Class and Description |
---|
org.apache.shiro.crypto.hash.AbstractHash
in Shiro 1.1 in favor of using the concrete
SimpleHash implementation directly. |
org.apache.shiro.cas.CasFilter
replaced with Shiro integration in buji-pac4j.
|
org.apache.shiro.cas.CasRealm
replaced with Shiro integration in buji-pac4j.
|
org.apache.shiro.cas.CasSubjectFactory
replaced with Shiro integration in buji-pac4j.
|
org.apache.shiro.cas.CasToken
replaced with Shiro integration in buji-pac4j.
|
org.apache.shiro.realm.ldap.DefaultLdapContextFactory
replaced by the
JndiLdapContextFactory implementation. This implementation will be removed
prior to Shiro 2.0 |
org.apache.shiro.config.IniFactorySupport
use Shiro's
Environment mechanisms instead. |
org.apache.shiro.config.IniSecurityManagerFactory
use Shiro's
Environment mechanisms instead. |
org.apache.shiro.web.servlet.IniShiroFilter
in 1.2 in favor of using the
ShiroFilter |
org.apache.shiro.realm.ldap.JndiLdapRealm
Renamed to
DefaultLdapRealm , this class will be removed prior to 2.0 |
org.apache.shiro.authc.credential.Md2CredentialsMatcher
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property. |
org.apache.shiro.authc.credential.Md5CredentialsMatcher
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property. |
org.apache.shiro.authc.credential.Sha1CredentialsMatcher
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property. |
org.apache.shiro.authc.credential.Sha256CredentialsMatcher
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property. |
org.apache.shiro.authc.credential.Sha384CredentialsMatcher
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property. |
org.apache.shiro.authc.credential.Sha512CredentialsMatcher
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property. |
org.apache.shiro.web.config.WebIniSecurityManagerFactory
use Shiro's
Environment mechanisms instead. |
Exceptions and Description |
---|
org.apache.shiro.cas.CasAuthenticationException
replaced with Shiro integration in buji-pac4j.
|
Field and Description |
---|
org.apache.shiro.web.mgt.DefaultWebSecurityManager.HTTP_SESSION_MODE |
org.apache.shiro.web.mgt.DefaultWebSecurityManager.NATIVE_SESSION_MODE |
Method and Description |
---|
org.apache.shiro.guice.web.ShiroWebModule.addFilterChain(String, Key<? extends Filter>...) |
org.apache.shiro.mgt.DefaultSecurityManager.bind(Subject)
in favor of
save(subject) . |
org.apache.shiro.guice.web.ShiroWebModule.config(Class<T>, String) |
org.apache.shiro.guice.web.ShiroWebModule.config(Key<T>, String) |
org.apache.shiro.guice.web.ShiroWebModule.config(TypeLiteral<T>, String) |
org.apache.shiro.web.env.EnvironmentLoader.determineWebEnvironmentClass(ServletContext)
This method is not longer used by Shiro, and will be removed in future versions,
use
EnvironmentLoader.determineWebEnvironment(ServletContext) or EnvironmentLoader.determineWebEnvironment(ServletContext) |
org.apache.shiro.realm.ldap.LdapContextFactory.getLdapContext(String, String)
the
LdapContextFactory.getLdapContext(Object, Object) method should be used in all cases to ensure more than
String principals and credentials can be used. |
org.apache.shiro.realm.ldap.JndiLdapContextFactory.getLdapContext(String, String)
the
JndiLdapContextFactory.getLdapContext(Object, Object) method should be used in all cases to ensure more than
String principals and credentials can be used. Shiro no longer calls this method - it will be
removed before the 2.0 release. |
org.apache.shiro.realm.ldap.DefaultLdapContextFactory.getLdapContext(String, String)
the
DefaultLdapContextFactory.getLdapContext(Object, Object) method should be used in all cases to ensure more than
String principals and credentials can be used. Shiro no longer calls this method - it will be
removed before the 2.0 release. |
org.apache.shiro.authc.credential.HashedCredentialsMatcher.getSalt(AuthenticationToken)
since Shiro 1.1. Hash salting is now expected to be based on if the
AuthenticationInfo
returned from the Realm is a SaltedAuthenticationInfo instance and its
getCredentialsSalt() method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm does not return
SaltedAuthenticationInfo instances, but it is highly recommended that Realm implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0. |
org.apache.shiro.web.mgt.DefaultWebSecurityManager.getSessionMode() |
org.apache.shiro.util.CollectionUtils.isEmpty(PrincipalCollection)
Use PrincipalCollection.isEmpty() directly.
|
org.apache.shiro.authc.credential.HashedCredentialsMatcher.isHashSalted()
since Shiro 1.1. Hash salting is now expected to be based on if the
AuthenticationInfo
returned from the Realm is a SaltedAuthenticationInfo instance and its
getCredentialsSalt() method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm does not return
SaltedAuthenticationInfo instances, but it is highly recommended that Realm implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0. |
org.apache.shiro.mgt.DefaultSubjectFactory.newSubjectInstance(PrincipalCollection, boolean, String, Session, SecurityManager)
since 1.2 - override
DefaultSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext) directly if you
need to instantiate a custom Subject class. |
org.apache.shiro.web.mgt.DefaultWebSubjectFactory.newSubjectInstance(PrincipalCollection, boolean, String, Session, ServletRequest, ServletResponse, SecurityManager)
since 1.2 - override
DefaultWebSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext) directly if you
need to instantiate a custom Subject class. |
org.apache.shiro.authc.credential.HashedCredentialsMatcher.setHashSalted(boolean)
since Shiro 1.1. Hash salting is now expected to be based on if the
AuthenticationInfo
returned from the Realm is a SaltedAuthenticationInfo instance and its
getCredentialsSalt() method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm does not return
SaltedAuthenticationInfo instances, but it is highly recommended that Realm implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0. |
org.apache.shiro.realm.ldap.DefaultLdapContextFactory.setSearchBase(String)
this attribute existed, but was never used in Shiro 1.x. It will be removed prior to Shiro 2.0.
|
org.apache.shiro.web.mgt.DefaultWebSecurityManager.setSessionMode(String)
since 1.2
|
org.apache.shiro.web.servlet.OncePerRequestFilter.shouldNotFilter(ServletRequest)
in favor of overriding
OncePerRequestFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
for custom behavior. This method will be removed in Shiro 2.0. |
org.apache.shiro.mgt.DefaultSecurityManager.unbind(Subject)
in Shiro 1.2 in favor of
DefaultSecurityManager.delete(org.apache.shiro.subject.Subject) |
Constructor and Description |
---|
org.apache.shiro.UnavailableSecurityManagerException(String, Throwable)
This constructor is NOT used by Shiro directly, and will be removed in the future.
|
Copyright © 2004–2017 The Apache Software Foundation. All rights reserved.