001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    package org.apache.shiro.session.mgt.eis;
020    
021    import org.apache.shiro.session.Session;
022    import org.apache.shiro.session.UnknownSessionException;
023    
024    import java.io.Serializable;
025    import java.util.Collection;
026    
027    
028    /**
029     * Data Access Object design pattern specification to enable {@link Session} access to an
030     * EIS (Enterprise Information System).  It provides your four typical CRUD methods:
031     * {@link #create}, {@link #readSession(java.io.Serializable)}, {@link #update(org.apache.shiro.session.Session)},
032     * and {@link #delete(org.apache.shiro.session.Session)}.
033     * <p/>
034     * The remaining {@link #getActiveSessions()} method exists as a support mechanism to pre-emptively orphaned sessions,
035     * typically by {@link org.apache.shiro.session.mgt.ValidatingSessionManager ValidatingSessionManager}s), and should
036     * be as efficient as possible, especially if there are thousands of active sessions.  Large scale/high performance
037     * implementations will often return a subset of the total active sessions and perform validation a little more
038     * frequently, rather than return a massive set and infrequently validate.
039     *
040     * @author Les Hazlewood
041     * @since 0.1
042     */
043    public interface SessionDAO {
044    
045        /**
046         * Inserts a new Session record into the underling EIS (e.g. Relational database, file system, persistent cache,
047         * etc, depending on the DAO implementation).
048         * <p/>
049         * After this method is invoked, the {@link org.apache.shiro.session.Session#getId()}
050         * method executed on the argument must return a valid session identifier.  That is, the following should
051         * always be true:
052         * <pre>
053         * Serializable id = create( session );
054         * id.equals( session.getId() ) == true</pre>
055         * <p/>
056         * Implementations are free to throw any exceptions that might occur due to
057         * integrity violation constraints or other EIS related errors.
058         *
059         * @param session the {@link org.apache.shiro.session.Session} object to create in the EIS.
060         * @return the EIS id (e.g. primary key) of the created {@code Session} object.
061         */
062        Serializable create(Session session);
063    
064        /**
065         * Retrieves the session from the EIS uniquely identified by the specified
066         * {@code sessionId}.
067         *
068         * @param sessionId the system-wide unique identifier of the Session object to retrieve from
069         *                  the EIS.
070         * @return the persisted session in the EIS identified by {@code sessionId}.
071         * @throws UnknownSessionException if there is no EIS record for any session with the
072         *                                 specified {@code sessionId}
073         */
074        Session readSession(Serializable sessionId) throws UnknownSessionException;
075    
076        /**
077         * Updates (persists) data from a previously created Session instance in the EIS identified by
078         * {@code {@link Session#getId() session.getId()}}.  This effectively propagates
079         * the data in the argument to the EIS record previously saved.
080         * <p/>
081         * In addition to UnknownSessionException, implementations are free to throw any other
082         * exceptions that might occur due to integrity violation constraints or other EIS related
083         * errors.
084         *
085         * @param session the Session to update
086         * @throws org.apache.shiro.session.UnknownSessionException
087         *          if no existing EIS session record exists with the
088         *          identifier of {@link Session#getId() session.getSessionId()}
089         */
090        void update(Session session) throws UnknownSessionException;
091    
092        /**
093         * Deletes the associated EIS record of the specified {@code session}.  If there never
094         * existed a session EIS record with the identifier of
095         * {@link Session#getId() session.getId()}, then this method does nothing.
096         *
097         * @param session the session to delete.
098         */
099        void delete(Session session);
100    
101        /**
102         * Returns all sessions in the EIS that are considered active, meaning all sessions that
103         * haven't been stopped/expired.  This is primarily used to validate potential orphans.
104         * <p/>
105         * If there are no active sessions in the EIS, this method may return an empty collection or {@code null}.
106         * <h4>Performance</h4>
107         * This method should be as efficient as possible, especially in larger systems where there might be
108         * thousands of active sessions.  Large scale/high performance
109         * implementations will often return a subset of the total active sessions and perform validation a little more
110         * frequently, rather than return a massive set and validate infrequently.  If efficient and possible, it would
111         * make sense to return the oldest unstopped sessions available, ordered by
112         * {@link org.apache.shiro.session.Session#getLastAccessTime() lastAccessTime}.
113         * <h4>Smart Results</h4>
114         * <em>Ideally</em> this method would only return active sessions that the EIS was certain should be invalided.
115         * Typically that is any session that is not stopped and where its lastAccessTimestamp is older than the session
116         * timeout.
117         * <p/>
118         * For example, if sessions were backed by a relational database or SQL-92 'query-able' enterprise cache, you might
119         * return something similar to the results returned by this query (assuming
120         * {@link org.apache.shiro.session.mgt.SimpleSession SimpleSession}s were being stored):
121         * <pre>
122         * select * from sessions s where s.lastAccessTimestamp < ? and s.stopTimestamp is null
123         * </pre>
124         * where the {@code ?} parameter is a date instance equal to 'now' minus the session timeout
125         * (e.g. now - 30 minutes).
126         *
127         * @return a Collection of {@code Session}s that are considered active, or an
128         *         empty collection or {@code null} if there are no active sessions.
129         */
130        Collection<Session> getActiveSessions();
131    }