Oh and I have very few “casts” that are necessary to accomplish any of this
> On Nov 7, 2020, at 12:50 AM, Alex Orlov <[email protected]> wrote: > > Hi all, > > Trying to I get the list of all logged in subjects I found this method : > SessionDAO#Collection<Session> getActiveSessions() > and want to use it. > > And I have two questions: > > 1) Why does API hide top level objects for which we have interfaces? > For example, using SecurityUtils we can get SecurityManager, however, > SecurityManager doesn’t let get SessionManager, SessionDAO etc. > So, we can’t do > SecurityUtils.getSecurityManager().getSessionManager().getSessionDAO()? > It seems to be unusual for me. Besides it is possible to set them via ini: > > sessionManager = com.foo.my.SessionManagerImplementation > securityManager.sessionManager = $sessionManage > > sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager > securityManager.sessionManager = $sessionManager > # Configure a SessionDAO and then set it: > securityManager.sessionManager.sessionDAO = $sessionDAO > > So, we can configure them statically, but not dynamically. At least, we must > be able to get them > at runtime. Maybe it is necessary to change API to make it more flexible? > > 2) Why does SecurityManager extend SessionManager? > As I understand SecurityManager has a SessionManager, but not is a > SessionManager: > > public interface SecurityManager extends Authenticator, Authorizer, > SessionManager > > Could anyone explain? > > > -- > Best regards, Alex Orlov
