public class ReactiveLifecycleAwareSessionManager extends LifecycleAwareSessionManagerSupport implements ReactiveSessionManager, DisposableBean
session
manager
. This ReactiveSessionManager
obtains tokens from an
authentication method
upon request
guaranteeing a token to be obtained only once if multiple threads attempt to
obtain a token concurrently.
Tokens are renewed asynchronously if a token has a lease duration. This happens 5
seconds before the token expires, see LifecycleAwareSessionManagerSupport.REFRESH_PERIOD_BEFORE_EXPIRY
.
This ReactiveSessionManager
also implements DisposableBean
to revoke
the LoginToken
once it's not required anymore. Token revocation will stop
regular token refresh. Tokens are only revoked only if the associated
VaultTokenSupplier
returns a LoginToken
.
If Token renewal runs into a client-side error, it assumes the token was revoked/expired. It discards the token state so the next attempt will lead to another login attempt.
By default, VaultToken
are looked up in Vault to determine renewability and the
remaining TTL, see LifecycleAwareSessionManagerSupport.setTokenSelfLookupEnabled(boolean)
.
The session manager dispatches authentication events to AuthenticationListener
and AuthenticationErrorListener
.
This class is thread-safe and uses lock-free synchronization.
LoginToken
,
ReactiveSessionManager
,
TaskScheduler
,
AuthenticationEventPublisher
Modifier and Type | Class and Description |
---|---|
protected static class |
ReactiveLifecycleAwareSessionManager.TokenWrapper
Wraps a
VaultToken and specifies whether the token is revocable on factory
shutdown. |
LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger, LifecycleAwareSessionManagerSupport.OneShotTrigger, LifecycleAwareSessionManagerSupport.RefreshTrigger
logger, REFRESH_PERIOD_BEFORE_EXPIRY
Constructor and Description |
---|
ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication,
TaskScheduler taskScheduler,
WebClient webClient)
Create a
ReactiveLifecycleAwareSessionManager given
ClientAuthentication , TaskScheduler and WebClient . |
ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication,
TaskScheduler taskScheduler,
WebClient webClient,
LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger)
Create a
ReactiveLifecycleAwareSessionManager given
VaultTokenSupplier , TaskScheduler and WebClient . |
Modifier and Type | Method and Description |
---|---|
void |
destroy() |
protected Mono<Void> |
doRevoke(Mono<ReactiveLifecycleAwareSessionManager.TokenWrapper> tokenMono) |
Mono<VaultToken> |
getVaultToken()
Return a
VaultToken . |
protected boolean |
isTokenRenewable(VaultToken token) |
Mono<VaultToken> |
renewToken()
Performs a token refresh.
|
protected Mono<Void> |
revoke(VaultToken token)
Revoke a
VaultToken . |
protected void |
revokeNow(Mono<ReactiveLifecycleAwareSessionManager.TokenWrapper> tokenMono)
Revoke a
VaultToken now and block execution until revocation completes. |
getRefreshTrigger, getTaskScheduler, isExpired, isTokenSelfLookupEnabled, setLeaseStrategy, setTokenSelfLookupEnabled
addAuthenticationListener, addErrorListener, removeAuthenticationListener, removeErrorListener
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
getSessionToken
public ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication, TaskScheduler taskScheduler, WebClient webClient)
ReactiveLifecycleAwareSessionManager
given
ClientAuthentication
, TaskScheduler
and WebClient
.clientAuthentication
- must not be null.taskScheduler
- must not be null.webClient
- must not be null.public ReactiveLifecycleAwareSessionManager(VaultTokenSupplier clientAuthentication, TaskScheduler taskScheduler, WebClient webClient, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger)
ReactiveLifecycleAwareSessionManager
given
VaultTokenSupplier
, TaskScheduler
and WebClient
.clientAuthentication
- must not be null.taskScheduler
- must not be null.webClient
- must not be null.refreshTrigger
- must not be null.public void destroy()
destroy
in interface DisposableBean
protected void revokeNow(Mono<ReactiveLifecycleAwareSessionManager.TokenWrapper> tokenMono)
VaultToken
now and block execution until revocation completes.tokenMono
- protected Mono<Void> doRevoke(Mono<ReactiveLifecycleAwareSessionManager.TokenWrapper> tokenMono)
protected Mono<Void> revoke(VaultToken token)
VaultToken
.token
- the token to revoke, must not be null.public Mono<VaultToken> renewToken()
VaultToken
if the refresh was successful or a new token was
obtained. Mono.empty()
if a new the token expired or
Mono.error(Throwable)
if refresh failed.public Mono<VaultToken> getVaultToken() throws VaultException
VaultTokenSupplier
VaultToken
. This can declare a Vault login flow to obtain a
token
.getVaultToken
in interface VaultTokenSupplier
Mono
with the VaultToken
.VaultException
protected boolean isTokenRenewable(VaultToken token)
Copyright © 2016–2021 Pivotal Software, Inc.. All rights reserved.