Examples of org.apache.shiro.session.Session

• org.apache.shiro.session.Session
  A {@code Session} is a stateful data context associated with a single Subject (user, daemon process,etc) who interacts with a software system over a period of time.

  A {@code Session} is intended to be managed by the business tier and accessible via othertiers without being tied to any given client technology. This is a great benefit to Java systems, since until now, the only viable session mechanisms were the {@code javax.servlet.http.HttpSession} or Stateful Session EJB's, which many timesunnecessarily coupled applications to web or ejb technologies. @author Les Hazlewood @since 0.1

    protected void updateSessionLastAccessTime(ServletRequest request, ServletResponse response) {
        if (!isHttpSessions()) { //'native' sessions
            Subject subject = SecurityUtils.getSubject();
            //Subject should never _ever_ be null, but just in case:
            if (subject != null) {
                Session session = subject.getSession(false);
                if (session != null) {
                    try {
                        session.touch();
                    } catch (Throwable t) {
                        log.error("session.touch() method invocation has failed.  Unable to update" +
                                "the corresponding session's last access time based on the incoming request.", t);
                    }
                }

        if (!(context instanceof WebSubjectContext)) {
            return super.createSubject(context);
        }
        WebSubjectContext wsc = (WebSubjectContext) context;
        SecurityManager securityManager = wsc.resolveSecurityManager();
        Session session = wsc.resolveSession();
        PrincipalCollection principals = wsc.resolvePrincipals();
        boolean authenticated = wsc.resolveAuthenticated();
        String host = wsc.resolveHost();
        ServletRequest request = wsc.resolveServletRequest();
        ServletResponse response = wsc.resolveServletResponse();

        return StringUtils.clean(request.getParameter(paramName));
    }

    public static void saveRequest(ServletRequest request) {
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession();
        HttpServletRequest httpRequest = toHttp(request);
        SavedRequest savedRequest = new SavedRequest(httpRequest);
        session.setAttribute(SAVED_REQUEST_KEY, savedRequest);
    }

    public static SavedRequest getAndClearSavedRequest(ServletRequest request) {
        SavedRequest savedRequest = getSavedRequest(request);
        if (savedRequest != null) {
            Subject subject = SecurityUtils.getSubject();
            Session session = subject.getSession();
            session.removeAttribute(SAVED_REQUEST_KEY);
        }
        return savedRequest;
    }

    }

    public static SavedRequest getSavedRequest(ServletRequest request) {
        SavedRequest savedRequest = null;
        Subject subject = SecurityUtils.getSubject();
        Session session = subject.getSession(false);
        if (session != null) {
            savedRequest = (SavedRequest) session.getAttribute(SAVED_REQUEST_KEY);
        }
        return savedRequest;
    }

        } else {
            if (this.session == null) {

                boolean existing = getSubject().getSession(false) != null;

                Session jsecSession = getSubject().getSession(create);
                if (jsecSession != null) {
                    this.session = new ShiroHttpSession(jsecSession, this, this.servletContext);
                    if (!existing) {
                        setAttribute(REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
                    }

     * @param sessionId the id of the cached session to acquire.
     * @return the cached session with the corresponding {@code sessionId}, or {@code null} if the session
     *         does not exist or is not cached.
     */
    protected Session getCachedSession(Serializable sessionId) {
        Session cached = null;
        if (sessionId != null) {
            Cache<Serializable, Session> cache = getActiveSessionsCacheLazy();
            if (cache != null) {
                cached = getCachedSession(sessionId, cache);
            }

     * @param sessionId the id of the session to retrieve from the EIS.
     * @return the session identified by {@code sessionId} in the EIS.
     * @throws UnknownSessionException if the id specified does not correspond to any session in the cache or EIS.
     */
    public Session readSession(Serializable sessionId) throws UnknownSessionException {
        Session s = getCachedSession(sessionId);
        if (s == null) {
            s = super.readSession(sessionId);
        }
        return s;
    }

     * @param sessionId the id of the session to retrieve from the EIS.
     * @return the session identified by <tt>sessionId</tt> in the EIS.
     * @throws UnknownSessionException if the id specified does not correspond to any session in the EIS.
     */
    public Session readSession(Serializable sessionId) throws UnknownSessionException {
        Session s = doReadSession(sessionId);
        if (s == null) {
            throw new UnknownSessionException("There is no session with id [" + sessionId + "]");
        }
        return s;
    }

    return new CaptchaUsernamePasswordToken(username, password, rememberMe, host, captcha);
  }

  // 验证码校验
  protected void doCaptchaValidate(CaptchaUsernamePasswordToken token) {
    Session session = SecurityUtils.getSubject().getSession();
    if (session == null) {
      throw new UnknownSessionException("Unable found required Session");
    } else {
      if (session.getAttribute(DEFAULT_CAPTCHA_PARAM) != null) {
        String captcha = session.getAttribute(DEFAULT_CAPTCHA_PARAM).toString();
        // String captcha = CookieUtils.getCookie(request, AppConstants.CAPTCHA_NAME);
        if (token.getCaptcha() != null &&
            captcha.equalsIgnoreCase(EncriptionUtils.encrypt(token.getCaptcha()))) {
          return;
        }