|
||||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||
access to init parameters.creating filter chains.
creating filter chains.
chainName.
chainName.
preHandle,
postHandle,
and afterCompletion
hooks.finally block even if preHandle returns
false or if an exception is thrown during filter chain processing.
WWW-Authenticate
AuthenticationFilter that is capable of automatically performing an authentication attempt
based on the incoming request.Authorization
authenticated for the
request to continue, and if they're not, requires the user to login via the HTTP Basic protocol-specific challenge.WildcardPermission conventions.
super.buildSubject(), but additionally ensures that the returned instance
is an instanceof WebSubject and to support a type-safe method so a caller
does not have to cast.
AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object) and swallow the exception if the exception is
UnauthenticatedException.
finally code block in the
doFilterInternal
implementation.
WebEnvironment instance:
shiroConfigLocations
WebEnvironment instance created by
the EnvironmentLoaderListener.contextInitialized(javax.servlet.ServletContextEvent) method.
WebEnvironment and binds it to the ServletContext at application
startup for future reference.
Ini instance.
principals to a Cookie
for later retrieval.CookieRememberMeManager with a default rememberMe cookie template.
chainName with the specified chainDefinition
String.
new DefaultWebSecurityManager(); to ensure a web-capable
SecurityManager is available by default.
WebEnvironment based on the specified ServletContext.
Ini instance reflecting the specified path, or null if the path does not exist and
is not required.
WebSubject instance to associate with the incoming request/response pair which will be used
throughout the request/response execution.
request.getCharacterEncoding
returns null, according to the Servlet spec.
/login.jsp, which can be overridden by calling the
setLoginUrl method.
-1, indicating the cookie should expire when the browser closes.
rememberMe.
-1 indicating that no version property should be set on the cookie.
FilterChainManager implementation maintaining a map of Filter instances
(key: filter name, value: Filter) as well as a map of NamedFilterLists created from these
Filters (key: filter chain name, value: NamedFilterList).WebEnvironment implementation based on a backing Map instance.WebSecurityManager implementation used in web-based applications or any
application that requires HTTP connectivity (SOAP, http remoting, etc).WebSessionContext interface which provides getters and setters that
wrap interaction with the underlying backing context map.SessionManager implementation.SessionStorageEvaluator that performs the same logic as the parent class
DefaultSessionStorageEvaluator but additionally checks for a request-specific flag that may enable or
disable session access.WebSubjectContext implementation that provides for additional storage and retrieval of
a ServletRequest and ServletResponse.SubjectFactory implementation that creates WebDelegatingSubject instances.WebEnvironment for the given servlet context.
IniWebEnvironment or a custom class if specified.
doFilter implementation stores a request attribute for
"already filtered", proceeding without filtering again if the
attribute is already there.
doFilterInternal implementation that sets-up, executes, and cleans-up a Shiro-filtered request.
pre,
post, and
after
advice hooks.
OncePerRequestFilter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain),
but guaranteed to be invoked only once per request.
WebEnvironment implementation class to use:
shiroEnvironmentClass
EnvironmentLoader is responsible for loading a web application's Shiro WebEnvironment
(which includes the web app's WebSecurityManager) into the
ServletContext at application startup.WebEnvironment at ServletContext startup and shutdown respectively.FilterChain for the given request.
chain.doFilter(request,response);.
FilterChainManager manages the creation and modification of Filter chains from an available pool
of Filter instances.FilterChainResolver can resolve an appropriate FilterChain to execute during a
ServletRequest.WebSubject's request/response pair.
WebSubjectContext's request/response pair.
loginUrl you configure.GET.
WWW-Authenticate header.
WWW-Authenticate header scheme that this filter will use when sending
the HTTP Basic challenge response.
AUTHORIZATION_HEADER from the specified ServletRequest.
Authorization header value that this filter will respond to as indicating
a login request.
chainName or null if there is no chain with
that name.
null if the
original chain should be used.
Set if no chains have been configured.
StringUtils.clean(String).
SecurityManager and
FilterChainResolver used by the web application or null if the
configPath should be used to load a fallback INI source.
config attribute.
RememberMeManager.
/WEB-INF/shiro.ini and classpath:shiro.ini.
FilterChain to execute for the given request.
FilterChainResolver if one has been configured or null if one
is not available.
FilterConfig provided by the Servlet container at webapp startup.
FilterConfig instance provided at
startup.
Filters managed by this manager, keyed by name.
HttpServletRequest.
Ini instance reflecting this WebEnvironment's configuration.
init-param, or null if there was no init-param
specified by that name.
Filter list.
PatternMatcher used when determining if an incoming request's path
matches a configured filter chain.
WebUtils.getPathWithinApplication(request)
and can be overridden by subclasses for custom request-to-application-path resolution behavior.
request.
authorizationHeader.
encoded String obtained from
the request's authorization header.
null if the byte array could not be acquired.
WebEnvironment for this web application, which is typically loaded via the
EnvironmentLoaderListener.
ServletContext associated with this WebEnvironment instance.
null if no
resource was found.
ServletRequest received by the servlet container triggering the creation of the
Session instance.
ServletRequest accessible when the Subject instance was created.
ServletRequest received by the servlet container triggering the creation of the
Subject instance.
ServletRequest associated with the component.
ServletResponse corresponding to the associated servletRequest.
ServletResponse accessible when the Subject instance was created.
ServletResponse corresponding to the associated servletRequest.
ServletResponse paired with the incoming
servletRequest.
Subject.
null if a raw HttpServletResponse.SC_UNAUTHORIZED response should be issued (401 Unauthorized).
WebEnvironment for this web application, which is typically loaded via
EnvironmentLoaderListener.
WebEnvironment for this web application.
true if one or more configured chains are available, false if none are configured.
http method actions map.
Session implementation that is backed entirely by a standard servlet container
HttpSession instance.Factory that creates FilterChainResolver instances based on Ini configuration.ShiroFilterIni
configuration and calling configure for actual instance configuration.
filterConfig and then immediately calls
onFilterConfigSet() to trigger any processing a subclass might wish to perform.
WebEnvironment instance
available to the currently accessible servletContext.
WebEnvironment instance for the specified ServletContext based on the
EnvironmentLoader.CONFIG_LOCATIONS_PARAM value.
filter.init( getFilterConfig() );.
WebEnvironment implementation configured by an Ini instance or Ini resource locations.true if the request is allowed to proceed through the filter normally, or false
if the request should be handled by the
onAccessDenied(request,response,mappedValue)
method instead.
true if the request is a
loginRequest or
if the current subject
is not null, false otherwise.
HttpServletRequest's method, appends that
action to each configured permission (the mappedValue argument is a String[] array), and
delegates the permission check for the newly constructed permission(s) to the superclass
isAccessAllowed
implementation to perform the actual permission check.
ServletRequest.isSecure().
OncePerRequestFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse) method, but additionally allows
for inspection of any path-specific configuration values corresponding to the specified request.
true if this filter should generally* execute for any request,
false if it should let the request/response pass through immediately to the next
element in the FilterChain.
true if this filter should filter the specified request, false if it should let the
request/response pass through immediately to the next element in the FilterChain.
true if the specified URL should be encoded with
a session identifier.
true if the specified authzHeader
starts with the same (case-insensitive) characters specified by the
authzScheme, false otherwise.
true if the incoming request is a login request, false otherwise.
isLoginAttempt.
true if the request is an HTTP POST,
false otherwise.
true if the mappedValue contains the AuthenticatingFilter.PERMISSIVE qualifier.
true if "rememberMe" should be enabled for the login attempt associated with the
current request, false otherwise.
false always.
true always.
true if session management and storage is managed by the underlying Servlet container or
false if managed by Shiro directly (called 'native' sessions).
true if session creation is allowed (as determined by the super class's
super#isSessionCreationEnabled() value and no request-specific override has disabled sessions for this subject,
false otherwise.
true if session storage is generally available (as determined by the super class's global
configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled() and no request-specific override has turned off
session storage, false otherwise.
true if the constructed securityManager reference should be bound
to static memory (via
SecurityUtils.setSecurityManager),
false otherwise.
subject
and then redirect them to a configured redirectUrl.WebEnvironment that supports 'write' operations operations.NameableFilter.getName()/NameableFilter.setName(String) methods.NamedFilterList is a List of Filter instances that is uniquely identified by a
name.DefaultWebSubjectContext to account for the additional request/response
pair.
DefaultWebSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext) directly if you
need to instantiate a custom Subject class.
PathMatchingFilter that will disable creating new Sessions during the request.isAccessAllowed
method, retaining the mappedValue that was used during configuration.
isAccessAllowed
method.
saveRequestAndRedirectToLogin
and then immediately returns false, thereby preventing the chain from continuing so the redirect may
execute.
true if
isAccessAllowed(Request,Response,Object),
otherwise returns the result of
onAccessDenied(Request,Response,Object).
true allowing unchecked access to the underlying path or resource.
true and should be overridden by subclasses for custom
logic if necessary.
org.apache.shiro.config components.Environment implementation and support.Filter implementations used to control
access to web pages and URL resources.Filter implementations specific to controlling access based on a
subject's authentication status, or those that can execute authentications (log-ins) directly.Filter implementations that perform authorization (access control)
checks based on the Subject's abilities (for example, role or permission checks).SecurityManager implementations.Subject interfaces to enable Subject use in web
environments.org.apache.shiro.web.subject package interfaces.true if an incoming request path (the path argument)
matches a configured filter chain path (the pattern argument), false otherwise.
FilterChainResolver that resolves FilterChains based on url path
matching, as determined by a configurable PathMatcher.true if the incoming request matches the specified path pattern,
false otherwise.
true if the path matches the specified pattern string,
false otherwise.
POST.
subject,
a potentially Subject or request-specific
redirectUrl,
and redirects the end-user to that redirect url.
true if the filter chain should be allowed to continue, false otherwise.
ServletRequest instance that will be passed to the FilterChain for request
processing.
ServletResponse instance that will be passed to the FilterChain for request
processing.
config, unique to the given path, and returns the Filter that should
execute for that path/config combination.
config argument and sets the resulting
String[] array on the appliedPaths internal Map.
FilterChain instance that proxies an original FilterChain as well
as a List of other Filters that might need to execute prior to the final wrapped
original chain.original FilterChain with the named chain.
FilterChain instance that will first execute this list's Filters (in list order)
and end with the execution of the given filterChain instance.
getLoginUrl and redirects
the request to that url.
saved request, or if there is no saved request, redirects the
end user to the specified fallbackUrl.
RequestPairSource is a component that can supply a ServletRequest and
ServletResponse pair associated with a currently executing request.WebEnvironments that can be initialized via resource paths (config files).Session key used to save a request and later restore it, for example when redirecting to a
requested page after login, equal to shiroSavedRequest.
WebUtils.saveRequest(request) to save the request
state for reuse later.
401 (Unauthorized) status as well as the
response's AUTHENTICATE_HEADER.
Session implementations that are merely wrappers for the
Servlet container's HttpSession.ServletContext.WWW-Authenticate header.
WWW-Authenticate header scheme that this filter will use when sending the
HTTP Basic challenge response.
Authorization header value that this filter will respond to as indicating a
login request.
SecurityManager and
FilterChainResolver used by the web application.
config attribute.
RememberMeManager.
WebEnvironment's FilterChainResolver.
FilterConfig provided by the Servlet container at webapp startup.
ServletContext as attributes of this class for use by
subclasses.
Ini instance instead of via
config locations.
PatternMatcher used when determining if an incoming request's path
matches a configured filter chain.
WebSubject.Builder constructor, this method places the request object in the
context map for later retrieval.
WebSubject.Builder constructor, this method places the response object in the
context map for later retrieval.
WebEnvironment's associated ServletContext instance.
ServletRequest received by the servlet container triggering the creation of the
Session instance.
ServletRequest received by the servlet container triggering the creation of the
Subject instance.
ServletResponse corresponding to the associated servletRequest.
ServletResponse corresponding to the associated servletRequest.
securityManager reference should be bound
to static memory (via SecurityUtils.setSecurityManager).
WebEnvironment's WebSecurityManager.
ShiroHttpServletRequest wraps the Servlet container's original ServletRequest instance, but ensures
that all HttpServletRequest invocations that require Shiro's support (getRemoteUser,
getSession, etc) can be executed first by Shiro as necessary before allowing the underlying
Servlet container instance's method to be invoked.Session under the hood for all session operations instead of the
Servlet Container's session mechanism.OncePerRequestFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
for custom behavior. This method will be removed in Shiro 2.0.
Cookie implementation.NamedFilterList implementation that is supported by a backing List instance and a simple
name property.SimpleNamedFilterList instance with the specified name, defaulting to a new
ArrayList instance as the backing list.
SimpleNamedFilterList instance with the specified name and backingList.
ServletRequest to an
HttpServletRequest:
return (HttpServletRequest)request;
Logic could be changed in the future for logging or throwing an meaningful exception in
non HTTP request environments (e.g.
ServletResponse to an
HttpServletResponse:
return (HttpServletResponse)response;
Logic could be changed in the future for logging or throwing an meaningful exception in
non HTTP request environments (e.g.
toStringBuilder() method, a better-performing alternative.
name, or if the name is null, just the
super.toStringBuilder() instance.
toString(), but returns a StringBuilder instance instead.
URLEncoder.encode(input, enc).
WebSubject implementation that additional ensures the ability to retain a
servlet request/response pair to be used by internal shiro components as necessary during the request execution.Environment instance, used in web applications.WebIniSecurityManagerFactory.createDefaultInstance() method, to
ensure a web-capable SecurityManager instance is created by default.WebIniSecurityManagerFactory instance which will construct web-capable
SecurityManager instances.
WebIniSecurityManagerFactory instance which will construct web-capable
SecurityManager instances.
SecurityManager implementation that can used in web-enabled applications.WebSubjectContext is a SessionContext that additionally provides for type-safe
methods to set and retrieve a ServletRequest and ServletResponse, as the request/response pair will
often need to be referenced during construction of web-initiated Session instances.SessionKey implementation that also retains the
ServletRequest and ServletResponse associated with the web request that is performing the
session lookup.SessionManager specific to web-enabled applications.WebSubject represents a Subject instance that was acquired as a result of an incoming
ServletRequest.WebSubject.Builder performs the same function as a Subject.Builder, but
additionally ensures that the Servlet request/response pair that is triggering the Subject instance's creation
is retained for use by internal Shiro components as necessary.Web.Builder instance using the SecurityManager obtained by
calling SecurityUtils.getSecurityManager().
Web.Builder instance using the specified SecurityManager instance to
create the WebSubject instance.
WebSubjectContext is a SubjectContext that additionally provides for type-safe
methods to set and retrieve a ServletRequest and ServletResponse.ShiroHttpServletRequest, which is required for supporting
Servlet Specification behavior backed by a Subject instance.
ShiroHttpServletResponse instance, wrapping the orig argument, in order to provide
correct URL rewriting behavior required by the Servlet Specification when using Shiro-based sessions (and not
Servlet Container HTTP-based sessions).
true if a session is allowed to be created for a subject-associated request, false
otherwise.
true if a session is allowed to be created for a subject-associated request, false
otherwise.
|
||||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||