View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.session.mgt.eis;
20  
21  import org.apache.shiro.session.Session;
22  import org.apache.shiro.session.UnknownSessionException;
23  import org.apache.shiro.util.CollectionUtils;
24  import org.slf4j.Logger;
25  import org.slf4j.LoggerFactory;
26  
27  import java.io.Serializable;
28  import java.util.Collection;
29  import java.util.Collections;
30  import java.util.concurrent.ConcurrentHashMap;
31  import java.util.concurrent.ConcurrentMap;
32  
33  
34  /**
35   * Simple memory-based implementation of the SessionDAO that stores all of its sessions in an in-memory
36   * {@link ConcurrentMap}.  <b>This implementation does not page to disk and is therefore unsuitable for applications
37   * that could experience a large amount of sessions</b> and would therefore cause {@code OutOfMemoryException}s.  It is
38   * <em>not</em> recommended for production use in most environments.
39   * <h2>Memory Restrictions</h2>
40   * If your application is expected to host many sessions beyond what can be stored in the
41   * memory available to the JVM, it is highly recommended to use a different {@code SessionDAO} implementation which
42   * uses a more expansive or permanent backing data store.
43   * <p/>
44   * In this case, it is recommended to instead use a custom
45   * {@link CachingSessionDAO} implementation that communicates with a higher-capacity data store of your choice
46   * (file system, database, etc).
47   * <h2>Changes in 1.0</h2>
48   * This implementation prior to 1.0 used to subclass the {@link CachingSessionDAO}, but this caused problems with many
49   * cache implementations that would expunge entries due to TTL settings, resulting in Sessions that would be randomly
50   * (and permanently) lost.  The Shiro 1.0 release refactored this implementation to be 100% memory-based (without
51   * {@code Cache} usage to avoid this problem.
52   *
53   * @see CachingSessionDAO
54   * @since 0.1
55   */
56  public class MemorySessionDAO extends AbstractSessionDAO {
57  
58      private static final Logger log = LoggerFactory.getLogger(MemorySessionDAO.class);
59  
60      private ConcurrentMap<Serializable, Session> sessions;
61  
62      public MemorySessionDAO() {
63          this.sessions = new ConcurrentHashMap<Serializable, Session>();
64      }
65  
66      protected Serializable doCreate(Session session) {
67          Serializable sessionId = generateSessionId(session);
68          assignSessionId(session, sessionId);
69          storeSession(sessionId, session);
70          return sessionId;
71      }
72  
73      protected Session/apache/shiro/session/Session.html#Session">Session storeSession(Serializable id, Session session) {
74          if (id == null) {
75              throw new NullPointerException("id argument cannot be null.");
76          }
77          return sessions.putIfAbsent(id, session);
78      }
79  
80      protected Session doReadSession(Serializable sessionId) {
81          return sessions.get(sessionId);
82      }
83  
84      public void update(Session session) throws UnknownSessionException {
85          storeSession(session.getId(), session);
86      }
87  
88      public void delete(Session session) {
89          if (session == null) {
90              throw new NullPointerException("session argument cannot be null.");
91          }
92          Serializable id = session.getId();
93          if (id != null) {
94              sessions.remove(id);
95          }
96      }
97  
98      public Collection<Session> getActiveSessions() {
99          Collection<Session> values = sessions.values();
100         if (CollectionUtils.isEmpty(values)) {
101             return Collections.emptySet();
102         } else {
103             return Collections.unmodifiableCollection(values);
104         }
105     }
106 
107 }