-public class DefaultWebSessionManager extends DefaultSessionManager {
+public class DefaultWebSessionManager extends DefaultSessionManager implements WebSessionManager
{
 
     private static final Logger log = LoggerFactory.getLogger(DefaultWebSessionManager.class);
 
@@ -238,4 +238,14 @@ public class DefaultWebSessionManager ex
                     "pair. Session ID cookie will not be removed due to stopped session.");
         }
     }
+
+    /**
+     * This is a native session manager implementation, so this method returns {@code false}
always.
+     *
+     * @return {@code false} always
+     * @since 1.2
+     */
+    public boolean isServletContainerSessions() {
+        return false;
+    }
 }

Modified: shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/ServletContainerSessionManager.java
URL: http://svn.apache.org/viewvc/shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/ServletContainerSessionManager.java?rev=1149709&r1=1149708&r2=1149709&view=diff
==============================================================================
--- shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/ServletContainerSessionManager.java
(original)
+++ shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/ServletContainerSessionManager.java
Fri Jul 22 19:58:16 2011
@@ -23,7 +23,6 @@ import org.apache.shiro.session.Session;
 import org.apache.shiro.session.SessionException;
 import org.apache.shiro.session.mgt.SessionContext;
 import org.apache.shiro.session.mgt.SessionKey;
-import org.apache.shiro.session.mgt.SessionManager;
 import org.apache.shiro.web.session.HttpServletSession;
 import org.apache.shiro.web.util.WebUtils;
 
@@ -52,7 +51,7 @@ import javax.servlet.http.HttpSession;
  * @since 0.9
  * @see DefaultWebSessionManager
  */
-public class ServletContainerSessionManager implements SessionManager {
+public class ServletContainerSessionManager implements WebSessionManager {
 
     //TODO - complete JavaDoc
 
@@ -120,4 +119,14 @@ public class ServletContainerSessionMana
         return new HttpServletSession(httpSession, host);
     }
 
+    /**
+     * This implementation always delegates to the servlet container for sessions, so this
method returns
+     * {@code true} always.
+     *
+     * @return {@code true} always
+     * @since 1.2
+     */
+	public boolean isServletContainerSessions() {
+		return true;
+	}
 }

Added: shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/WebSessionManager.java
URL: http://svn.apache.org/viewvc/shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/WebSessionManager.java?rev=1149709&view=auto
==============================================================================
--- shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/WebSessionManager.java
(added)
+++ shiro/trunk/web/src/main/java/org/apache/shiro/web/session/mgt/WebSessionManager.java
Fri Jul 22 19:58:16 2011
@@ -0,0 +1,45 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.shiro.web.session.mgt;
+
+import org.apache.shiro.session.mgt.SessionManager;
+
+/**
+ * {@link SessionManager} specific to web-enabled applications.
+ *
+ * @since 1.2
+ * @see ServletContainerSessionManager
+ * @see DefaultWebSessionManager
+ */
+public interface WebSessionManager extends SessionManager {
+
+    /**
+     * Returns {@code true} if session management and storage is managed by the underlying
Servlet container or
+     * {@code false} if managed by Shiro directly (called 'native' sessions).
+     * <p/>
+     * If sessions are enabled, Shiro can make use of Sessions to retain security information
from
+     * request to request.  This method indicates whether Shiro would use the Servlet container
sessions to fulfill its
+     * needs, or if it would use its own native session management instead (which can support
enterprise features
+     * - like distributed caching - in a container-independent manner).
+     *
+     * @return {@code true} if session management and storage is managed by the underlying
Servlet container or
+     *         {@code false} if managed by Shiro directly (called 'native' sessions).
+     */
+    boolean isServletContainerSessions();
+}

Modified: shiro/trunk/web/src/test/java/org/apache/shiro/web/mgt/DefaultWebSecurityManagerTest.java
URL: http://svn.apache.org/viewvc/shiro/trunk/web/src/test/java/org/apache/shiro/web/mgt/DefaultWebSecurityManagerTest.java?rev=1149709&r1=1149708&r2=1149709&view=diff
==============================================================================
--- shiro/trunk/web/src/test/java/org/apache/shiro/web/mgt/DefaultWebSecurityManagerTest.java
(original)
+++ shiro/trunk/web/src/test/java/org/apache/shiro/web/mgt/DefaultWebSecurityManagerTest.java
Fri Jul 22 19:58:16 2011
@@ -26,6 +26,7 @@ import org.apache.shiro.session.Session;
 import org.apache.shiro.session.mgt.AbstractSessionManager;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.web.servlet.ShiroHttpSession;
+import org.apache.shiro.web.session.mgt.WebSessionManager;
 import org.apache.shiro.web.subject.WebSubject;
 import org.junit.After;
 import org.junit.Before;
@@ -68,6 +69,22 @@ public class DefaultWebSecurityManagerTe
         return new WebSubject.Builder(sm, request, response).buildSubject();
     }
 
+	@Test
+	public void checkSessionManagerDeterminesContainerSessionMode() {
+		sm.setSessionMode(DefaultWebSecurityManager.NATIVE_SESSION_MODE);
+		WebSessionManager sessionManager = createMock(WebSessionManager.class);
+
+		expect(sessionManager.isServletContainerSessions()).andReturn(true).anyTimes();
+
+		replay(sessionManager);
+
+		sm.setSessionManager(sessionManager);
+
+		assertTrue("The set SessionManager is not being used to determine isHttpSessionMode.",
sm.isHttpSessionMode());
+
+		verify(sessionManager);
+	}
+
     @Test
     public void shiroSessionModeInit() {
         sm.setSessionMode(DefaultWebSecurityManager.NATIVE_SESSION_MODE);



Mime
View raw message