org.apache.shiro.web.mgt
Class DefaultWebSecurityManager
java.lang.Object
org.apache.shiro.mgt.CachingSecurityManager
org.apache.shiro.mgt.RealmSecurityManager
org.apache.shiro.mgt.AuthenticatingSecurityManager
org.apache.shiro.mgt.AuthorizingSecurityManager
org.apache.shiro.mgt.SessionsSecurityManager
org.apache.shiro.mgt.DefaultSecurityManager
org.apache.shiro.web.mgt.DefaultWebSecurityManager
- All Implemented Interfaces:
- Authenticator, Authorizer, CacheManagerAware, SecurityManager, SessionManager, Destroyable, WebSecurityManager
public class DefaultWebSecurityManager
- extends DefaultSecurityManager
- implements WebSecurityManager
Default WebSecurityManager
implementation used in web-based applications or any
application that requires HTTP connectivity (SOAP, http remoting, etc).
- Since:
- 0.2
Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager |
bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbind |
Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager |
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Methods inherited from interface org.apache.shiro.authz.Authorizer |
checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll |
HTTP_SESSION_MODE
@Deprecated
public static final String HTTP_SESSION_MODE
- Deprecated.
- See Also:
- Constant Field Values
NATIVE_SESSION_MODE
@Deprecated
public static final String NATIVE_SESSION_MODE
- Deprecated.
- See Also:
- Constant Field Values
DefaultWebSecurityManager
public DefaultWebSecurityManager()
DefaultWebSecurityManager
public DefaultWebSecurityManager(Realm singleRealm)
DefaultWebSecurityManager
public DefaultWebSecurityManager(Collection<Realm> realms)
createSubjectContext
protected SubjectContext createSubjectContext()
- Overrides:
createSubjectContext
in class DefaultSecurityManager
setSubjectDAO
public void setSubjectDAO(SubjectDAO subjectDAO)
- Description copied from class:
DefaultSecurityManager
- Sets the
SubjectDAO
responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services). Unless configured otherwise, the default
implementation is a DefaultSubjectDAO
.
- Overrides:
setSubjectDAO
in class DefaultSecurityManager
- Parameters:
subjectDAO
- the SubjectDAO
responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services).- See Also:
DefaultSubjectDAO
afterSessionManagerSet
protected void afterSessionManagerSet()
- Overrides:
afterSessionManagerSet
in class SessionsSecurityManager
copy
protected SubjectContext copy(SubjectContext subjectContext)
- Overrides:
copy
in class DefaultSecurityManager
getSessionMode
@Deprecated
public String getSessionMode()
- Deprecated.
setSessionMode
@Deprecated
public void setSessionMode(String sessionMode)
- Deprecated. since 1.2
- Parameters:
sessionMode
-
setSessionManager
public void setSessionManager(SessionManager sessionManager)
- Description copied from class:
SessionsSecurityManager
- Sets the underlying delegate
SessionManager
instance that will be used to support this implementation's
SessionManager method calls.
This SecurityManager implementation does not provide logic to support the inherited
SessionManager interface, but instead delegates these calls to an internal
SessionManager instance.
If a SessionManager instance is not set, a default one will be automatically created and
initialized appropriately for the the existing runtime environment.
- Overrides:
setSessionManager
in class SessionsSecurityManager
- Parameters:
sessionManager
- delegate instance to use to support this manager's SessionManager method calls.
isHttpSessionMode
public boolean isHttpSessionMode()
- Description copied from interface:
WebSecurityManager
- Security information needs to be retained from request to request, so Shiro makes use of a
session for this. Typically, a security manager will use the servlet container's HTTP session
but custom session implementations, for example based on EhCache, may also be used. This
method indicates whether the security manager is using the HTTP session or not.
- Specified by:
isHttpSessionMode
in interface WebSecurityManager
- Returns:
true
if the security manager is using the HTTP session; otherwise,
false
.- Since:
- 1.0
createSessionManager
protected SessionManager createSessionManager(String sessionMode)
createSessionContext
protected SessionContext createSessionContext(SubjectContext subjectContext)
- Overrides:
createSessionContext
in class DefaultSecurityManager
getSessionKey
protected SessionKey getSessionKey(SubjectContext context)
- Overrides:
getSessionKey
in class DefaultSecurityManager
beforeLogout
protected void beforeLogout(Subject subject)
- Overrides:
beforeLogout
in class DefaultSecurityManager
removeRequestIdentity
protected void removeRequestIdentity(Subject subject)
Copyright © 2004-2016 The Apache Software Foundation. All Rights Reserved.