Package org.apache.shiro.web.mgt
Class DefaultWebSecurityManager
-
- All Implemented Interfaces:
Authenticator
,Authorizer
,CacheManagerAware
,EventBusAware
,SecurityManager
,SessionManager
,Destroyable
,WebSecurityManager
public class DefaultWebSecurityManager extends DefaultSecurityManager implements WebSecurityManager
DefaultWebSecurityManager
implementation used in web-based applications or any application that requires HTTP connectivity (SOAP, http remoting, etc).- Since:
- 0.2
-
-
Field Summary
Fields Modifier and Type Field Description static String
HTTP_SESSION_MODE
Deprecated.static String
NATIVE_SESSION_MODE
Deprecated.-
Fields inherited from class org.apache.shiro.mgt.DefaultSecurityManager
rememberMeManager, subjectDAO, subjectFactory
-
-
Constructor Summary
Constructors Constructor Description DefaultWebSecurityManager()
DefaultWebSecurityManager(Collection<Realm> realms)
DefaultWebSecurityManager(Realm singleRealm)
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected void
afterSessionManagerSet()
protected void
beforeLogout(Subject subject)
protected SubjectContext
copy(SubjectContext subjectContext)
protected SessionContext
createSessionContext(SubjectContext subjectContext)
protected SessionManager
createSessionManager(String sessionMode)
protected SubjectContext
createSubjectContext()
protected SessionKey
getSessionKey(SubjectContext context)
String
getSessionMode()
Deprecated.boolean
isHttpSessionMode()
Security information needs to be retained from request to request, so Shiro makes use of a session for this.protected void
removeRequestIdentity(Subject subject)
void
setSessionManager(SessionManager sessionManager)
Sets the underlying delegateSessionManager
instance that will be used to support this implementation's SessionManager method calls.void
setSessionMode(String sessionMode)
Deprecated.since 1.2void
setSubjectDAO(SubjectDAO subjectDAO)
Sets theSubjectDAO
responsible for persisting Subject state, typically used after login or when an Subject identity is discovered (eg after RememberMe services).-
Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager
bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbind
-
Methods inherited from class org.apache.shiro.mgt.SessionsSecurityManager
afterCacheManagerSet, afterEventBusSet, applyCacheManagerToSessionManager, applyEventBusToSessionManager, destroy, getSession, getSessionManager, start
-
Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer
-
Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager
authenticate, getAuthenticator, setAuthenticator
-
Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager
applyCacheManagerToRealms, applyEventBusToRealms, getRealms, setRealm, setRealms
-
Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager
applyEventBusToCacheManager, getCacheManager, getEventBus, setCacheManager, setEventBus
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.shiro.authc.Authenticator
authenticate
-
Methods inherited from interface org.apache.shiro.authz.Authorizer
checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll
-
Methods inherited from interface org.apache.shiro.mgt.SecurityManager
createSubject, login, logout
-
Methods inherited from interface org.apache.shiro.session.mgt.SessionManager
getSession, start
-
-
-
-
Field Detail
-
HTTP_SESSION_MODE
@Deprecated public static final String HTTP_SESSION_MODE
Deprecated.- See Also:
- Constant Field Values
-
NATIVE_SESSION_MODE
@Deprecated public static final String NATIVE_SESSION_MODE
Deprecated.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
DefaultWebSecurityManager
public DefaultWebSecurityManager()
-
DefaultWebSecurityManager
public DefaultWebSecurityManager(Realm singleRealm)
-
DefaultWebSecurityManager
public DefaultWebSecurityManager(Collection<Realm> realms)
-
-
Method Detail
-
createSubjectContext
protected SubjectContext createSubjectContext()
- Overrides:
createSubjectContext
in classDefaultSecurityManager
-
setSubjectDAO
public void setSubjectDAO(SubjectDAO subjectDAO)
Description copied from class:DefaultSecurityManager
Sets theSubjectDAO
responsible for persisting Subject state, typically used after login or when an Subject identity is discovered (eg after RememberMe services). Unless configured otherwise, the default implementation is aDefaultSubjectDAO
.- Overrides:
setSubjectDAO
in classDefaultSecurityManager
- Parameters:
subjectDAO
- theSubjectDAO
responsible for persisting Subject state, typically used after login or when an Subject identity is discovered (eg after RememberMe services).- See Also:
DefaultSubjectDAO
-
afterSessionManagerSet
protected void afterSessionManagerSet()
- Overrides:
afterSessionManagerSet
in classSessionsSecurityManager
-
copy
protected SubjectContext copy(SubjectContext subjectContext)
- Overrides:
copy
in classDefaultSecurityManager
-
getSessionMode
@Deprecated public String getSessionMode()
Deprecated.
-
setSessionMode
@Deprecated public void setSessionMode(String sessionMode)
Deprecated.since 1.2- Parameters:
sessionMode
-
-
setSessionManager
public void setSessionManager(SessionManager sessionManager)
Description copied from class:SessionsSecurityManager
Sets the underlying delegateSessionManager
instance that will be used to support this implementation's SessionManager method calls. This SecurityManager implementation does not provide logic to support the inherited SessionManager interface, but instead delegates these calls to an internal SessionManager instance. If a SessionManager instance is not set, a default one will be automatically created and initialized appropriately for the the existing runtime environment.- Overrides:
setSessionManager
in classSessionsSecurityManager
- Parameters:
sessionManager
- delegate instance to use to support this manager's SessionManager method calls.
-
isHttpSessionMode
public boolean isHttpSessionMode()
Description copied from interface:WebSecurityManager
Security information needs to be retained from request to request, so Shiro makes use of a session for this. Typically, a security manager will use the servlet container's HTTP session but custom session implementations, for example based on EhCache, may also be used. This method indicates whether the security manager is using the HTTP session or not.- Specified by:
isHttpSessionMode
in interfaceWebSecurityManager
- Returns:
true
if the security manager is using the HTTP session; otherwise,false
.- Since:
- 1.0
-
createSessionManager
protected SessionManager createSessionManager(String sessionMode)
-
createSessionContext
protected SessionContext createSessionContext(SubjectContext subjectContext)
- Overrides:
createSessionContext
in classDefaultSecurityManager
-
getSessionKey
protected SessionKey getSessionKey(SubjectContext context)
- Overrides:
getSessionKey
in classDefaultSecurityManager
-
beforeLogout
protected void beforeLogout(Subject subject)
- Overrides:
beforeLogout
in classDefaultSecurityManager
-
removeRequestIdentity
protected void removeRequestIdentity(Subject subject)
-
-