Package org.apache.shiro.web.mgt

Class CookieRememberMeManager

  • All Implemented Interfaces:
    RememberMeManager
    public class CookieRememberMeManager
extends AbstractRememberMeManager
    Remembers a Subject's identity by saving the Subject's principals to a Cookie for later retrieval.

    Cookie attributes (path, domain, maxAge, etc) may be set on this class's default cookie attribute, which acts as a template to use to set all properties of outgoing cookies created by this implementation.

    The default cookie has the following attribute values set:

    Attribute Name Value
    name rememberMe
    path /
    maxAge Cookie.ONE_YEAR

    Note that because this class subclasses the AbstractRememberMeManager which already provides serialization and encryption logic, this class utilizes both for added security before setting the cookie value.

    Since:
    1.0

    • Constructor Detail

      • CookieRememberMeManager

        public CookieRememberMeManager()
        Constructs a new CookieRememberMeManager with a default rememberMe cookie template.

    • Method Detail

      • getCookie

        public Cookie getCookie()
        Returns the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager. Outgoing cookies will match this one except for the value attribute, which is necessarily set dynamically at runtime.

        Please see the class-level JavaDoc for the default cookie's attribute values.

        Returns:
        the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.

      • setCookie

        public void setCookie​(Cookie cookie)
        Sets the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager. Outgoing cookies will match this one except for the value attribute, which is necessarily set dynamically at runtime.

        Please see the class-level JavaDoc for the default cookie's attribute values.

        Parameters:
        cookie - the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.

      • rememberSerializedIdentity

        protected void rememberSerializedIdentity​(Subject subject,
                                          byte[] serialized)
        Base64-encodes the specified serialized byte array and sets that base64-encoded String as the cookie value.

        The subject instance is expected to be a WebSubject instance with an HTTP Request/Response pair so an HTTP cookie can be set on the outgoing response. If it is not a WebSubject or that WebSubject does not have an HTTP Request/Response pair, this implementation does nothing.

        Specified by:
        rememberSerializedIdentity in class AbstractRememberMeManager
        Parameters:
        subject - the Subject for which the identity is being serialized.
        serialized - the serialized bytes to be persisted.

      • getRememberedSerializedIdentity

        protected byte[] getRememberedSerializedIdentity​(SubjectContext subjectContext)
        Returns a previously serialized identity byte array or null if the byte array could not be acquired. This implementation retrieves an HTTP cookie, Base64-decodes the cookie value, and returns the resulting byte array.

        The SubjectContext instance is expected to be a WebSubjectContext instance with an HTTP Request/Response pair so an HTTP cookie can be retrieved from the incoming request. If it is not a WebSubjectContext or that WebSubjectContext does not have an HTTP Request/Response pair, this implementation returns null.

        Specified by:
        getRememberedSerializedIdentity in class AbstractRememberMeManager
        Parameters:
        subjectContext - the contextual data, usually provided by a Subject.Builder implementation, that is being used to construct a Subject instance. To be used to assist with data lookup.
        Returns:
        a previously serialized identity byte array or null if the byte array could not be acquired.

      • forgetIdentity

        protected void forgetIdentity​(Subject subject)
        Removes the 'rememberMe' cookie from the associated WebSubject's request/response pair.

        The subject instance is expected to be a WebSubject instance with an HTTP Request/Response pair. If it is not a WebSubject or that WebSubject does not have an HTTP Request/Response pair, this implementation does nothing.

        Specified by:
        forgetIdentity in class AbstractRememberMeManager
        Parameters:
        subject - the subject instance for which identity data should be forgotten from the underlying persistence

      • forgetIdentity

        public void forgetIdentity​(SubjectContext subjectContext)
        Removes the 'rememberMe' cookie from the associated WebSubjectContext's request/response pair.

        The SubjectContext instance is expected to be a WebSubjectContext instance with an HTTP Request/Response pair. If it is not a WebSubjectContext or that WebSubjectContext does not have an HTTP Request/Response pair, this implementation does nothing.

        Parameters:
        subjectContext - the contextual data, usually provided by a Subject.Builder implementation