/** * Immediately delegates to the underlying proxied session. */ public void touch() throws InvalidSessionException { delegate.touch(); }
public void touch(SessionKey key) throws InvalidSessionException { Session s = lookupRequiredSession(key); s.touch(); onChange(s); }
/** * Updates any 'native' Session's last access time that might exist to the timestamp when this method is called. * If native sessions are not enabled (that is, standard Servlet container sessions are being used) or there is no * session ({@code subject.getSession(false) == null}), this method does nothing. * <p/>This method implementation merely calls * <code>Session.{@link org.apache.shiro.session.Session#touch() touch}()</code> on the session. * * @param request incoming request - ignored, but available to subclasses that might wish to override this method * @param response outgoing response - ignored, but available to subclasses that might wish to override this method * @since 1.0 */ @SuppressWarnings({"UnusedDeclaration"}) protected void updateSessionLastAccessTime(ServletRequest request, ServletResponse response) { if (!isHttpSessions()) { //'native' sessions Subject subject = SecurityUtils.getSubject(); //Subject should never _ever_ be null, but just in case: if (subject != null) { Session session = subject.getSession(false); if (session != null) { try { session.touch(); } catch (Throwable t) { log.error("session.touch() method invocation has failed. Unable to update" + "the corresponding session's last access time based on the incoming request.", t); } } } } }
session.touch(); } else { LOG.debug("Not extending session because the request indicated not to.");
@GET @ApiOperation(value = "Validate an existing session", notes = "Checks the session with the given ID: returns http status 204 (No Content) if session is valid.", code = 204 ) public SessionValidationResponse validateSession(@Context ContainerRequestContext requestContext) { try { this.authenticationFilter.filter(requestContext); } catch (NotAuthorizedException | LockedAccountException | IOException e) { return SessionValidationResponse.invalid(); } final Subject subject = getSubject(); if (!subject.isAuthenticated()) { return SessionValidationResponse.invalid(); } // there's no valid session, but the authenticator would like us to create one if (subject.getSession(false) == null && ShiroSecurityContext.isSessionCreationRequested()) { final Session session = subject.getSession(); LOG.debug("Session created {}", session.getId()); session.touch(); // save subject in session, otherwise we can't get the username back in subsequent requests. ((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getSubjectDAO().save(subject); return SessionValidationResponse.validWithNewSession(String.valueOf(session.getId()), String.valueOf(subject.getPrincipal())); } return SessionValidationResponse.valid(); }
/** * Immediately delegates to the underlying proxied session. */ public void touch() throws InvalidSessionException { delegate.touch(); }
public void touch(SessionKey key) throws InvalidSessionException { Session s = lookupRequiredSession(key); s.touch(); onChange(s); }
/** * Immediately delegates to the underlying proxied session. */ public void touch() throws InvalidSessionException { delegate.touch(); }
if(SecurityUtils.getSubject().isAuthenticated()) { Session session = SecurityUtils.getSubject().getSession(false); try { session.touch(); } catch (ExpiredSessionException e) { // timeout case. } } else { // not login case. }
public void touch(SessionKey key) throws InvalidSessionException { Session s = lookupRequiredSession(key); s.touch(); onChange(s); }
session.touch(); } else { LOG.debug("Not extending session because the request indicated not to.");
@GET @ApiOperation(value = "Validate an existing session", notes = "Checks the session with the given ID: returns http status 204 (No Content) if session is valid.", code = 204 ) public SessionValidationResponse validateSession(@Context ContainerRequestContext requestContext) { try { this.authenticationFilter.filter(requestContext); } catch (NotAuthorizedException | LockedAccountException | IOException e) { return SessionValidationResponse.invalid(); } final Subject subject = getSubject(); if (!subject.isAuthenticated()) { return SessionValidationResponse.invalid(); } // there's no valid session, but the authenticator would like us to create one if (subject.getSession(false) == null && ShiroSecurityContext.isSessionCreationRequested()) { final Session session = subject.getSession(); LOG.debug("Session created {}", session.getId()); session.touch(); // save subject in session, otherwise we can't get the username back in subsequent requests. ((DefaultSecurityManager) SecurityUtils.getSecurityManager()).getSubjectDAO().save(subject); return SessionValidationResponse.validWithNewSession(String.valueOf(session.getId()), String.valueOf(subject.getPrincipal())); } return SessionValidationResponse.valid(); }