Package org.apache.shiro.web.session.mgt

Class ServletContainerSessionManager

java.lang.Object
org.apache.shiro.web.session.mgt.ServletContainerSessionManager
All Implemented Interfaces:
org.apache.shiro.session.mgt.SessionManager, WebSessionManager
public class ServletContainerSessionManager extends Object implements WebSessionManager
SessionManager implementation providing Session implementations that are merely wrappers for the Servlet container's HttpSession.

Despite its name, this implementation does not itself manage Sessions since the Servlet container provides the actual management support. This class mainly exists to 'impersonate' a regular Shiro SessionManager so it can be pluggable into a normal Shiro configuration in a pure web application.

Note that because this implementation relies on the HttpSession, it is only functional in a servlet container - it is not capable of supporting Sessions for any clients other than those using the HTTP protocol.

Therefore, if you need Session support for heterogeneous clients (e.g. web browsers, RMI clients, etc.), use the DefaultWebSessionManager instead. The DefaultWebSessionManager supports both traditional web-based access as well as non web-based clients.

Since:
0.9
See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    ServletContainerSessionManager()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    protected org.apache.shiro.session.Session
    createSession(javax.servlet.http.HttpSession httpSession, String host)
     
    protected org.apache.shiro.session.Session
    createSession(org.apache.shiro.session.mgt.SessionContext sessionContext)
     
    org.apache.shiro.session.Session
    getSession(org.apache.shiro.session.mgt.SessionKey key)
     
    boolean
    isServletContainerSessions()
    This implementation always delegates to the servlet container for sessions, so this method returns true always.
    org.apache.shiro.session.Session
    start(org.apache.shiro.session.mgt.SessionContext context)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

  • Method Details

    • start

      public org.apache.shiro.session.Session start(org.apache.shiro.session.mgt.SessionContext context) throws org.apache.shiro.authz.AuthorizationException
      Specified by:
      start in interface org.apache.shiro.session.mgt.SessionManager
      Throws:
      org.apache.shiro.authz.AuthorizationException

    • getSession

      public org.apache.shiro.session.Session getSession(org.apache.shiro.session.mgt.SessionKey key) throws org.apache.shiro.session.SessionException
      Specified by:
      getSession in interface org.apache.shiro.session.mgt.SessionManager
      Throws:
      org.apache.shiro.session.SessionException

    • createSession

      protected org.apache.shiro.session.Session createSession(org.apache.shiro.session.mgt.SessionContext sessionContext) throws org.apache.shiro.authz.AuthorizationException
      Throws:
      org.apache.shiro.authz.AuthorizationException
      Since:
      1.0

    • createSession

      protected org.apache.shiro.session.Session createSession(javax.servlet.http.HttpSession httpSession, String host)

    • isServletContainerSessions

      public boolean isServletContainerSessions()
      This implementation always delegates to the servlet container for sessions, so this method returns true always.
      Specified by:
      isServletContainerSessions in interface WebSessionManager
      Returns:
      true always
      Since:
      1.2