1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.shiro.session.mgt.eis; 20 21 import org.apache.shiro.session.Session; 22 import org.apache.shiro.session.UnknownSessionException; 23 import org.apache.shiro.util.CollectionUtils; 24 import org.slf4j.Logger; 25 import org.slf4j.LoggerFactory; 26 27 import java.io.Serializable; 28 import java.util.Collection; 29 import java.util.Collections; 30 import java.util.concurrent.ConcurrentHashMap; 31 import java.util.concurrent.ConcurrentMap; 32 33 34 /** 35 * Simple memory-based implementation of the SessionDAO that stores all of its sessions in an in-memory 36 * {@link ConcurrentMap}. <b>This implementation does not page to disk and is therefore unsuitable for applications 37 * that could experience a large amount of sessions</b> and would therefore cause {@code OutOfMemoryException}s. It is 38 * <em>not</em> recommended for production use in most environments. 39 * <h2>Memory Restrictions</h2> 40 * If your application is expected to host many sessions beyond what can be stored in the 41 * memory available to the JVM, it is highly recommended to use a different {@code SessionDAO} implementation which 42 * uses a more expansive or permanent backing data store. 43 * <p/> 44 * In this case, it is recommended to instead use a custom 45 * {@link CachingSessionDAO} implementation that communicates with a higher-capacity data store of your choice 46 * (file system, database, etc). 47 * <h2>Changes in 1.0</h2> 48 * This implementation prior to 1.0 used to subclass the {@link CachingSessionDAO}, but this caused problems with many 49 * cache implementations that would expunge entries due to TTL settings, resulting in Sessions that would be randomly 50 * (and permanently) lost. The Shiro 1.0 release refactored this implementation to be 100% memory-based (without 51 * {@code Cache} usage to avoid this problem. 52 * 53 * @see CachingSessionDAO 54 * @since 0.1 55 */ 56 public class MemorySessionDAO extends AbstractSessionDAO { 57 58 private static final Logger log = LoggerFactory.getLogger(MemorySessionDAO.class); 59 60 private ConcurrentMap<Serializable, Session> sessions; 61 62 public MemorySessionDAO() { 63 this.sessions = new ConcurrentHashMap<Serializable, Session>(); 64 } 65 66 protected Serializable doCreate(Session session) { 67 Serializable sessionId = generateSessionId(session); 68 assignSessionId(session, sessionId); 69 storeSession(sessionId, session); 70 return sessionId; 71 } 72 73 protected Session/apache/shiro/session/Session.html#Session">Session storeSession(Serializable id, Session session) { 74 if (id == null) { 75 throw new NullPointerException("id argument cannot be null."); 76 } 77 return sessions.putIfAbsent(id, session); 78 } 79 80 protected Session doReadSession(Serializable sessionId) { 81 return sessions.get(sessionId); 82 } 83 84 public void update(Session session) throws UnknownSessionException { 85 storeSession(session.getId(), session); 86 } 87 88 public void delete(Session session) { 89 if (session == null) { 90 throw new NullPointerException("session argument cannot be null."); 91 } 92 Serializable id = session.getId(); 93 if (id != null) { 94 sessions.remove(id); 95 } 96 } 97 98 public Collection<Session> getActiveSessions() { 99 Collection<Session> values = sessions.values(); 100 if (CollectionUtils.isEmpty(values)) { 101 return Collections.emptySet(); 102 } else { 103 return Collections.unmodifiableCollection(values); 104 } 105 } 106 107 }