Package org.apache.shiro.web.mgt
Class DefaultWebSecurityManager
-
- All Implemented Interfaces:
Authenticator,Authorizer,CacheManagerAware,EventBusAware,SecurityManager,SessionManager,Destroyable,WebSecurityManager
public class DefaultWebSecurityManager extends DefaultSecurityManager implements WebSecurityManager
DefaultWebSecurityManagerimplementation used in web-based applications or any application that requires HTTP connectivity (SOAP, http remoting, etc).- Since:
- 0.2
-
-
Field Summary
Fields Modifier and Type Field Description static StringHTTP_SESSION_MODEDeprecated.static StringNATIVE_SESSION_MODEDeprecated.-
Fields inherited from class org.apache.shiro.mgt.DefaultSecurityManager
rememberMeManager, subjectDAO, subjectFactory
-
-
Constructor Summary
Constructors Constructor Description DefaultWebSecurityManager()DefaultWebSecurityManager(Collection<Realm> realms)DefaultWebSecurityManager(Realm singleRealm)
-
Method Summary
All Methods Instance Methods Concrete Methods Deprecated Methods Modifier and Type Method Description protected voidafterSessionManagerSet()protected voidbeforeLogout(Subject subject)protected SubjectContextcopy(SubjectContext subjectContext)protected SessionContextcreateSessionContext(SubjectContext subjectContext)protected SessionManagercreateSessionManager(String sessionMode)protected SubjectContextcreateSubjectContext()protected SessionKeygetSessionKey(SubjectContext context)StringgetSessionMode()Deprecated.booleanisHttpSessionMode()Security information needs to be retained from request to request, so Shiro makes use of a session for this.protected voidremoveRequestIdentity(Subject subject)voidsetSessionManager(SessionManager sessionManager)Sets the underlying delegateSessionManagerinstance that will be used to support this implementation's SessionManager method calls.voidsetSessionMode(String sessionMode)Deprecated.since 1.2voidsetSubjectDAO(SubjectDAO subjectDAO)Sets theSubjectDAOresponsible for persisting Subject state, typically used after login or when an Subject identity is discovered (eg after RememberMe services).-
Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager
bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbind
-
Methods inherited from class org.apache.shiro.mgt.SessionsSecurityManager
afterCacheManagerSet, afterEventBusSet, applyCacheManagerToSessionManager, applyEventBusToSessionManager, destroy, getSession, getSessionManager, start
-
Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer
-
Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager
authenticate, getAuthenticator, setAuthenticator
-
Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager
applyCacheManagerToRealms, applyEventBusToRealms, getRealms, setRealm, setRealms
-
Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager
applyEventBusToCacheManager, getCacheManager, getEventBus, setCacheManager, setEventBus
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface org.apache.shiro.authc.Authenticator
authenticate
-
Methods inherited from interface org.apache.shiro.authz.Authorizer
checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll
-
Methods inherited from interface org.apache.shiro.mgt.SecurityManager
createSubject, login, logout
-
Methods inherited from interface org.apache.shiro.session.mgt.SessionManager
getSession, start
-
-
-
-
Field Detail
-
HTTP_SESSION_MODE
@Deprecated public static final String HTTP_SESSION_MODE
Deprecated.- See Also:
- Constant Field Values
-
NATIVE_SESSION_MODE
@Deprecated public static final String NATIVE_SESSION_MODE
Deprecated.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
DefaultWebSecurityManager
public DefaultWebSecurityManager()
-
DefaultWebSecurityManager
public DefaultWebSecurityManager(Realm singleRealm)
-
DefaultWebSecurityManager
public DefaultWebSecurityManager(Collection<Realm> realms)
-
-
Method Detail
-
createSubjectContext
protected SubjectContext createSubjectContext()
- Overrides:
createSubjectContextin classDefaultSecurityManager
-
setSubjectDAO
public void setSubjectDAO(SubjectDAO subjectDAO)
Description copied from class:DefaultSecurityManagerSets theSubjectDAOresponsible for persisting Subject state, typically used after login or when an Subject identity is discovered (eg after RememberMe services). Unless configured otherwise, the default implementation is aDefaultSubjectDAO.- Overrides:
setSubjectDAOin classDefaultSecurityManager- Parameters:
subjectDAO- theSubjectDAOresponsible for persisting Subject state, typically used after login or when an Subject identity is discovered (eg after RememberMe services).- See Also:
DefaultSubjectDAO
-
afterSessionManagerSet
protected void afterSessionManagerSet()
- Overrides:
afterSessionManagerSetin classSessionsSecurityManager
-
copy
protected SubjectContext copy(SubjectContext subjectContext)
- Overrides:
copyin classDefaultSecurityManager
-
getSessionMode
@Deprecated public String getSessionMode()
Deprecated.
-
setSessionMode
@Deprecated public void setSessionMode(String sessionMode)
Deprecated.since 1.2- Parameters:
sessionMode-
-
setSessionManager
public void setSessionManager(SessionManager sessionManager)
Description copied from class:SessionsSecurityManagerSets the underlying delegateSessionManagerinstance that will be used to support this implementation's SessionManager method calls. This SecurityManager implementation does not provide logic to support the inherited SessionManager interface, but instead delegates these calls to an internal SessionManager instance. If a SessionManager instance is not set, a default one will be automatically created and initialized appropriately for the the existing runtime environment.- Overrides:
setSessionManagerin classSessionsSecurityManager- Parameters:
sessionManager- delegate instance to use to support this manager's SessionManager method calls.
-
isHttpSessionMode
public boolean isHttpSessionMode()
Description copied from interface:WebSecurityManagerSecurity information needs to be retained from request to request, so Shiro makes use of a session for this. Typically, a security manager will use the servlet container's HTTP session but custom session implementations, for example based on EhCache, may also be used. This method indicates whether the security manager is using the HTTP session or not.- Specified by:
isHttpSessionModein interfaceWebSecurityManager- Returns:
trueif the security manager is using the HTTP session; otherwise,false.- Since:
- 1.0
-
createSessionManager
protected SessionManager createSessionManager(String sessionMode)
-
createSessionContext
protected SessionContext createSessionContext(SubjectContext subjectContext)
- Overrides:
createSessionContextin classDefaultSecurityManager
-
getSessionKey
protected SessionKey getSessionKey(SubjectContext context)
- Overrides:
getSessionKeyin classDefaultSecurityManager
-
beforeLogout
protected void beforeLogout(Subject subject)
- Overrides:
beforeLogoutin classDefaultSecurityManager
-
removeRequestIdentity
protected void removeRequestIdentity(Subject subject)
-
-