Examples of org.apache.shiro.session.Session

• org.apache.shiro.session.Session
  A {@code Session} is a stateful data context associated with a single Subject (user, daemon process,etc) who interacts with a software system over a period of time.

  A {@code Session} is intended to be managed by the business tier and accessible via othertiers without being tied to any given client technology. This is a great benefit to Java systems, since until now, the only viable session mechanisms were the {@code javax.servlet.http.HttpSession} or Stateful Session EJB's, which many timesunnecessarily coupled applications to web or ejb technologies. @author Les Hazlewood @since 0.1

        expect(sessionDAO.create(eq(session1))).andReturn(sessionId1);
        sessionDAO.update(eq(session1));
        expectLastCall().anyTimes();
        replay(sessionDAO);
        Session session = sm.start(null);
        assertNotNull(session);
        verify(sessionDAO);
        reset(sessionDAO);

        expect(sessionDAO.readSession(sessionId1)).andReturn(session1).anyTimes();

        };

        DefaultSessionManager sessionManager = new DefaultSessionManager();
        sessionManager.setSessionListeners(Arrays.asList(sessionListener));

        Session session = sessionManager.start(null);
        assertEquals(1, sessionManager.getActiveSessions().size());

        session.setTimeout(0L);
        //last access timestamp needs to be older than the current timestamp when validating, so ensure a delay:
        Thread.sleep(1);

        sessionManager.validateSessions();

        }
        if (currentPrincipals == null || currentPrincipals.isEmpty()) {
            currentPrincipals = subject.getPrincipals();
        }

        Session session = subject.getSession(false);

        if (session == null) {
            if (!isEmpty(currentPrincipals)) {
                session = subject.getSession();
                session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals);
            }
            // otherwise no session and no principals - nothing to save
        } else {
            PrincipalCollection existingPrincipals =
                    (PrincipalCollection) session.getAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);

            if (isEmpty(currentPrincipals)) {
                if (!isEmpty(existingPrincipals)) {
                    session.removeAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
                }
                // otherwise both are null or empty - no need to update the session
            } else {
                if (!currentPrincipals.equals(existingPrincipals)) {
                    session.setAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY, currentPrincipals);
                }
                // otherwise they're the same - no need to update the session
            }
        }
    }

     *
     * @param subject the Subject for which principals will potentially be merged into the Subject's session.
     */
    protected void mergeAuthenticationState(Subject subject) {

        Session session = subject.getSession(false);

        if (session == null) {
            if (subject.isAuthenticated()) {
                session = subject.getSession();
                session.setAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY, Boolean.TRUE);
            }
            //otherwise no session and not authenticated - nothing to save
        } else {
            Boolean existingAuthc = (Boolean) session.getAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY);

            if (subject.isAuthenticated()) {
                if (existingAuthc == null || !existingAuthc) {
                    session.setAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY, Boolean.TRUE);
                }
                //otherwise authc state matches - no need to update the session
            } else {
                if (existingAuthc != null) {
                    //existing doesn't match the current state - remove it:
                    session.removeAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY);
                }
                //otherwise not in the session and not authenticated - no need to update the session
            }
        }
    }

     * does not exist, this method does not do anything.
     *
     * @param subject the subject for which any existing subject state will be removed from its session.
     */
    protected void removeFromSession(Subject subject) {
        Session session = subject.getSession(false);
        if (session != null) {
            session.removeAttribute(DefaultSubjectContext.AUTHENTICATED_SESSION_KEY);
            session.removeAttribute(DefaultSubjectContext.PRINCIPALS_SESSION_KEY);
        }
    }

    public void testScope() throws Exception {
        Subject subject = createMock(Subject.class);
        try {
            final Key<SomeClass> key = Key.get(SomeClass.class);
            Provider<SomeClass> mockProvider = createMock(Provider.class);
            Session session = createMock(Session.class);

            SomeClass retuned = new SomeClass();

            expect(subject.getPrincipal()).andReturn("testUser").anyTimes();

            expect(subject.getSession()).andReturn(session);
            expect(session.getAttribute(key)).andReturn(null);
            expect(mockProvider.get()).andReturn(retuned);

            expect(subject.getSession()).andReturn(session);
            expect(session.getAttribute(key)).andReturn(retuned);


            replay(subject, mockProvider, session);

            ThreadContext.bind(subject);

        // get the currently executing user:
        Subject currentUser = SecurityUtils.getSubject();

        // Do some stuff with a Session (no need for a web or EJB container!!!)
        Session session = currentUser.getSession();
        session.setAttribute("someKey", "aValue");
        String value = (String) session.getAttribute("someKey");
        if (value.equals("aValue")) {
            log.info("Retrieved the correct value! [" + value + "]");
        }

        // let's login the current user so we can check against roles and permissions:

            return context;
        }
        try {
            //Context couldn't resolve it directly, let's see if we can since we have direct access to
            //the session manager:
            Session session = resolveContextSession(context);
            if (session != null) {
                context.setSession(session);
            }
        } catch (InvalidSessionException e) {
            log.debug("Resolved SubjectContext context session is invalid.  Ignoring and creating an anonymous " +

            }
        }
    }

    protected void stopSession(Subject subject) {
        Session s = subject.getSession(false);
        if (s != null) {
            s.stop();
        }
    }

        replay(mockRequest);

        Subject subject = newSubject(mockRequest, mockResponse);

        Session session = subject.getSession();
        assertEquals(session.getTimeout(), globalTimeout);
        session.setTimeout(125);
        assertEquals(session.getTimeout(), 125);
        sleep(200);
        try {
            session.getTimeout();
            fail("Session should have expired.");
        } catch (ExpiredSessionException expected) {
        }
    }