Package org.apache.shiro.web.mgt
Class CookieRememberMeManager
- java.lang.Object
-
- org.apache.shiro.mgt.AbstractRememberMeManager
-
- org.apache.shiro.web.mgt.CookieRememberMeManager
-
- All Implemented Interfaces:
RememberMeManager
public class CookieRememberMeManager extends AbstractRememberMeManager
Remembers a Subject's identity by saving the Subject'sprincipals
to aCookie
for later retrieval. Cookie attributes (path, domain, maxAge, etc) may be set on this class's defaultcookie
attribute, which acts as a template to use to set all properties of outgoing cookies created by this implementation. The default cookie has the following attribute values set:Attribute Name Value name
rememberMe
path
/
maxAge
Cookie.ONE_YEAR
AbstractRememberMeManager
which already provides serialization and encryption logic, this class utilizes both for added security before setting the cookie value.- Since:
- 1.0
-
-
Field Summary
Fields Modifier and Type Field Description static String
DEFAULT_REMEMBER_ME_COOKIE_NAME
The default name of the underlying rememberMe cookie which isrememberMe
.
-
Constructor Summary
Constructors Constructor Description CookieRememberMeManager()
Constructs a newCookieRememberMeManager
with a defaultrememberMe
cookie template.
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
forgetIdentity(Subject subject)
Removes the 'rememberMe' cookie from the associatedWebSubject
's request/response pair.void
forgetIdentity(SubjectContext subjectContext)
Removes the 'rememberMe' cookie from the associatedWebSubjectContext
's request/response pair.Cookie
getCookie()
Returns the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by thisRememberMeManager
.protected byte[]
getRememberedSerializedIdentity(SubjectContext subjectContext)
Returns a previously serialized identity byte array ornull
if the byte array could not be acquired.protected void
rememberSerializedIdentity(Subject subject, byte[] serialized)
Base64-encodes the specified serialized byte array and sets that base64-encoded String as the cookie value.void
setCookie(Cookie cookie)
Sets the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by thisRememberMeManager
.-
Methods inherited from class org.apache.shiro.mgt.AbstractRememberMeManager
convertBytesToPrincipals, convertPrincipalsToBytes, decrypt, deserialize, encrypt, getCipherKey, getCipherService, getDecryptionCipherKey, getEncryptionCipherKey, getIdentityToRemember, getRememberedPrincipals, getSerializer, isRememberMe, onFailedLogin, onLogout, onRememberedPrincipalFailure, onSuccessfulLogin, rememberIdentity, rememberIdentity, serialize, setCipherKey, setCipherService, setDecryptionCipherKey, setEncryptionCipherKey, setSerializer
-
-
-
-
Field Detail
-
DEFAULT_REMEMBER_ME_COOKIE_NAME
public static final String DEFAULT_REMEMBER_ME_COOKIE_NAME
The default name of the underlying rememberMe cookie which isrememberMe
.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
CookieRememberMeManager
public CookieRememberMeManager()
Constructs a newCookieRememberMeManager
with a defaultrememberMe
cookie template.
-
-
Method Detail
-
getCookie
public Cookie getCookie()
Returns the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by thisRememberMeManager
. Outgoing cookies will match this one except for thevalue
attribute, which is necessarily set dynamically at runtime. Please see the class-level JavaDoc for the default cookie's attribute values.- Returns:
- the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by
this
RememberMeManager
.
-
setCookie
public void setCookie(Cookie cookie)
Sets the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by thisRememberMeManager
. Outgoing cookies will match this one except for thevalue
attribute, which is necessarily set dynamically at runtime. Please see the class-level JavaDoc for the default cookie's attribute values.- Parameters:
cookie
- the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by thisRememberMeManager
.
-
rememberSerializedIdentity
protected void rememberSerializedIdentity(Subject subject, byte[] serialized)
Base64-encodes the specified serialized byte array and sets that base64-encoded String as the cookie value. Thesubject
instance is expected to be aWebSubject
instance with an HTTP Request/Response pair so an HTTP cookie can be set on the outgoing response. If it is not aWebSubject
or thatWebSubject
does not have an HTTP Request/Response pair, this implementation does nothing.- Specified by:
rememberSerializedIdentity
in classAbstractRememberMeManager
- Parameters:
subject
- the Subject for which the identity is being serialized.serialized
- the serialized bytes to be persisted.
-
getRememberedSerializedIdentity
protected byte[] getRememberedSerializedIdentity(SubjectContext subjectContext)
Returns a previously serialized identity byte array ornull
if the byte array could not be acquired. This implementation retrieves an HTTP cookie, Base64-decodes the cookie value, and returns the resulting byte array. TheSubjectContext
instance is expected to be aWebSubjectContext
instance with an HTTP Request/Response pair so an HTTP cookie can be retrieved from the incoming request. If it is not aWebSubjectContext
or thatWebSubjectContext
does not have an HTTP Request/Response pair, this implementation returnsnull
.- Specified by:
getRememberedSerializedIdentity
in classAbstractRememberMeManager
- Parameters:
subjectContext
- the contextual data, usually provided by aSubject.Builder
implementation, that is being used to construct aSubject
instance. To be used to assist with data lookup.- Returns:
- a previously serialized identity byte array or
null
if the byte array could not be acquired.
-
forgetIdentity
protected void forgetIdentity(Subject subject)
Removes the 'rememberMe' cookie from the associatedWebSubject
's request/response pair. Thesubject
instance is expected to be aWebSubject
instance with an HTTP Request/Response pair. If it is not aWebSubject
or thatWebSubject
does not have an HTTP Request/Response pair, this implementation does nothing.- Specified by:
forgetIdentity
in classAbstractRememberMeManager
- Parameters:
subject
- the subject instance for which identity data should be forgotten from the underlying persistence
-
forgetIdentity
public void forgetIdentity(SubjectContext subjectContext)
Removes the 'rememberMe' cookie from the associatedWebSubjectContext
's request/response pair. TheSubjectContext
instance is expected to be aWebSubjectContext
instance with an HTTP Request/Response pair. If it is not aWebSubjectContext
or thatWebSubjectContext
does not have an HTTP Request/Response pair, this implementation does nothing.- Parameters:
subjectContext
- the contextual data, usually provided by aSubject.Builder
implementation
-
-