public class ReactiveLifecycleAwareSessionManager extends LifecycleAwareSessionManagerSupport implements ReactiveSessionManager, DisposableBean
session
manager. This ReactiveSessionManager obtains tokens from an
authentication method upon request guaranteeing a token to be obtained only once if multiple threads attempt to
obtain a token concurrently.
Tokens are renewed asynchronously if a token has a lease duration. This happens 5
seconds before the token expires, see LifecycleAwareSessionManagerSupport.REFRESH_PERIOD_BEFORE_EXPIRY.
This ReactiveSessionManager also implements DisposableBean to revoke
the LoginToken once it's not required anymore. Token revocation will stop
regular token refresh. Tokens are only revoked only if the associated
VaultTokenSupplier returns a LoginToken.
If Token renewal runs into a client-side error, it assumes the token was revoked/expired. It discards the token state so the next attempt will lead to another login attempt.
By default, VaultToken are looked up in Vault to determine renewability and the
remaining TTL, see LifecycleAwareSessionManagerSupport.setTokenSelfLookupEnabled(boolean).
The session manager dispatches authentication events to AuthenticationListener
and AuthenticationErrorListener.
This class is thread-safe and uses lock-free synchronization.
LoginToken,
ReactiveSessionManager,
TaskScheduler,
AuthenticationEventPublisher| Modifier and Type | Class and Description |
|---|---|
protected static class |
ReactiveLifecycleAwareSessionManager.TokenWrapper
Wraps a
VaultToken and specifies whether the token is revocable on factory
shutdown. |
LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger, LifecycleAwareSessionManagerSupport.OneShotTrigger, LifecycleAwareSessionManagerSupport.RefreshTriggerlogger, REFRESH_PERIOD_BEFORE_EXPIRY| Constructor and Description |
|---|
ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication,
TaskScheduler taskScheduler,
WebClient webClient)
Create a
ReactiveLifecycleAwareSessionManager given
ClientAuthentication, TaskScheduler and WebClient. |
ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication,
TaskScheduler taskScheduler,
WebClient webClient,
LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger)
Create a
ReactiveLifecycleAwareSessionManager given
VaultTokenSupplier, TaskScheduler and WebClient. |
| Modifier and Type | Method and Description |
|---|---|
void |
destroy() |
protected Mono<Void> |
doRevoke(Mono<ReactiveLifecycleAwareSessionManager.TokenWrapper> tokenMono) |
Mono<VaultToken> |
getVaultToken()
Return a
VaultToken. |
protected boolean |
isTokenRenewable(VaultToken token) |
Mono<VaultToken> |
renewToken()
Performs a token refresh.
|
protected Mono<Void> |
revoke(VaultToken token)
Revoke a
VaultToken. |
protected void |
revokeNow(Mono<ReactiveLifecycleAwareSessionManager.TokenWrapper> tokenMono)
Revoke a
VaultToken now and block execution until revocation completes. |
getRefreshTrigger, getTaskScheduler, isExpired, isTokenSelfLookupEnabled, setLeaseStrategy, setTokenSelfLookupEnabledaddAuthenticationListener, addErrorListener, removeAuthenticationListener, removeErrorListenerclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitgetSessionTokenpublic ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication, TaskScheduler taskScheduler, WebClient webClient)
ReactiveLifecycleAwareSessionManager given
ClientAuthentication, TaskScheduler and WebClient.clientAuthentication - must not be null.taskScheduler - must not be null.webClient - must not be null.public ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication, TaskScheduler taskScheduler, WebClient webClient, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger)
ReactiveLifecycleAwareSessionManager given
VaultTokenSupplier, TaskScheduler and WebClient.clientAuthentication - must not be null.taskScheduler - must not be null.webClient - must not be null.refreshTrigger - must not be null.public void destroy()
destroy in interface DisposableBeanprotected void revokeNow(Mono<ReactiveLifecycleAwareSessionManager.TokenWrapper> tokenMono)
VaultToken now and block execution until revocation completes.tokenMono - protected Mono<Void> doRevoke(Mono<ReactiveLifecycleAwareSessionManager.TokenWrapper> tokenMono)
protected Mono<Void> revoke(VaultToken token)
VaultToken.token - the token to revoke, must not be null.public Mono<VaultToken> renewToken()
VaultToken if the refresh was successful or a new token was
obtained. Mono.empty() if a new the token expired or
Mono.error(Throwable) if refresh failed.public Mono<VaultToken> getVaultToken() throws VaultException
VaultTokenSupplierVaultToken. This can declare a Vault login flow to obtain a
token.getVaultToken in interface VaultTokenSupplierMono with the VaultToken.VaultExceptionprotected boolean isTokenRenewable(VaultToken token)
Copyright © 2016–2020 Pivotal Software, Inc.. All rights reserved.