Class LifecycleAwareSessionManager
java.lang.Object
org.springframework.vault.authentication.AuthenticationEventPublisher
org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport
org.springframework.vault.authentication.LifecycleAwareSessionManager
- All Implemented Interfaces:
DisposableBean,AuthenticationEventMulticaster,SessionManager
public class LifecycleAwareSessionManager
extends LifecycleAwareSessionManagerSupport
implements SessionManager, DisposableBean
Lifecycle-aware
Session Manager. This SessionManager
obtains tokens from a ClientAuthentication upon request synchronizing multiple threads attempting to obtain a token concurrently.
Tokens are renewed asynchronously if a token has a lease duration. This happens 5
seconds before the token expires, see LifecycleAwareSessionManagerSupport.REFRESH_PERIOD_BEFORE_EXPIRY.
This SessionManager also implements DisposableBean to revoke the
LoginToken once it's not required anymore. Token revocation will stop regular
token refresh. Tokens are only revoked if the associated ClientAuthentication
returns a service token.
If Token renewal runs into a client-side error, it assumes the token was revoked/expired. It discards the token state so the next attempt will lead to another login attempt.
By default, VaultToken are looked up in Vault to determine renewability,
remaining TTL, accessor and type, see LifecycleAwareSessionManagerSupport.setTokenSelfLookupEnabled(boolean).
The session manager dispatches authentication events to AuthenticationListener
and AuthenticationErrorListener. Event notifications are dispatched either on
the calling Thread or worker threads used for background renewal.
This class is thread-safe.
- Author:
- Mark Paluch, Steven Swor, Iouri Goussev
- See Also:
-
Nested Class Summary
Nested ClassesModifier and TypeClassDescriptionprotected static classWraps aVaultTokenand specifies whether the token is revocable on factory shutdown.Nested classes/interfaces inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport
LifecycleAwareSessionManagerSupport.FixedTimeoutRefreshTrigger, LifecycleAwareSessionManagerSupport.OneShotTrigger, LifecycleAwareSessionManagerSupport.RefreshTrigger -
Field Summary
Fields inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport
logger, REFRESH_PERIOD_BEFORE_EXPIRY -
Constructor Summary
ConstructorsConstructorDescriptionLifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations) LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger) -
Method Summary
Modifier and TypeMethodDescriptionvoiddestroy()Obtain a session token.getToken()The token state: Contains the currently valid token that identifies the Vault session.protected booleanprotected VaultTokenlogin()booleanPerforms a token refresh.voidrevoke()Revoke and drop the currentVaultToken.protected voidrevoke(VaultToken token) Revoke aVaultToken.protected voidMethods inherited from class org.springframework.vault.authentication.LifecycleAwareSessionManagerSupport
getRefreshTrigger, getTaskScheduler, isExpired, isTokenSelfLookupEnabled, setLeaseStrategy, setTokenSelfLookupEnabledMethods inherited from class org.springframework.vault.authentication.AuthenticationEventPublisher
addAuthenticationListener, addErrorListener, multicastEvent, multicastEvent, removeAuthenticationListener, removeErrorListener
-
Constructor Details
-
LifecycleAwareSessionManager
public LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations) - Parameters:
clientAuthentication- must not be null.taskScheduler- must not be null.restOperations- must not be null.- Since:
- 1.0.1
-
LifecycleAwareSessionManager
public LifecycleAwareSessionManager(ClientAuthentication clientAuthentication, TaskScheduler taskScheduler, RestOperations restOperations, LifecycleAwareSessionManagerSupport.RefreshTrigger refreshTrigger) - Parameters:
clientAuthentication- must not be null.taskScheduler- must not be null.restOperations- must not be null.refreshTrigger- must not be null.- Since:
- 1.0.1
-
-
Method Details
-
getToken
The token state: Contains the currently valid token that identifies the Vault session. -
setToken
-
destroy
public void destroy()- Specified by:
destroyin interfaceDisposableBean
-
revoke
public void revoke()Revoke and drop the currentVaultToken.- Since:
- 3.0.2
-
revoke
Revoke aVaultToken.- Parameters:
token- the token to revoke, must not be null.
-
renewToken
public boolean renewToken()Performs a token refresh. Create a new token if no token was obtained before. If a token was obtained before, it uses self-renewal to renew the current token. Client-side errors (like permission denied) indicate the token cannot be renewed because it's expired or simply not found.- Returns:
- true if the refresh was successful. false if a new token was obtained or refresh failed.
-
getSessionToken
Description copied from interface:SessionManagerObtain a session token.- Specified by:
getSessionTokenin interfaceSessionManager- Returns:
- a session token.
-
login
-
isTokenRenewable
protected boolean isTokenRenewable()- Returns:
- true if the token is renewable.
-