| Class and Description |
|---|
| org.apache.shiro.crypto.hash.AbstractHash
in Shiro 1.1 in favor of using the concrete
SimpleHash implementation directly. |
| org.apache.shiro.realm.ldap.DefaultLdapContextFactory
replaced by the
JndiLdapContextFactory implementation. This implementation will be removed
prior to Shiro 2.0 |
| org.apache.shiro.web.servlet.IniShiroFilter
in 1.2 in favor of using the
ShiroFilter |
| org.apache.shiro.authc.credential.Md2CredentialsMatcher
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property. |
| org.apache.shiro.authc.credential.Md5CredentialsMatcher
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property. |
| org.apache.shiro.authc.credential.Sha1CredentialsMatcher
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property. |
| org.apache.shiro.authc.credential.Sha256CredentialsMatcher
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property. |
| org.apache.shiro.authc.credential.Sha384CredentialsMatcher
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property. |
| org.apache.shiro.authc.credential.Sha512CredentialsMatcher
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property. |
| Field and Description |
|---|
| org.apache.shiro.web.mgt.DefaultWebSecurityManager.HTTP_SESSION_MODE |
| org.apache.shiro.web.mgt.DefaultWebSecurityManager.NATIVE_SESSION_MODE |
| Method and Description |
|---|
| org.apache.shiro.mgt.DefaultSecurityManager.bind(Subject)
in favor of
save(subject). |
| org.apache.shiro.realm.ldap.LdapContextFactory.getLdapContext(String, String)
the
LdapContextFactory.getLdapContext(Object, Object) method should be used in all cases to ensure more than
String principals and credentials can be used. |
| org.apache.shiro.realm.ldap.JndiLdapContextFactory.getLdapContext(String, String)
the
JndiLdapContextFactory.getLdapContext(Object, Object) method should be used in all cases to ensure more than
String principals and credentials can be used. Shiro no longer calls this method - it will be
removed before the 2.0 release. |
| org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(String, String)
the
DefaultLdapContextFactory.getLdapContext(Object, Object) method should be used in all cases to ensure more than
String principals and credentials can be used. Shiro no longer calls this method - it will be
removed before the 2.0 release. |
| org.apache.shiro.authc.credential.HashedCredentialsMatcher.getSalt(AuthenticationToken)
since Shiro 1.1. Hash salting is now expected to be based on if the
AuthenticationInfo
returned from the Realm is a SaltedAuthenticationInfo instance and its
getCredentialsSalt() method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm does not return
SaltedAuthenticationInfo instances, but it is highly recommended that Realm implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0. |
| org.apache.shiro.web.mgt.DefaultWebSecurityManager.getSessionMode() |
| org.apache.shiro.authc.credential.HashedCredentialsMatcher.isHashSalted()
since Shiro 1.1. Hash salting is now expected to be based on if the
AuthenticationInfo
returned from the Realm is a SaltedAuthenticationInfo instance and its
getCredentialsSalt() method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm does not return
SaltedAuthenticationInfo instances, but it is highly recommended that Realm implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0. |
| org.apache.shiro.mgt.DefaultSubjectFactory.newSubjectInstance(PrincipalCollection, boolean, String, Session, SecurityManager)
since 1.2 - override
DefaultSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext) directly if you
need to instantiate a custom Subject class. |
| org.apache.shiro.web.mgt.DefaultWebSubjectFactory.newSubjectInstance(PrincipalCollection, boolean, String, Session, ServletRequest, ServletResponse, SecurityManager)
since 1.2 - override
DefaultWebSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext) directly if you
need to instantiate a custom Subject class. |
| org.apache.shiro.authc.credential.HashedCredentialsMatcher.setHashSalted(boolean)
since Shiro 1.1. Hash salting is now expected to be based on if the
AuthenticationInfo
returned from the Realm is a SaltedAuthenticationInfo instance and its
getCredentialsSalt() method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm does not return
SaltedAuthenticationInfo instances, but it is highly recommended that Realm implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0. |
| org.apache.shiro.realm.ldap.DefaultLdapContextFactory.setSearchBase(String)
this attribute existed, but was never used in Shiro 1.x. It will be removed prior to Shiro 2.0.
|
| org.apache.shiro.web.mgt.DefaultWebSecurityManager.setSessionMode(String)
since 1.2
|
| org.apache.shiro.web.servlet.OncePerRequestFilter.shouldNotFilter(ServletRequest)
in favor of overriding
OncePerRequestFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
for custom behavior. This method will be removed in Shiro 2.0. |
| org.apache.shiro.mgt.DefaultSecurityManager.unbind(Subject)
in Shiro 1.2 in favor of
DefaultSecurityManager.delete(org.apache.shiro.subject.Subject) |
Copyright © 2004-2013 The Apache Software Foundation. All Rights Reserved.