public class LifecycleAwareSessionManager extends LifecycleAwareSessionManagerSupport implements SessionManager, DisposableBean
Session Manager
. This SessionManager
obtains tokens from a ClientAuthentication
upon request
synchronizing multiple threads attempting to obtain a token concurrently.
Tokens are renewed asynchronously if a token has a lease duration. This happens 5
seconds before the token expires, see LifecycleAwareSessionManagerSupport.REFRESH_PERIOD_BEFORE_EXPIRY
.
This SessionManager
also implements DisposableBean
to revoke the
LoginToken
once it's not required anymore. Token revocation will stop regular
token refresh. Tokens are only revoked only if the associated
ClientAuthentication
returns a LoginToken
.
If Token renewal runs into a client-side error, it assumes the token was revoked/expired. It discards the token state so the next attempt will lead to another login attempt.
By default, VaultToken
are looked up in Vault to determine renewability and the
remaining TTL, see LifecycleAwareSessionManagerSupport.setTokenSelfLookupEnabled(boolean)
.
This class is thread-safe.
LoginToken
,
SessionManager
,
TaskScheduler
LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger, LifecycleAwareSessionManagerSupport.RefreshTrigger
logger, REFRESH_PERIOD_BEFORE_EXPIRY
Constructor and Description |
---|
LifecycleAwareSessionManager(ClientAuthentication clientAuthentication,
TaskScheduler taskScheduler,
RestOperations restOperations)
|
LifecycleAwareSessionManager(ClientAuthentication clientAuthentication,
TaskScheduler taskScheduler,
RestOperations restOperations,
LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger)
|
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
VaultToken |
getSessionToken()
Obtain a session token.
|
protected boolean |
isTokenRenewable() |
protected VaultToken |
login() |
protected boolean |
renewToken()
Performs a token refresh.
|
protected void |
revoke(VaultToken token)
Revoke a
VaultToken . |
getRefreshTrigger, getTaskScheduler, isExpired, isTokenSelfLookupEnabled, setTokenSelfLookupEnabled
public LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations)
clientAuthentication
- must not be null.taskScheduler
- must not be null.restOperations
- must not be null.public LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger)
clientAuthentication
- must not be null.taskScheduler
- must not be null.restOperations
- must not be null.refreshTrigger
- must not be null.public void destroy()
destroy
in interface DisposableBean
protected void revoke(VaultToken token)
VaultToken
.token
- the token to revoke, must not be null.protected boolean renewToken()
public VaultToken getSessionToken()
SessionManager
getSessionToken
in interface SessionManager
protected VaultToken login()
protected boolean isTokenRenewable()
Copyright © 2016–2019 Pivotal Software, Inc.. All rights reserved.