public class DefaultWebSecurityManager extends DefaultSecurityManager implements WebSecurityManager
WebSecurityManager
implementation used in web-based applications or any
application that requires HTTP connectivity (SOAP, http remoting, etc).Modifier and Type | Field and Description |
---|---|
static String |
HTTP_SESSION_MODE
Deprecated.
|
static String |
NATIVE_SESSION_MODE
Deprecated.
|
rememberMeManager, subjectDAO, subjectFactory
Constructor and Description |
---|
DefaultWebSecurityManager() |
DefaultWebSecurityManager(Collection<Realm> realms) |
DefaultWebSecurityManager(Realm singleRealm) |
Modifier and Type | Method and Description |
---|---|
protected void |
afterSessionManagerSet() |
protected void |
beforeLogout(Subject subject) |
protected SubjectContext |
copy(SubjectContext subjectContext) |
protected SessionContext |
createSessionContext(SubjectContext subjectContext) |
protected SessionManager |
createSessionManager(String sessionMode) |
protected SubjectContext |
createSubjectContext() |
protected SessionKey |
getSessionKey(SubjectContext context) |
String |
getSessionMode()
Deprecated.
|
boolean |
isHttpSessionMode()
Security information needs to be retained from request to request, so Shiro makes use of a
session for this.
|
protected void |
removeRequestIdentity(Subject subject) |
void |
setSessionManager(SessionManager sessionManager)
Sets the underlying delegate
SessionManager instance that will be used to support this implementation's
SessionManager method calls. |
void |
setSessionMode(String sessionMode)
Deprecated.
since 1.2
|
void |
setSubjectDAO(SubjectDAO subjectDAO)
Sets the
SubjectDAO responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services). |
bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbind
afterCacheManagerSet, applyCacheManagerToSessionManager, destroy, getSession, getSessionManager, start
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer
authenticate, getAuthenticator, setAuthenticator
applyCacheManagerToRealms, getRealms, setRealm, setRealms
getCacheManager, setCacheManager
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
createSubject, login, logout
authenticate
checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll
getSession, start
@Deprecated public static final String HTTP_SESSION_MODE
@Deprecated public static final String NATIVE_SESSION_MODE
public DefaultWebSecurityManager()
public DefaultWebSecurityManager(Realm singleRealm)
public DefaultWebSecurityManager(Collection<Realm> realms)
protected SubjectContext createSubjectContext()
createSubjectContext
in class DefaultSecurityManager
public void setSubjectDAO(SubjectDAO subjectDAO)
DefaultSecurityManager
SubjectDAO
responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services). Unless configured otherwise, the default
implementation is a DefaultSubjectDAO
.setSubjectDAO
in class DefaultSecurityManager
subjectDAO
- the SubjectDAO
responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services).DefaultSubjectDAO
protected void afterSessionManagerSet()
afterSessionManagerSet
in class SessionsSecurityManager
protected SubjectContext copy(SubjectContext subjectContext)
copy
in class DefaultSecurityManager
@Deprecated public String getSessionMode()
@Deprecated public void setSessionMode(String sessionMode)
sessionMode
- public void setSessionManager(SessionManager sessionManager)
SessionsSecurityManager
SessionManager
instance that will be used to support this implementation's
SessionManager method calls.
This SecurityManager implementation does not provide logic to support the inherited
SessionManager interface, but instead delegates these calls to an internal
SessionManager instance.
If a SessionManager instance is not set, a default one will be automatically created and
initialized appropriately for the the existing runtime environment.setSessionManager
in class SessionsSecurityManager
sessionManager
- delegate instance to use to support this manager's SessionManager method calls.public boolean isHttpSessionMode()
WebSecurityManager
isHttpSessionMode
in interface WebSecurityManager
true
if the security manager is using the HTTP session; otherwise,
false
.protected SessionManager createSessionManager(String sessionMode)
protected SessionContext createSessionContext(SubjectContext subjectContext)
createSessionContext
in class DefaultSecurityManager
protected SessionKey getSessionKey(SubjectContext context)
getSessionKey
in class DefaultSecurityManager
protected void beforeLogout(Subject subject)
beforeLogout
in class DefaultSecurityManager
protected void removeRequestIdentity(Subject subject)
Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.