/*

  * Licensed to the Apache Software Foundation (ASF) under one

  * or more contributor license agreements.  See the NOTICE file

  * distributed with this work for additional information

  * regarding copyright ownership.  The ASF licenses this file

  * to you under the Apache License, Version 2.0 (the

  * "License"); you may not use this file except in compliance

  * with the License.  You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing,

  * software distributed under the License is distributed on an

  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

  * KIND, either express or implied.  See the License for the

  * specific language governing permissions and limitations

  * under the License.

  */

 package org.apache.shiro.mgt;

 import org.apache.shiro.authz.AuthorizationException;

 import org.apache.shiro.cache.CacheManagerAware;

 import org.apache.shiro.session.Session;

 import org.apache.shiro.session.SessionException;

 import org.apache.shiro.session.mgt.DefaultSessionManager;

 import org.apache.shiro.session.mgt.SessionContext;

 import org.apache.shiro.session.mgt.SessionKey;

 import org.apache.shiro.session.mgt.SessionManager;

 import org.apache.shiro.util.LifecycleUtils;

 /**

  * Shiro support of a {@link SecurityManager} class hierarchy that delegates all

  * {@link org.apache.shiro.session.Session session} operations to a wrapped

  * {@link org.apache.shiro.session.mgt.SessionManager SessionManager} instance.  That is, this class implements the

  * methods in the {@link SessionManager SessionManager} interface, but in reality, those methods are merely

  * passthrough calls to the underlying 'real' {@code SessionManager} instance.

  * <p/>

  * The remaining {@code SecurityManager} methods not implemented by this class or its parents are left to be

  * implemented by subclasses.

  * <p/>

  * In keeping with the other classes in this hierarchy and Shiro's desire to minimize configuration whenever

  * possible, suitable default instances for all dependencies will be created upon instantiation.

  *

  * @since 0.9

  */

 public abstract class SessionsSecurityManager extends AuthorizingSecurityManager {

     /**

      * The internal delegate <code>SessionManager</code> used by this security manager that manages all the

      * application's {@link Session Session}s.

      */

     private SessionManager sessionManager;

     /**

      * Default no-arg constructor, internally creates a suitable default {@link SessionManager SessionManager} delegate

      * instance.

      */

     public SessionsSecurityManager() {

         super();

         this.sessionManager = new DefaultSessionManager();

         applyCacheManagerToSessionManager();

     }

     /**

      * Sets the underlying delegate {@link SessionManager} instance that will be used to support this implementation's

      * <tt>SessionManager</tt> method calls.

      * <p/>

      * This <tt>SecurityManager</tt> implementation does not provide logic to support the inherited

      * <tt>SessionManager</tt> interface, but instead delegates these calls to an internal

      * <tt>SessionManager</tt> instance.

      * <p/>

      * If a <tt>SessionManager</tt> instance is not set, a default one will be automatically created and

      * initialized appropriately for the the existing runtime environment.

      *

      * @param sessionManager delegate instance to use to support this manager's <tt>SessionManager</tt> method calls.

      */

     public void setSessionManager(SessionManager sessionManager) {

         this.sessionManager = sessionManager;

         afterSessionManagerSet();

     }

     protected void afterSessionManagerSet() {

         applyCacheManagerToSessionManager();

     }

     /**

      * Returns this security manager's internal delegate {@link SessionManager SessionManager}.

      *

      * @return this security manager's internal delegate {@link SessionManager SessionManager}.

      * @see #setSessionManager(org.apache.shiro.session.mgt.SessionManager) setSessionManager

      */

     public SessionManager getSessionManager() {

         return this.sessionManager;

     }

     /**

      * Calls {@link org.apache.shiro.mgt.AuthorizingSecurityManager#afterCacheManagerSet() super.afterCacheManagerSet()} and then immediately calls

      * {@link #applyCacheManagerToSessionManager() applyCacheManagerToSessionManager()} to ensure the

      * <code>CacheManager</code> is applied to the SessionManager as necessary.

      */

     protected void afterCacheManagerSet() {

         super.afterCacheManagerSet();

         applyCacheManagerToSessionManager();

     }

     /**

      * Ensures the internal delegate <code>SessionManager</code> is injected with the newly set

      * {@link #setCacheManager CacheManager} so it may use it for its internal caching needs.

      * <p/>

      * Note:  This implementation only injects the CacheManager into the SessionManager if the SessionManager

      * instance implements the {@link CacheManagerAware CacheManagerAware} interface.

      */

     protected void applyCacheManagerToSessionManager() {

         if (this.sessionManager instanceof CacheManagerAware) {

             ((CacheManagerAware) this.sessionManager).setCacheManager(getCacheManager());

         }

     }

     public Session start(SessionContext context) throws AuthorizationException {

         return this.sessionManager.start(context);

     }

     public Session getSession(SessionKey key) throws SessionException {

         return this.sessionManager.getSession(key);

     }

     public void destroy() {

         LifecycleUtils.destroy(getSessionManager());

         this.sessionManager = null;

         super.destroy();

     }

 }