I found this wonderful method :
SessionDAO#Collection<Session> getActiveSessions()
and want to use it. And I have two questions:
1) Why does API hide top level objects for which we have interfaces?
For example, there is no API
SecurityManager.getSessionManager().getSessionDAO()?
It seems to be unusual for me. Besides it is possible to set them via ini:
sessionManager = com.foo.my.SessionManagerImplementation
securityManager.sessionManager = $sessionManage
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager # Configure a SessionDAO and
then set it: securityManager.sessionManager.sessionDAO = $sessionDAO
Maybe it is necessary to change API?
2) Why does SecurityManager extend SessionManager?
As I understand SecurityManager has a SessionManager, but not is a
SessionManager:
public interface SecurityManager extends Authenticator, Authorizer,
SessionManager
Could anyone explain?
