Class LifecycleAwareSessionManager
- All Implemented Interfaces:
DisposableBean
,SessionManager
Session Manager
. This SessionManager
obtains tokens from a ClientAuthentication
upon request
synchronizing multiple threads attempting to obtain a token concurrently.
Tokens are renewed asynchronously if a token has a lease duration. This happens 5
seconds before the token expires, see LifecycleAwareSessionManagerSupport.REFRESH_PERIOD_BEFORE_EXPIRY
.
This SessionManager
also implements DisposableBean
to revoke the
LoginToken
once it's not required anymore. Token revocation will stop regular
token refresh. Tokens are only revoked only if the associated
ClientAuthentication
returns a LoginToken
.
If Token renewal runs into a client-side error, it assumes the token was revoked/expired. It discards the token state so the next attempt will lead to another login attempt.
By default, VaultToken
are looked up in Vault to determine renewability and the
remaining TTL, see LifecycleAwareSessionManagerSupport.setTokenSelfLookupEnabled(boolean)
.
The session manager dispatches authentication events to AuthenticationListener
and AuthenticationErrorListener
. Event notifications are dispatched either on
the calling Thread
or worker threads used for background renewal.
This class is thread-safe.
- Author:
- Mark Paluch, Steven Swor, Iouri Goussev
- See Also:
-
Nested Class Summary
Modifier and TypeClassDescriptionprotected static class
Wraps aVaultToken
and specifies whether the token is revocable on factory shutdown.Nested classes/interfaces inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport
LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger, LifecycleAwareSessionManagerSupport.OneShotTrigger, LifecycleAwareSessionManagerSupport.RefreshTrigger
-
Field Summary
Fields inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport
logger, REFRESH_PERIOD_BEFORE_EXPIRY
-
Constructor Summary
ConstructorDescriptionLifecycleAwareSessionManager
(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations) LifecycleAwareSessionManager
(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger) -
Method Summary
Modifier and TypeMethodDescriptionvoid
destroy()
Obtain a session token.getToken()
The token state: Contains the currently valid token that identifies the Vault session.protected boolean
protected VaultToken
login()
boolean
Performs a token refresh.protected void
revoke
(VaultToken token) Revoke aVaultToken
.protected void
Methods inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport
getRefreshTrigger, getTaskScheduler, isExpired, isTokenSelfLookupEnabled, setLeaseStrategy, setTokenSelfLookupEnabled
Methods inherited from class org.springframework.vault.authentication.AuthenticationEventPublisher
addAuthenticationListener, addErrorListener, removeAuthenticationListener, removeErrorListener
-
Constructor Details
-
LifecycleAwareSessionManager
public LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations) - Parameters:
clientAuthentication
- must not be null.taskScheduler
- must not be null.restOperations
- must not be null.- Since:
- 1.0.1
-
LifecycleAwareSessionManager
public LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger) - Parameters:
clientAuthentication
- must not be null.taskScheduler
- must not be null.restOperations
- must not be null.refreshTrigger
- must not be null.- Since:
- 1.0.1
-
-
Method Details
-
getToken
The token state: Contains the currently valid token that identifies the Vault session. -
setToken
-
destroy
public void destroy()- Specified by:
destroy
in interfaceDisposableBean
-
revoke
Revoke aVaultToken
.- Parameters:
token
- the token to revoke, must not be null.
-
renewToken
public boolean renewToken()Performs a token refresh. Create a new token if no token was obtained before. If a token was obtained before, it uses self-renewal to renew the current token. Client-side errors (like permission denied) indicate the token cannot be renewed because it's expired or simply not found.- Returns:
- true if the refresh was successful. false if a new token was obtained or refresh failed.
-
getSessionToken
Description copied from interface:SessionManager
Obtain a session token.- Specified by:
getSessionToken
in interfaceSessionManager
- Returns:
- a session token.
-
login
-
isTokenRenewable
protected boolean isTokenRenewable()- Returns:
- true if the token is renewable.
-