Coverage Report

Coverage Report - org.apache.shiro.session.mgt.SessionContext

Classes in this File

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro.session.mgt;
 
 import java.io.Serializable;
 import java.util.Map;
 
 /**
  * A {@code SessionContext} is a 'bucket' of data presented to a {@link SessionFactory SessionFactory} which interprets
  * this data to construct {@link org.apache.shiro.session.Session Session} instances.  It is essentially a Map of data
  * with a few additional type-safe methods for easy retrieval of objects commonly used to construct Subject instances.
  * <p/>
  * While this interface contains type-safe setters and getters for common data types, the map can contain anything
  * additional that might be needed by the {@code SessionFactory} implementation to construct {@code Session} instances.
  * <p/>
  * <b>USAGE</b>: Most Shiro end-users will never use a {@code SubjectContext} instance directly and instead will call
  * the {@code Subject.}{@link org.apache.shiro.subject.Subject#getSession() getSession()} or
  * {@code Subject.}{@link org.apache.shiro.subject.Subject#getSession(boolean) getSession(boolean)} methods (which
  * will usually use {@code SessionContext} instances to start a session with the application's
  * {@link SessionManager SessionManager}.
  *
  * @see org.apache.shiro.session.mgt.SessionManager#start SessionManager.start(SessionContext)
  * @see org.apache.shiro.session.mgt.SessionFactory SessionFactory
  * @since 1.0
  */
 public interface SessionContext extends Map<String, Object> {
 
     /**
      * Sets the originating host name or IP address (as a String) from where the {@code Subject} is initiating the
      * {@code Session}.
      * <p/>
      * In web-based systems, this host can be inferred from the incoming request, e.g.
      * {@code javax.servlet.ServletRequest#getRemoteAddr()} or {@code javax.servlet.ServletRequest#getRemoteHost()}
      * methods, or in socket-based systems, it can be obtained via inspecting the socket
      * initiator's host IP.
      * <p/>
      * Most secure environments <em>should</em> specify a valid, non-{@code null} {@code host}, since knowing the
      * {@code host} allows for more flexibility when securing a system: by requiring an host, access control policies
      * can also ensure access is restricted to specific client <em>locations</em> in addition to {@code Subject}
      * principals, if so desired.
      * <p/>
      * <b>Caveat</b> - if clients to your system are on a
      * public network (as would be the case for a public web site), odds are high the clients can be
      * behind a NAT (Network Address Translation) router or HTTP proxy server.  If so, all clients
      * accessing your system behind that router or proxy will have the same originating host.
      * If your system is configured to allow only one session per host, then the next request from a
      * different NAT or proxy client will fail and access will be denied for that client.  Just be
      * aware that host-based security policies are best utilized in LAN or private WAN environments
      * when you can be ensure clients will not share IPs or be behind such NAT routers or
      * proxy servers.
      *
      * @param host the originating host name or IP address (as a String) from where the {@code Subject} is
      *             initiating the {@code Session}.
      * @since 1.0
      */
     void setHost(String host);
 
     /**
      * Returns the originating host name or IP address (as a String) from where the {@code Subject} is initiating the
      * {@code Session}.
      * <p/>
      * See the {@link #setHost(String) setHost(String)} JavaDoc for more about security policies based on the
      * {@code Session} host.
      *
      * @return the originating host name or IP address (as a String) from where the {@code Subject} is initiating the
      *         {@code Session}.
      * @see #setHost(String) setHost(String)
      */
     String getHost();
 
     Serializable getSessionId();
 
     void setSessionId(Serializable sessionId);
 
 }

1		/*
2		* Licensed to the Apache Software Foundation (ASF) under one
3		* or more contributor license agreements. See the NOTICE file
4		* distributed with this work for additional information
5		* regarding copyright ownership. The ASF licenses this file
6		* to you under the Apache License, Version 2.0 (the
7		* "License"); you may not use this file except in compliance
8		* with the License. You may obtain a copy of the License at
9		*
10		* http://www.apache.org/licenses/LICENSE-2.0
11		*
12		* Unless required by applicable law or agreed to in writing,
13		* software distributed under the License is distributed on an
14		* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15		* KIND, either express or implied. See the License for the
16		* specific language governing permissions and limitations
17		* under the License.
18		*/
19		package org.apache.shiro.session.mgt;
20
21		import java.io.Serializable;
22		import java.util.Map;
23
24		/**
25		* A {@code SessionContext} is a 'bucket' of data presented to a {@link SessionFactory SessionFactory} which interprets
26		* this data to construct {@link org.apache.shiro.session.Session Session} instances. It is essentially a Map of data
27		* with a few additional type-safe methods for easy retrieval of objects commonly used to construct Subject instances.
28		* <p/>
29		* While this interface contains type-safe setters and getters for common data types, the map can contain anything
30		* additional that might be needed by the {@code SessionFactory} implementation to construct {@code Session} instances.
31		* <p/>
32		* <b>USAGE</b>: Most Shiro end-users will never use a {@code SubjectContext} instance directly and instead will call
33		* the {@code Subject.}{@link org.apache.shiro.subject.Subject#getSession() getSession()} or
34		* {@code Subject.}{@link org.apache.shiro.subject.Subject#getSession(boolean) getSession(boolean)} methods (which
35		* will usually use {@code SessionContext} instances to start a session with the application's
36		* {@link SessionManager SessionManager}.
37		*
38		* @see org.apache.shiro.session.mgt.SessionManager#start SessionManager.start(SessionContext)
39		* @see org.apache.shiro.session.mgt.SessionFactory SessionFactory
40		* @since 1.0
41		*/
42		public interface SessionContext extends Map<String, Object> {
43
44		/**
45		* Sets the originating host name or IP address (as a String) from where the {@code Subject} is initiating the
46		* {@code Session}.
47		* <p/>
48		* In web-based systems, this host can be inferred from the incoming request, e.g.
49		* {@code javax.servlet.ServletRequest#getRemoteAddr()} or {@code javax.servlet.ServletRequest#getRemoteHost()}
50		* methods, or in socket-based systems, it can be obtained via inspecting the socket
51		* initiator's host IP.
52		* <p/>
53		* Most secure environments <em>should</em> specify a valid, non-{@code null} {@code host}, since knowing the
54		* {@code host} allows for more flexibility when securing a system: by requiring an host, access control policies
55		* can also ensure access is restricted to specific client <em>locations</em> in addition to {@code Subject}
56		* principals, if so desired.
57		* <p/>
58		* <b>Caveat</b> - if clients to your system are on a
59		* public network (as would be the case for a public web site), odds are high the clients can be
60		* behind a NAT (Network Address Translation) router or HTTP proxy server. If so, all clients
61		* accessing your system behind that router or proxy will have the same originating host.
62		* If your system is configured to allow only one session per host, then the next request from a
63		* different NAT or proxy client will fail and access will be denied for that client. Just be
64		* aware that host-based security policies are best utilized in LAN or private WAN environments
65		* when you can be ensure clients will not share IPs or be behind such NAT routers or
66		* proxy servers.
67		*
68		* @param host the originating host name or IP address (as a String) from where the {@code Subject} is
69		* initiating the {@code Session}.
70		* @since 1.0
71		*/
72		void setHost(String host);
73
74		/**
75		* Returns the originating host name or IP address (as a String) from where the {@code Subject} is initiating the
76		* {@code Session}.
77		* <p/>
78		* See the {@link #setHost(String) setHost(String)} JavaDoc for more about security policies based on the
79		* {@code Session} host.
80		*
81		* @return the originating host name or IP address (as a String) from where the {@code Subject} is initiating the
82		* {@code Session}.
83		* @see #setHost(String) setHost(String)
84		*/
85		String getHost();
86
87		Serializable getSessionId();
88
89		void setSessionId(Serializable sessionId);
90
91		}