Hi all,
Trying to I get the list of all logged in subjects I found this method :
SessionDAO#Collection<Session> getActiveSessions()
and want to use it.
And I have two questions:
1) Why does API hide top level objects for which we have interfaces?
For example, using SecurityUtils we can get SecurityManager, however,
SecurityManager doesn’t let get SessionManager, SessionDAO etc.
So, we can’t do
SecurityUtils.getSecurityManager().getSessionManager().getSessionDAO()?
It seems to be unusual for me. Besides it is possible to set them via ini:
sessionManager = com.foo.my.SessionManagerImplementation
securityManager.sessionManager = $sessionManage
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
# Configure a SessionDAO and then set it:
securityManager.sessionManager.sessionDAO = $sessionDAO
So, we can configure them statically, but not dynamically. At least, we must be
able to get them
at runtime. Maybe it is necessary to change API to make it more flexible?
2) Why does SecurityManager extend SessionManager?
As I understand SecurityManager has a SessionManager, but not is a
SessionManager:
public interface SecurityManager extends Authenticator, Authorizer,
SessionManager
Could anyone explain?
--
Best regards, Alex Orlov
