Class ReactiveLifecycleAwareSessionManager

All Implemented Interfaces:
DisposableBean, ReactiveSessionManager, VaultTokenSupplier

public class ReactiveLifecycleAwareSessionManager extends LifecycleAwareSessionManagerSupport implements ReactiveSessionManager, DisposableBean
Reactive implementation of Lifecycle-aware session manager. This ReactiveSessionManager obtains tokens from an authentication method upon request guaranteeing a token to be obtained only once if multiple threads attempt to obtain a token concurrently.

Tokens are renewed asynchronously if a token has a lease duration. This happens 5 seconds before the token expires, see LifecycleAwareSessionManagerSupport.REFRESH_PERIOD_BEFORE_EXPIRY.

This ReactiveSessionManager also implements DisposableBean to revoke the LoginToken once it's not required anymore. Token revocation will stop regular token refresh. Tokens are only revoked if the associated VaultTokenSupplier returns a service token.

If Token renewal runs into a client-side error, it assumes the token was revoked/expired. It discards the token state so the next attempt will lead to another login attempt.

By default, VaultToken are looked up in Vault to determine renewability, remaining TTL, accessor and type, see LifecycleAwareSessionManagerSupport.setTokenSelfLookupEnabled(boolean).

The session manager dispatches authentication events to AuthenticationListener and AuthenticationErrorListener.

This class is thread-safe and uses lock-free synchronization.

Since:
2.0
Author:
Mark Paluch
See Also: