Examples of org.apache.shiro.session.Session

• org.apache.shiro.session.Session
  A {@code Session} is a stateful data context associated with a single Subject (user, daemon process,etc) who interacts with a software system over a period of time.

  A {@code Session} is intended to be managed by the business tier and accessible via othertiers without being tied to any given client technology. This is a great benefit to Java systems, since until now, the only viable session mechanisms were the {@code javax.servlet.http.HttpSession} or Stateful Session EJB's, which many timesunnecessarily coupled applications to web or ejb technologies. @author Les Hazlewood @since 0.1

  }

  public static void setSessionAttribute(String name, Object value) {
    Subject currentUser = SecurityUtils.getSubject();
    if (value != null) {
      Session session = currentUser.getSession();
      session.setAttribute(name, value);
    } else {
      Session session = currentUser.getSession(false);
      session.removeAttribute(name);
    }
  }

   * 创建一个shiro的session,如果存在session就用现有的session，否则创建一个新的session
   *
   * @return {@link Session}
   */
  public static Session createSessionIfNull() {
    Session session = getSession();

    if (session == null) {
      session = getSession(true);
    }

     * 重写父类方法，在shiro执行登录时先对比验证码，正确后在登录，否则直接登录失败
     */
  @Override
  protected boolean executeLogin(ServletRequest request,ServletResponse response) throws Exception {

    Session session = SystemVariableUtils.createSessionIfNull();
    //获取登录错误次数
    Integer number = (Integer) session.getAttribute(getLoginIncorrectNumberKeyAttribute());

    //首次登录，将该数量记录在session中
    if (number == null) {
      number = new Integer(1);
      session.setAttribute(getLoginIncorrectNumberKeyAttribute(), number);
    }

    //如果登录次数大于allowIncorrectNumber，需要判断验证码是否一致
    if (number > getAllowIncorrectNumber()) {
      //获取当前验证码
      String currentCaptcha = (String) session.getAttribute(getSessionCaptchaKeyAttribute());
      //获取用户输入的验证码
      String submitCaptcha = getCaptcha(request);
      //如果验证码不匹配，登录失败
      if (StringUtils.isEmpty(submitCaptcha) || !StringUtils.equals(currentCaptcha,submitCaptcha.toLowerCase())) {
        return onLoginFailure(this.createToken(request, response), new AccountException("验证码不正确"), request, response);

   * 重写父类方法，当登录失败后，将allowIncorrectNumber（允许登错误录次） + 1
   */
  @Override
  protected boolean onLoginFailure(AuthenticationToken token,AuthenticationException e, ServletRequest request,ServletResponse response) {

    Session session = SystemVariableUtils.getSession();
    Integer number = (Integer) session.getAttribute(getLoginIncorrectNumberKeyAttribute());
    session.setAttribute(getLoginIncorrectNumberKeyAttribute(),++number);

    return super.onLoginFailure(token, e, request, response);
  }

   * 重写父类方法，当登录成功后，将allowIncorrectNumber（允许登错误录次）设置为0，重置下一次登录的状态
   */
  @Override
  protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception {

    Session session = SystemVariableUtils.getSession();
    session.removeAttribute(getLoginIncorrectNumberKeyAttribute());
    session.setAttribute("sv", subject.getPrincipal());

    return super.onLoginSuccess(token, subject, request, response);
  }

        String value = "testValue";
        DefaultSecurityManager sm = new DefaultSecurityManager();

        DelegatingSubject subject = new DelegatingSubject(sm);

        Session session = subject.getSession();
        session.setAttribute(key, value);
        assertTrue(session.getAttribute(key).equals(value));
        Serializable firstSessionId = session.getId();
        assertNotNull(firstSessionId);

        session.stop();

        session = subject.getSession();
        assertNotNull(session);
        assertNull(session.getAttribute(key));
        Serializable secondSessionId = session.getId();
        assertNotNull(secondSessionId);
        assertFalse(firstSessionId.equals(secondSessionId));

        subject.logout();

    @Test
    public void testGlobalTimeout() {
        long timeout = 1000;
        sm.setGlobalSessionTimeout(timeout);
        Session session = sm.start(null);
        assertNotNull(session);
        assertNotNull(session.getId());
        assertEquals(session.getTimeout(), timeout);
    }

            public void onStop(Session session) {
                stopped[0] = true;
            }
        };
        sm.getSessionListeners().add(listener);
        Session session = sm.start(null);
        sm.stop(new DefaultSessionKey(session.getId()));
        assertTrue(stopped[0]);
    }

                stopped[0] = true;
                value[0] = (String)session.getAttribute("foo");
            }
        };
        sm.getSessionListeners().add(listener);
        Session session = sm.start(null);
        session.setAttribute("foo", "bar");

        sm.stop(new DefaultSessionKey(session.getId()));

        assertTrue(stopped[0]);
        assertEquals("bar", value[0]);
    }

                expired[0] = true;
            }
        };
        sm.getSessionListeners().add(listener);
        sm.setGlobalSessionTimeout(100);
        Session session = sm.start(null);
        sleep(150);
        try {
            sm.checkValid(new DefaultSessionKey(session.getId()));
            fail("check should have thrown an exception.");
        } catch (InvalidSessionException expected) {
            //do nothing - expected.
        }
        assertTrue(expired[0]);