Class LifecycleAwareSessionManagerSupport
java.lang.Object
org.springframework.vault.authentication.AuthenticationEventPublisher
org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport
- Direct Known Subclasses:
LifecycleAwareSessionManager
,ReactiveLifecycleAwareSessionManager
Support class to build Lifecycle-aware Session Manager implementations, defining common
properties such as the
TaskScheduler
and LifecycleAwareSessionManagerSupport.RefreshTrigger
. Typically used
within the framework itself.
Not intended to be used directly.
- Since:
- 2.0
- Author:
- Mark Paluch
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic class
LifecycleAwareSessionManagerSupport.RefreshTrigger
implementation using a fixed timeout to schedule renewal before aLoginToken
expires.protected static class
This one-shot trigger creates only one execution time to trigger an execution only once.static interface
Common interface for trigger objects that determine the next execution time of a refresh task. -
Field Summary
Modifier and TypeFieldDescriptionprotected final Log
Logger available to subclasses.static final int
Refresh 5 seconds before the token expires. -
Constructor Summary
ConstructorDescriptionLifecycleAwareSessionManagerSupport
(TaskScheduler taskScheduler) Create aLifecycleAwareSessionManager
givenTaskScheduler
.LifecycleAwareSessionManagerSupport
(TaskScheduler taskScheduler, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger) -
Method Summary
Modifier and TypeMethodDescriptionprotected TaskScheduler
protected boolean
isExpired
(LoginToken loginToken) Check whether the Token falls below itsvalidity threshold
.protected boolean
Returns whether token self-lookup is enabled to augmentVaultToken
obtained from aClientAuthentication
.void
setLeaseStrategy
(LeaseStrategy leaseStrategy) Set theLeaseStrategy
for lease renewal error handling.void
setTokenSelfLookupEnabled
(boolean tokenSelfLookupEnabled) Enables/disables token self-lookup.Methods inherited from class org.springframework.vault.authentication.AuthenticationEventPublisher
addAuthenticationListener, addErrorListener, removeAuthenticationListener, removeErrorListener
-
Field Details
-
REFRESH_PERIOD_BEFORE_EXPIRY
public static final int REFRESH_PERIOD_BEFORE_EXPIRYRefresh 5 seconds before the token expires.- See Also:
-
logger
Logger available to subclasses.
-
-
Constructor Details
-
LifecycleAwareSessionManagerSupport
Create aLifecycleAwareSessionManager
givenTaskScheduler
. UsingDEFAULT_TRIGGER
to trigger refresh.- Parameters:
taskScheduler
- must not be null.
-
LifecycleAwareSessionManagerSupport
public LifecycleAwareSessionManagerSupport(TaskScheduler taskScheduler, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger) Create aLifecycleAwareSessionManager
givenTaskScheduler
andLifecycleAwareSessionManagerSupport.RefreshTrigger
.- Parameters:
taskScheduler
- must not be null.refreshTrigger
- must not be null.
-
-
Method Details
-
isTokenSelfLookupEnabled
protected boolean isTokenSelfLookupEnabled()Returns whether token self-lookup is enabled to augmentVaultToken
obtained from aClientAuthentication
. Self-lookup determines whether a token is renewable and its TTL. Self lookup is skipped forLoginToken
. Self-lookup requests decrement token usage count by one. Skipped forLoginToken
.Self-lookup for tokens without a permission to access
auth/token/lookup-self
will fail gracefully and continue without token renewal.- Returns:
- true to enable self-lookup, false to disable self-lookup. Enabled by default.
-
setTokenSelfLookupEnabled
public void setTokenSelfLookupEnabled(boolean tokenSelfLookupEnabled) Enables/disables token self-lookup. Self-lookup augmentsVaultToken
obtained from aClientAuthentication
. Self-lookup determines whether a token is renewable and its TTL.- Parameters:
tokenSelfLookupEnabled
- true to enable self-lookup, false to disable self-lookup. Enabled by default.
-
setLeaseStrategy
Set theLeaseStrategy
for lease renewal error handling.- Parameters:
leaseStrategy
- theLeaseStrategy
, must not be null.- Since:
- 2.2
-
getTaskScheduler
- Returns:
- the underlying
TaskScheduler
.
-
getRefreshTrigger
- Returns:
- the underlying
LifecycleAwareSessionManagerSupport.RefreshTrigger
.
-
isExpired
Check whether the Token falls below itsvalidity threshold
. Typically used to discard a token.- Parameters:
loginToken
- must not be null.- Returns:
- true if token validity falls below validity threshold, false if still valid.
-