org.springframework.vault.authentication

Class LifecycleAwareSessionManager

java.lang.Object

org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport

org.springframework.vault.authentication.LifecycleAwareSessionManager

All Implemented Interfaces:

DisposableBean, SessionManager

public class LifecycleAwareSessionManager
extends LifecycleAwareSessionManagerSupport
implements SessionManager, DisposableBean

Lifecycle-aware Session Manager. This SessionManager obtains tokens from a ClientAuthentication upon request synchronizing multiple threads attempting to obtain a token concurrently.

Tokens are renewed asynchronously if a token has a lease duration. This happens 5 seconds before the token expires, see LifecycleAwareSessionManagerSupport.REFRESH_PERIOD_BEFORE_EXPIRY.

This SessionManager also implements DisposableBean to revoke the LoginToken once it's not required anymore. Token revocation will stop regular token refresh. Tokens are only revoked only if the associated ClientAuthentication returns a LoginToken.

If Token renewal runs into a client-side error, it assumes the token was revoked/expired. It discards the token state so the next attempt will lead to another login attempt.

By default, VaultToken are looked up in Vault to determine renewability and the remaining TTL, see LifecycleAwareSessionManagerSupport.setTokenSelfLookupEnabled(boolean).

This class is thread-safe.

Author:

Mark Paluch, Steven Swor

See Also:

LoginToken, SessionManager, TaskScheduler

Nested Class Summary

Nested classes/interfaces inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport

LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger, LifecycleAwareSessionManagerSupport.RefreshTrigger

Field Summary

Fields inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport

logger, REFRESH_PERIOD_BEFORE_EXPIRY

Constructor Summary

Constructors

Constructor and Description
LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations) Create a LifecycleAwareSessionManager given ClientAuthentication, TaskScheduler and RestOperations.
LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger) Create a LifecycleAwareSessionManager given ClientAuthentication, TaskScheduler and RestOperations.

Method Summary

Modifier and Type	Method and Description
void	destroy()
VaultToken	getSessionToken() Obtain a session token.
protected boolean	isTokenRenewable()
protected VaultToken	login()
protected boolean	renewToken() Performs a token refresh.
protected void	revoke(VaultToken token) Revoke a VaultToken.

Methods inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport

getRefreshTrigger, getTaskScheduler, isExpired, isTokenSelfLookupEnabled, setTokenSelfLookupEnabled

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

LifecycleAwareSessionManager

public LifecycleAwareSessionManager(ClientAuthentication clientAuthentication,
                                    TaskScheduler taskScheduler,
                                    RestOperations restOperations)

Create a LifecycleAwareSessionManager given ClientAuthentication, TaskScheduler and RestOperations.

Parameters:

clientAuthentication - must not be null.

taskScheduler - must not be null.

restOperations - must not be null.

Since:

1.0.1

LifecycleAwareSessionManager

public LifecycleAwareSessionManager(ClientAuthentication clientAuthentication,
                                    TaskScheduler taskScheduler,
                                    RestOperations restOperations,
                                    LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger)

Create a LifecycleAwareSessionManager given ClientAuthentication, TaskScheduler and RestOperations.

Parameters:

clientAuthentication - must not be null.

taskScheduler - must not be null.

restOperations - must not be null.

refreshTrigger - must not be null.

Since:

1.0.1

Method Detail

destroy

public void destroy()

Specified by:

destroy in interface DisposableBean

revoke

protected void revoke(VaultToken token)

Revoke a VaultToken.

Parameters:

token - the token to revoke, must not be null.

renewToken

protected boolean renewToken()

Performs a token refresh. Create a new token if no token was obtained before. If a token was obtained before, it uses self-renewal to renew the current token. Client-side errors (like permission denied) indicate the token cannot be renewed because it's expired or simply not found.

Returns:

true if the refresh was successful. false if a new token was obtained or refresh failed.

getSessionToken

public VaultToken getSessionToken()

Description copied from interface: SessionManager

Obtain a session token.

Specified by:

getSessionToken in interface SessionManager

Returns:

a session token.

login

protected VaultToken login()

isTokenRenewable

protected boolean isTokenRenewable()

Returns:

true if the token is renewable.