public class LifecycleAwareSessionManager extends LifecycleAwareSessionManagerSupport implements SessionManager, DisposableBean
Session Manager
. This SessionManager
obtains tokens from a ClientAuthentication
upon request
synchronizing multiple threads attempting to obtain a token concurrently.
Tokens are renewed asynchronously if a token has a lease duration. This happens 5
seconds before the token expires, see LifecycleAwareSessionManagerSupport.REFRESH_PERIOD_BEFORE_EXPIRY
.
This SessionManager
also implements DisposableBean
to revoke the
LoginToken
once it's not required anymore. Token revocation will stop regular
token refresh. Tokens are only revoked only if the associated
ClientAuthentication
returns a LoginToken
.
If Token renewal runs into a client-side error, it assumes the token was revoked/expired. It discards the token state so the next attempt will lead to another login attempt.
By default, VaultToken
are looked up in Vault to determine renewability and the
remaining TTL, see LifecycleAwareSessionManagerSupport.setTokenSelfLookupEnabled(boolean)
.
The session manager dispatches authentication events to AuthenticationListener
and AuthenticationErrorListener
. Event notifications are dispatched either on
the calling Thread
or worker threads used for background renewal.
This class is thread-safe.
LoginToken
,
SessionManager
,
TaskScheduler
,
AuthenticationEventPublisher
Modifier and Type | Class and Description |
---|---|
protected static class |
LifecycleAwareSessionManager.TokenWrapper
Wraps a
VaultToken and specifies whether the token is revocable on factory
shutdown. |
LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger, LifecycleAwareSessionManagerSupport.OneShotTrigger, LifecycleAwareSessionManagerSupport.RefreshTrigger
logger, REFRESH_PERIOD_BEFORE_EXPIRY
Constructor and Description |
---|
LifecycleAwareSessionManager(ClientAuthentication clientAuthentication,
TaskScheduler taskScheduler,
RestOperations restOperations)
|
LifecycleAwareSessionManager(ClientAuthentication clientAuthentication,
TaskScheduler taskScheduler,
RestOperations restOperations,
LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger)
|
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
VaultToken |
getSessionToken()
Obtain a session token.
|
protected Optional<LifecycleAwareSessionManager.TokenWrapper> |
getToken()
The token state: Contains the currently valid token that identifies the Vault
session.
|
protected boolean |
isTokenRenewable() |
protected VaultToken |
login() |
boolean |
renewToken()
Performs a token refresh.
|
protected void |
revoke(VaultToken token)
Revoke a
VaultToken . |
protected void |
setToken(Optional<LifecycleAwareSessionManager.TokenWrapper> token) |
getRefreshTrigger, getTaskScheduler, isExpired, isTokenSelfLookupEnabled, setLeaseStrategy, setTokenSelfLookupEnabled
addAuthenticationListener, addErrorListener, removeAuthenticationListener, removeErrorListener
public LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations)
clientAuthentication
- must not be null.taskScheduler
- must not be null.restOperations
- must not be null.public LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger)
clientAuthentication
- must not be null.taskScheduler
- must not be null.restOperations
- must not be null.refreshTrigger
- must not be null.protected Optional<LifecycleAwareSessionManager.TokenWrapper> getToken()
protected void setToken(Optional<LifecycleAwareSessionManager.TokenWrapper> token)
public void destroy()
destroy
in interface DisposableBean
protected void revoke(VaultToken token)
VaultToken
.token
- the token to revoke, must not be null.public boolean renewToken()
public VaultToken getSessionToken()
SessionManager
getSessionToken
in interface SessionManager
protected VaultToken login()
protected boolean isTokenRenewable()
Copyright © 2016–2021 Pivotal Software, Inc.. All rights reserved.