All Classes Interface Summary Class Summary Enum Summary Exception Summary Annotation Types Summary
| Class |
Description |
| AbstractAuthenticationStrategy |
Abstract base implementation for Shiro's concrete AuthenticationStrategy
implementations.
|
| AbstractAuthenticator |
Superclass for almost all Authenticator implementations that performs the common work around authentication
attempts. |
| AbstractFactory<T> |
TODO - Class JavaDoc
|
| AbstractLdapRealm |
A Realm that authenticates with an LDAP
server to build the Subject for a user. |
| AbstractNativeSessionManager |
|
| AbstractRememberMeManager |
Abstract implementation of the RememberMeManager interface that handles
serialization and
encryption of the remembered user identity. |
| AbstractSessionDAO |
An abstract SessionDAO implementation that performs some sanity checks on session creation and reading and
allows for pluggable Session ID generation strategies if desired.
|
| AbstractSessionManager |
|
| AbstractValidatingSessionManager |
|
| Account |
An Account is a convenience interface that extends both AuthenticationInfo and
AuthorizationInfo and represents authentication and authorization for a single account in a
single Realm. |
| AccountException |
Exception thrown due to a problem with the account
under which an authentication attempt is being executed.
|
| ActiveDirectoryRealm |
A Realm that authenticates with an active directory LDAP
server to determine the roles for a particular user. |
| AllowAllCredentialsMatcher |
A credentials matcher that always returns true when matching credentials no matter what arguments
are passed in.
|
| AllPermission |
An all AllPermission instance is one that always implies any other permission; that is, its
implies method always returns true. |
| AllSuccessfulStrategy |
AuthenticationStrategy implementation that requires all configured realms to
successfully process the submitted AuthenticationToken during the log-in attempt.
|
| AnnotationHandler |
Base support class for implementations that reads and processes JSR-175 annotations.
|
| AnnotationMethodInterceptor |
MethodInterceptor that inspects a specific annotation on the method invocation before continuing
its execution.
|
| AnnotationResolver |
Defines an AOP-framework-independent way of determining if an Annotation exists on a Method.
|
| AnnotationsAuthorizingMethodInterceptor |
An AnnotationsAuthorizingMethodInterceptor is a MethodInterceptor that asserts a given method is authorized
to execute based on one or more configured AuthorizingAnnotationMethodInterceptors.
|
| AntPathMatcher |
PathMatcher implementation for Ant-style path patterns.
|
| AtLeastOneSuccessfulStrategy |
AuthenticationStrategy implementation that requires at least one configured realm to
successfully process the submitted AuthenticationToken during the log-in attempt.
|
| AuthenticatedAnnotationHandler |
Handles RequiresAuthentication annotations and ensures the calling subject is
authenticated before allowing access. |
| AuthenticatedAnnotationMethodInterceptor |
|
| AuthenticatingRealm |
A top-level abstract implementation of the Realm interface that only implements authentication support
(log-in) operations and leaves authorization (access control) behavior to subclasses.
|
| AuthenticatingSecurityManager |
|
| AuthenticationException |
General exception thrown due to an error during the Authentication process.
|
| AuthenticationInfo |
AuthenticationInfo represents a Subject's (aka user's) stored account information relevant to the
authentication/log-in process only.
|
| AuthenticationListener |
An AuthenticationListener listens for notifications while Subjects authenticate with the system.
|
| AuthenticationStrategy |
A AuthenticationStrategy implementation assists the ModularRealmAuthenticator during the
log-in process in a pluggable realm (PAM) environment. |
| AuthenticationToken |
An AuthenticationToken is a consolidation of an account's principals and supporting
credentials submitted by a user during an authentication attempt.
|
| Authenticator |
An Authenticator is responsible for authenticating accounts in an application.
|
| AuthorizationException |
Exception thrown if there is a problem during authorization (access control check).
|
| AuthorizationInfo |
AuthorizationInfo represents a single Subject's stored authorization data (roles, permissions, etc)
used during authorization (access control) checks only.
|
| Authorizer |
An Authorizer performs authorization (access control) operations for any given Subject
(aka 'application user').
|
| AuthorizingAnnotationHandler |
An AnnotationHandler that executes authorization (access control) behavior based on directive(s) found in a
JSR-175 Annotation.
|
| AuthorizingAnnotationMethodInterceptor |
An AnnotationMethodInterceptor that asserts the calling code is authorized to execute the method
before allowing the invocation to continue by inspecting code annotations to perform an access control check.
|
| AuthorizingMethodInterceptor |
Basic abstract class to support intercepting methods that perform authorization (access control) checks.
|
| AuthorizingRealm |
An AuthorizingRealm extends the AuthenticatingRealm's capabilities by adding Authorization
(access control) support.
|
| AuthorizingSecurityManager |
Shiro support of a SecurityManager class hierarchy that delegates all
authorization (access control) operations to a wrapped Authorizer instance. |
| BasicIniEnvironment |
Basic usage:
|
| BearerToken |
A AuthenticationToken that contains an a Bearer token or API key, typically received via an HTTP Authorization header. |
| CachingRealm |
A very basic abstract extension point for the Realm interface that provides caching support for subclasses. |
| CachingSecurityManager |
A very basic starting point for the SecurityManager interface that merely provides logging and caching
support.
|
| CachingSessionDAO |
An CachingSessionDAO is a SessionDAO that provides a transparent caching layer between the components that
use it and the underlying EIS (Enterprise Information System) session backing store (for example, filesystem,
database, enterprise grid/cloud, etc).
|
| CollectionUtils |
Static helper class for use dealing with Collections.
|
| ConcurrentAccessException |
Thrown when an authentication attempt has been received for an account that has already been
authenticated (i.e. logged-in), and the system is configured to prevent such concurrent access.
|
| CredentialsException |
Exception thrown due to a problem with the credential(s) submitted for an
account during the authentication process.
|
| CredentialsMatcher |
Interface implemented by classes that can determine if an AuthenticationToken's provided
credentials matches a corresponding account's credentials stored in the system.
|
| DataAccessException |
Generic exception representing a problem when attempting to access data.
|
| DefaultAnnotationResolver |
|
| DefaultEnvironment |
Simple/default Environment implementation that stores Shiro objects as key-value pairs in a
Map instance. |
| DefaultLdapContextFactory |
Deprecated.
|
| DefaultLdapRealm |
|
| DefaultPasswordService |
Default implementation of the PasswordService interface that relies on an internal
HashService, HashFormat, and HashFormatFactory to function: |
| DefaultSecurityManager |
The Shiro framework's default concrete implementation of the SecurityManager interface,
based around a collection of Realms. |
| DefaultSessionContext |
Default implementation of the SessionContext interface which provides getters and setters that
wrap interaction with the underlying backing context map. |
| DefaultSessionKey |
Default implementation of the SessionKey interface, which allows setting and retrieval of a concrete
sessionId that the SessionManager implementation can use to look up a
Session instance. |
| DefaultSessionManager |
|
| DefaultSessionStorageEvaluator |
A Default SessionStorageEvaluator that provides reasonable control over if and how Sessions may be used for
storing Subject state.
|
| DefaultSubjectContext |
|
| DefaultSubjectDAO |
Default SubjectDAO implementation that stores Subject state in the Subject's Session by default (but this
can be disabled - see below).
|
| DefaultSubjectFactory |
|
| DelegatingSession |
A DelegatingSession is a client-tier representation of a server side
Session. |
| DelegatingSubject |
Implementation of the Subject interface that delegates
method calls to an underlying SecurityManager instance for security checks. |
| DisabledAccountException |
Thrown when attempting to authenticate and the corresponding account has been disabled for
some reason.
|
| DisabledSessionException |
Exception thrown if attempting to create a new Subject
session, but that Subject's sessions are disabled. |
| DomainPermission |
Provides a base Permission class from which type-safe/domain-specific subclasses may extend.
|
| EnterpriseCacheSessionDAO |
SessionDAO implementation that relies on an enterprise caching product as the EIS system of record for all sessions.
|
| Environment |
An Environment instance encapsulates all of the objects that Shiro requires to function.
|
| EnvironmentException |
Exception thrown for errors related to Environment instances or configuration. |
| ExcessiveAttemptsException |
Thrown when a system is configured to only allow a certain number of authentication attempts
over a period of time and the current session has failed to authenticate successfully within
that number.
|
| ExecutionException |
Exception wrapping any potential checked exception thrown when a Subject executes a
Callable. |
| ExecutorServiceSessionValidationScheduler |
|
| ExpiredCredentialsException |
Thrown during the authentication process when the system determines the submitted credential(s)
has expired and will not allow login.
|
| ExpiredSessionException |
A special case of a StoppedSessionException.
|
| FirstSuccessfulStrategy |
AuthenticationStrategy implementation that only accepts the account data from
the first successfully consulted Realm and ignores all subsequent realms. |
| GuestAnnotationHandler |
Checks to see if a @ RequiresGuest annotation
is declared, and if so, ensures the calling Subject does not
have an identity before invoking the method. |
| GuestAnnotationMethodInterceptor |
Checks to see if a @ RequiresGuest annotation
is declared, and if so, ensures the calling Subject does not
have an identity before invoking the method. |
| HashedCredentialsMatcher |
A HashedCredentialMatcher provides support for hashing of supplied AuthenticationToken credentials
before being compared to those in the AuthenticationInfo from the data store.
|
| HashingPasswordService |
A HashingPasswordService is a PasswordService that performs password encryption and comparisons
based on cryptographic Hashes. |
| HostAuthenticationToken |
A HostAuthenticationToken retains the host information from where
an authentication attempt originates.
|
| HostUnauthorizedException |
Thrown when a particular client (that is, host address) has not been enabled to access the system
or if the client has been enabled access but is not permitted to perform a particular operation
or access a particular resource.
|
| ImmutableProxiedSession |
Implementation of the Session interface that proxies another Session, but does not
allow any 'write' operations to the underlying session. |
| IncorrectCredentialsException |
Thrown when attempting to authenticate with credential(s) that do not match the actual
credentials associated with the account principal.
|
| IniFactorySupport<T> |
Deprecated.
|
| IniRealm |
|
| IniSecurityManagerFactory |
Deprecated.
|
| InvalidPermissionStringException |
|
| InvalidResourceUsageException |
Root exception indicating invalid or incorrect usage of a data access resource.
|
| InvalidSessionException |
Exception thrown when attempting to interact with the system under an established session
when that session is considered invalid.
|
| JavaEnvironment |
Deprecated.
|
| JavaUuidSessionIdGenerator |
|
| JdbcRealm |
Realm that allows authentication and authorization via JDBC calls.
|
| JdbcRealm.SaltStyle |
Password hash salt configuration.
|
| JdbcUtils |
A set of static helper methods for managing JDBC API objects.
|
| JndiCallback |
Callback interface to be implemented by classes that need to perform an
operation (such as a lookup) in a JNDI context.
|
| JndiLdapContextFactory |
|
| JndiLdapRealm |
Deprecated.
|
| JndiLocator |
Convenient superclass for JNDI accessors, providing "jndiTemplate"
and "jndiEnvironment" bean properties.
|
| JndiObjectFactory<T> |
A factory implementation intended to be used to look up objects in jndi.
|
| JndiRealmFactory |
Looks up one or more Realm instances from JNDI using specified jndiNames. |
| JndiTemplate |
Helper class that simplifies JNDI operations.
|
| LdapContextFactory |
Interface that encapsulates the creation of LdapContext objects that are used by DefaultLdapRealms to
perform authentication attempts and query for authorization data. |
| LdapUtils |
Utility class providing static methods to make working with LDAP
easier.
|
| LockedAccountException |
A special kind of DisabledAccountException, this exception is thrown when attempting
to authenticate and the corresponding account has been disabled explicitly due to being locked.
|
| Logical |
An enum for specifying a logical operation that can be used for
interpreting authorization annotations
|
| LogoutAware |
An SPI interface allowing cleanup logic to be executed during logout of a previously authenticated Subject/user.
|
| MapContext |
A MapContext provides a common base for context-based data storage in a Map. |
| Md2CredentialsMatcher |
Deprecated.
|
| Md5CredentialsMatcher |
Deprecated.
|
| MemorySessionDAO |
Simple memory-based implementation of the SessionDAO that stores all of its sessions in an in-memory
ConcurrentMap. |
| MergableAuthenticationInfo |
|
| MethodInterceptor |
A MethodInterceptor intercepts a MethodInvocation to perform before or after logic (aka 'advice').
|
| MethodInterceptorSupport |
This class is an abstraction of AOP method interceptor behavior specific to Shiro that
leaves AOP implementation specifics to be handled by subclass implementations.
|
| MethodInvocation |
3rd-party API independent representation of a method invocation.
|
| ModularRealmAuthenticator |
A ModularRealmAuthenticator delegates account lookups to a pluggable (modular) collection of
Realms. |
| ModularRealmAuthorizer |
A ModularRealmAuthorizer is an Authorizer implementation that consults one or more configured
Realms during an authorization operation. |
| MutablePrincipalCollection |
|
| NamedObjectEnvironment |
An environment that supports object lookup by name.
|
| NativeSessionManager |
A Native session manager is one that manages sessions natively - that is, it is directly responsible
for the creation, persistence and removal of Session instances and their
lifecycles. |
| PasswordMatcher |
|
| PasswordService |
A PasswordService supports common use cases when using passwords as a credentials mechanism.
|
| PatternMatcher |
Interface for components that can match source strings against a specified pattern string.
|
| Permission |
A Permission represents the ability to perform an action or access a resource.
|
| PermissionAnnotationHandler |
Checks to see if a @ RequiresPermissions annotation is
declared, and if so, performs a permission check to see if the calling Subject is allowed continued
access. |
| PermissionAnnotationMethodInterceptor |
Checks to see if a @ RequiresPermissions annotation is declared, and if so, performs
a permission check to see if the calling Subject is allowed to call the method. |
| PermissionResolver |
A PermisisonResolver resolves a String value and converts it into a
Permission instance. |
| PermissionResolverAware |
Interface implemented by a component that wishes to use any application-configured PermissionResolver that
might already exist instead of potentially creating one itself.
|
| PermissionUtils |
Utility class to help with String-to-Permission object resolution.
|
| PrincipalCollection |
A collection of all principals associated with a corresponding Subject. |
| PrincipalMap |
EXPERIMENTAL - DO NOT USE YET
|
| PropertiesRealm |
A TextConfigurationRealm that defers all logic to the parent class, but just enables
Properties based configuration in addition to the parent class's String configuration. |
| ProxiedSession |
Simple Session implementation that immediately delegates all corresponding calls to an
underlying proxied session instance.
|
| RandomSessionIdGenerator |
Generates session IDs by using a Random instance to generate random IDs. |
| Realm |
A Realm is a security component that can access application-specific security entities
such as users, roles, and permissions to determine authentication and authorization operations.
|
| RealmFactory |
Enables Shiro end-users to configure and initialize one or more Realm instances
in any manner desired. |
| RealmSecurityManager |
|
| RegExPatternMatcher |
|
| RememberMeAuthenticationToken |
An AuthenticationToken that indicates if the user wishes their identity to be remembered across sessions.
|
| RememberMeManager |
A RememberMeManager is responsible for remembering a Subject's identity across that Subject's sessions with
the application.
|
| RequiredTypeException |
Exception thrown when attempting to acquire an object of a required type and that object does not equal, extend, or
implement a specified Class.
|
| RequiresAuthentication |
Requires the current Subject to have been authenticated during their current session for the annotated
class/instance/method to be accessed or invoked.
|
| RequiresGuest |
Requires the current Subject to be a "guest", that is, they are not authenticated or remembered
from a previous session for the annotated class/instance/method to be accessed or invoked.
|
| RequiresPermissions |
Requires the current executor's Subject to imply a particular permission in
order to execute the annotated method.
|
| RequiresRoles |
Requires the currently executing Subject to have all of the
specified roles. |
| RequiresUser |
Requires the current Subject to be an application user for the annotated class/instance/method to be
accessed or invoked.
|
| RoleAnnotationHandler |
Checks to see if a @ RequiresRoles annotation is declared, and if so, performs
a role check to see if the calling Subject is allowed to proceed. |
| RoleAnnotationMethodInterceptor |
Checks to see if a @ RequiresRoles annotation is declared, and if so, performs
a role check to see if the calling Subject is allowed to invoke the method. |
| RolePermissionResolver |
A RolePermissionResolver resolves a String value and converts it into a Collection of
Permission instances. |
| RolePermissionResolverAware |
Interface implemented by a component that wishes to use any application-configured RolePermissionResolver that
might already exist instead of potentially creating one itself.
|
| SaltedAuthenticationInfo |
Interface representing account information that may use a salt when hashing credentials.
|
| SecurityManager |
A SecurityManager executes all security operations for all Subjects (aka users) across a
single application.
|
| SecurityUtils |
Accesses the currently accessible Subject for the calling code depending on runtime environment.
|
| Session |
A Session is a stateful data context associated with a single Subject (user, daemon process,
etc) who interacts with a software system over a period of time.
|
| SessionContext |
A SessionContext is a 'bucket' of data presented to a SessionFactory which interprets
this data to construct Session instances. |
| SessionDAO |
Data Access Object design pattern specification to enable Session access to an
EIS (Enterprise Information System). |
| SessionException |
General security exception attributed to problems during interaction with the system during
a session.
|
| SessionFactory |
A simple factory class that instantiates concrete Session instances. |
| SessionIdGenerator |
Interface allowing pluggable session ID generation strategies to be used with various SessionDAO
implementations. |
| SessionKey |
A SessionKey is a key that allows look-up of any particular Session
instance. |
| SessionListener |
Interface to be implemented by components that wish to be notified of events that occur during a
Session's life cycle. |
| SessionListenerAdapter |
Simple adapter implementation of the SessionListener interface, effectively providing
no-op implementations of all methods. |
| SessionManager |
A SessionManager manages the creation, maintenance, and clean-up of all application
Sessions. |
| SessionsSecurityManager |
|
| SessionStorageEvaluator |
Evaluates whether or not Shiro may use a Subject's Session
to persist that Subject's internal state. |
| SessionValidationScheduler |
Interface that should be implemented by classes that can control validating sessions on a regular
basis.
|
| Sha1CredentialsMatcher |
Deprecated.
|
| Sha256CredentialsMatcher |
Deprecated.
|
| Sha384CredentialsMatcher |
Deprecated.
|
| Sha512CredentialsMatcher |
Deprecated.
|
| ShortCircuitIterationException |
|
| SimpleAccount |
Simple implementation of the Account interface that
contains principal and credential and authorization information (roles and permissions) as instance variables and
exposes them via getters and setters using standard JavaBean notation. |
| SimpleAccountRealm |
A simple implementation of the Realm interface that
uses a set of configured user accounts and roles to support authentication and authorization. |
| SimpleAuthenticationInfo |
|
| SimpleAuthorizationInfo |
Simple POJO implementation of the AuthorizationInfo interface that stores roles and permissions as internal
attributes. |
| SimpleCredentialsMatcher |
Simple CredentialsMatcher implementation.
|
| SimplePrincipalCollection |
|
| SimplePrincipalMap |
|
| SimpleRole |
A simple representation of a security role that has a name and a collection of permissions.
|
| SimpleSession |
Simple Session JavaBeans-compatible POJO implementation, intended to be used on the
business/server tier. |
| SimpleSessionFactory |
SessionFactory implementation that generates SimpleSession instances. |
| StoppedSessionException |
Exception thrown when attempting to interact with the system under a session that has been
stopped.
|
| Subject |
A Subject represents state and security operations for a single application user.
|
| Subject.Builder |
Builder design pattern implementation for creating Subject instances in a simplified way without
requiring knowledge of Shiro's construction techniques. |
| SubjectAwareExecutor |
Executor implementation that will automatically first associate any argument
Runnable instances with the currently available Subject and then
dispatch the Subject-enabled runnable to an underlying delegate Executor
instance. |
| SubjectAwareExecutorService |
|
| SubjectAwareScheduledExecutorService |
|
| SubjectCallable<V> |
A SubjectCallable associates a Subject with a target/delegate
Callable to ensure proper Subject thread-state management when the Callable executes. |
| SubjectContext |
A SubjectContext is a 'bucket' of data presented to a SecurityManager which interprets
this data to construct Subject instances. |
| SubjectDAO |
A SubjectDAO is responsible for persisting a Subject instance's internal state such that the Subject instance
can be recreated at a later time if necessary.
|
| SubjectFactory |
A SubjectFactory is responsible for constructing Subject instances as needed. |
| SubjectRunnable |
A SubjectRunnable ensures that a target/delegate Runnable will execute such that any
call to SecurityUtils.getSubject() during the
Runnable's execution will return the associated Subject instance. |
| SubjectThreadState |
Manages thread-state for Subject access (supporting
SecurityUtils.getSubject() calls)
during a thread's execution. |
| TextConfigurationRealm |
A SimpleAccountRealm that enables text-based configuration of the initial User, Role, and Permission objects
created at startup.
|
| ThreadContext |
A ThreadContext provides a means of binding and unbinding objects to the
current thread based on key/value pairs.
|
| ThreadState |
A ThreadState instance manages any state that might need to be bound and/or restored during a thread's
execution.
|
| UnauthenticatedException |
Exception thrown when attempting to execute an authorization action when a successful
authentication hasn't yet occurred.
|
| UnauthorizedException |
Thrown to indicate a requested operation or access to a requested resource is not allowed.
|
| UnavailableSecurityManagerException |
Exception thrown when attempting to acquire the application's SecurityManager instance, but Shiro's
lookup heuristics cannot find one.
|
| UnknownAccountException |
Thrown when attempting to authenticate with a principal that doesn't exist in the system (e.g.
|
| UnknownSessionException |
Exception thrown when attempting to interact with the system under the pretense of a
particular session (e.g. under a specific session id), and that session does not exist in
the system.
|
| UnsupportedAuthenticationMechanismException |
|
| UnsupportedTokenException |
Exception thrown during the authentication process when an
AuthenticationToken implementation is encountered that is not
supported by one or more configured Realms. |
| UserAnnotationHandler |
Checks to see if a @ RequiresUser annotation
is declared, and if so, ensures the calling Subject is either
authenticated or remembered via remember
me services before allowing access. |
| UserAnnotationMethodInterceptor |
Checks to see if a @ RequiresUser annotation
is declared, and if so, ensures the calling Subject is either
authenticated or remembered via remember
me services before invoking the method. |
| UsernamePasswordToken |
A simple username/password authentication token to support the most widely-used authentication mechanism.
|
| ValidatingSession |
A ValidatingSession is a Session that is capable of determining it is valid or not and
is able to validate itself if necessary.
|
| ValidatingSessionManager |
A ValidatingSessionManager is a SessionManager that can proactively validate any or all sessions
that may be expired.
|
| WildcardPermission |
A WildcardPermission is a very flexible permission construct supporting multiple levels of
permission matching.
|
| WildcardPermissionResolver |
PermissionResolver implementation that returns a new WildcardPermission
based on the input string.
|