Package org.springframework.vault.authentication

Class LifecycleAwareSessionManager

java.lang.Object

org.springframework.vault.authentication.AuthenticationEventPublisher

org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport

org.springframework.vault.authentication.LifecycleAwareSessionManager

All Implemented Interfaces:

DisposableBean, SessionManager

public class LifecycleAwareSessionManager
extends LifecycleAwareSessionManagerSupport
implements SessionManager, DisposableBean

Lifecycle-aware Session Manager. This SessionManager obtains tokens from a ClientAuthentication upon request synchronizing multiple threads attempting to obtain a token concurrently.

Tokens are renewed asynchronously if a token has a lease duration. This happens 5 seconds before the token expires, see LifecycleAwareSessionManagerSupport.REFRESH_PERIOD_BEFORE_EXPIRY.

This SessionManager also implements DisposableBean to revoke the LoginToken once it's not required anymore. Token revocation will stop regular token refresh. Tokens are only revoked only if the associated ClientAuthentication returns a LoginToken.

If Token renewal runs into a client-side error, it assumes the token was revoked/expired. It discards the token state so the next attempt will lead to another login attempt.

By default, VaultToken are looked up in Vault to determine renewability and the remaining TTL, see LifecycleAwareSessionManagerSupport.setTokenSelfLookupEnabled(boolean).

The session manager dispatches authentication events to AuthenticationListener and AuthenticationErrorListener. Event notifications are dispatched either on the calling Thread or worker threads used for background renewal.

This class is thread-safe.

Author:

Mark Paluch, Steven Swor, Iouri Goussev

See Also:

• LoginToken
• SessionManager
• TaskScheduler
• AuthenticationEventPublisher

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
protected static class	LifecycleAwareSessionManager.TokenWrapper	Wraps a VaultToken and specifies whether the token is revocable on factory shutdown.

Nested classes/interfaces inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport

LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger, LifecycleAwareSessionManagerSupport.OneShotTrigger, LifecycleAwareSessionManagerSupport.RefreshTrigger

Field Summary

Fields inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport

logger, REFRESH_PERIOD_BEFORE_EXPIRY

Constructor Summary

Constructors

Constructor	Description
LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations)	Create a LifecycleAwareSessionManager given ClientAuthentication, TaskScheduler and RestOperations.
LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger)	Create a LifecycleAwareSessionManager given ClientAuthentication, TaskScheduler and RestOperations.

Method Summary

Modifier and Type	Method	Description
void	destroy()
VaultToken	getSessionToken()	Obtain a session token.
protected Optional<LifecycleAwareSessionManager.TokenWrapper>	getToken()	The token state: Contains the currently valid token that identifies the Vault session.
protected boolean	isTokenRenewable()
protected VaultToken	login()
boolean	renewToken()	Performs a token refresh.
protected void	revoke(VaultToken token)	Revoke a VaultToken.
protected void	setToken(Optional<LifecycleAwareSessionManager.TokenWrapper> token)

Methods inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport

getRefreshTrigger, getTaskScheduler, isExpired, isTokenSelfLookupEnabled, setLeaseStrategy, setTokenSelfLookupEnabled

Methods inherited from class org.springframework.vault.authentication.AuthenticationEventPublisher

addAuthenticationListener, addErrorListener, removeAuthenticationListener, removeErrorListener

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

LifecycleAwareSessionManager

public LifecycleAwareSessionManager(ClientAuthentication clientAuthentication,
 TaskScheduler taskScheduler,
 RestOperations restOperations)

Create a LifecycleAwareSessionManager given ClientAuthentication, TaskScheduler and RestOperations.

Parameters:

clientAuthentication - must not be null.

taskScheduler - must not be null.

restOperations - must not be null.

Since:

1.0.1

LifecycleAwareSessionManager

public LifecycleAwareSessionManager(ClientAuthentication clientAuthentication,
 TaskScheduler taskScheduler,
 RestOperations restOperations,
 LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger)

Create a LifecycleAwareSessionManager given ClientAuthentication, TaskScheduler and RestOperations.

Parameters:

clientAuthentication - must not be null.

taskScheduler - must not be null.

restOperations - must not be null.

refreshTrigger - must not be null.

Since:

1.0.1

Method Details

getToken

protected Optional<LifecycleAwareSessionManager.TokenWrapper> getToken()

The token state: Contains the currently valid token that identifies the Vault session.

setToken

protected void setToken(Optional<LifecycleAwareSessionManager.TokenWrapper> token)

destroy

public void destroy()

Specified by:

destroy in interface DisposableBean

revoke

protected void revoke(VaultToken token)

Revoke a VaultToken.

Parameters:

token - the token to revoke, must not be null.

renewToken

public boolean renewToken()

Performs a token refresh. Create a new token if no token was obtained before. If a token was obtained before, it uses self-renewal to renew the current token. Client-side errors (like permission denied) indicate the token cannot be renewed because it's expired or simply not found.

Returns:

true if the refresh was successful. false if a new token was obtained or refresh failed.

getSessionToken

public VaultToken getSessionToken()

Description copied from interface: SessionManager

Obtain a session token.

Specified by:

getSessionToken in interface SessionManager

Returns:

a session token.

login

protected VaultToken login()

isTokenRenewable

protected boolean isTokenRenewable()

Returns:

true if the token is renewable.