A B C D E F G H I L M N O P Q R S T U V W _ 
All Classes All Packages

A

AbstractFilter - Class in org.apache.shiro.web.servlet
Base abstract Filter simplifying Filter initialization and access to init parameters.
AbstractFilter() - Constructor for class org.apache.shiro.web.servlet.AbstractFilter
 
AbstractShiroFilter - Class in org.apache.shiro.web.servlet
Abstract base class that provides all standard Shiro request filtering behavior and expects subclasses to implement configuration-specific logic (INI, XML, .properties, etc).
AbstractShiroFilter() - Constructor for class org.apache.shiro.web.servlet.AbstractShiroFilter
 
AccessControlFilter - Class in org.apache.shiro.web.filter
Superclass for any filter that controls access to a resource and may redirect the user to the login page if they are not authenticated.
AccessControlFilter() - Constructor for class org.apache.shiro.web.filter.AccessControlFilter
 
add(int, Filter) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
add(Filter) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
addAll(int, Collection<? extends Filter>) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
addAll(Collection<? extends Filter>) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
addDefaultFilters(boolean) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
addFilter(String, Filter) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
addFilter(String, Filter) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager
Adds a filter to the 'pool' of available filters that can be used when creating filter chains.
addFilter(String, Filter, boolean) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
addFilter(String, Filter, boolean) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager
Adds a filter to the 'pool' of available filters that can be used when creating filter chains.
addFilter(String, Filter, boolean, boolean) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
addToChain(String, String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
addToChain(String, String) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager
Adds (appends) a filter to the filter chain identified by the given chainName.
addToChain(String, String, String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
addToChain(String, String, String) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager
Adds (appends) a filter to the filter chain identified by the given chainName.
AdviceFilter - Class in org.apache.shiro.web.servlet
A Servlet Filter that enables AOP-style "around" advice for a ServletRequest via preHandle, postHandle, and afterCompletion hooks.
AdviceFilter() - Constructor for class org.apache.shiro.web.servlet.AdviceFilter
 
afterBound(String, Object) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
afterCompletion(ServletRequest, ServletResponse, Exception) - Method in class org.apache.shiro.web.servlet.AdviceFilter
Called in all cases in a finally block even if preHandle returns false or if an exception is thrown during filter chain processing.
afterSessionManagerSet() - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
afterUnbound(String, Object) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
ALLOW_BACKSLASH - Static variable in class org.apache.shiro.web.util.WebUtils
 
ALREADY_FILTERED_SUFFIX - Static variable in class org.apache.shiro.web.servlet.OncePerRequestFilter
Suffix that gets appended to the filter name for the "already filtered" request attribute.
anon - org.apache.shiro.web.filter.mgt.DefaultFilter
 
AnonymousFilter - Class in org.apache.shiro.web.filter.authc
Filter that allows access to a path immeidately without performing security checks of any kind.
AnonymousFilter() - Constructor for class org.apache.shiro.web.filter.authc.AnonymousFilter
 
appendQueryProperties(StringBuilder, Map, String) - Method in class org.apache.shiro.web.util.RedirectView
Append query properties to the redirect URL.
appliedPaths - Variable in class org.apache.shiro.web.filter.PathMatchingFilter
A collection of path-to-config entries where the key is a path which this filter should process and the value is the (possibly null) configuration element specific to this Filter for that specific path.
applyChainConfig(String, Filter, String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
applyFilterChainResolver(Ini, Map<String, ?>) - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
 
applyInitParams() - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
 
applySecurityManager(Ini) - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
 
ATTRIBUTE_DELIMITER - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
authc - org.apache.shiro.web.filter.mgt.DefaultFilter
 
authcBasic - org.apache.shiro.web.filter.mgt.DefaultFilter
 
authcBearer - org.apache.shiro.web.filter.mgt.DefaultFilter
 
AuthenticatedTag - Class in org.apache.shiro.web.tags
JSP tag that renders the tag body only if the current user has executed a successful authentication attempt during their current session.
AuthenticatedTag() - Constructor for class org.apache.shiro.web.tags.AuthenticatedTag
 
AuthenticatingFilter - Class in org.apache.shiro.web.filter.authc
An AuthenticationFilter that is capable of automatically performing an authentication attempt based on the incoming request.
AuthenticatingFilter() - Constructor for class org.apache.shiro.web.filter.authc.AuthenticatingFilter
 
AuthenticationFilter - Class in org.apache.shiro.web.filter.authc
Base class for all Filters that require the current user to be authenticated.
AuthenticationFilter() - Constructor for class org.apache.shiro.web.filter.authc.AuthenticationFilter
 
AuthorizationFilter - Class in org.apache.shiro.web.filter.authz
Superclass for authorization-related filters.
AuthorizationFilter() - Constructor for class org.apache.shiro.web.filter.authz.AuthorizationFilter
 

B

BasicHttpAuthenticationFilter - Class in org.apache.shiro.web.filter.authc
Requires the requesting user to be authenticated for the request to continue, and if they're not, requires the user to login via the HTTP Basic protocol-specific challenge.
BasicHttpAuthenticationFilter() - Constructor for class org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
 
BearerHttpAuthenticationFilter - Class in org.apache.shiro.web.filter.authc
Requires the requesting user to be authenticated for the request to continue, and if they're not, requires the user to login via the HTTP Bearer protocol-specific challenge.
BearerHttpAuthenticationFilter() - Constructor for class org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter
 
beforeLogout(Subject) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
buildChains(FilterChainManager, Ini) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
Builder(ServletRequest, ServletResponse) - Constructor for class org.apache.shiro.web.subject.WebSubject.Builder
Constructs a new Web.Builder instance using the SecurityManager obtained by calling SecurityUtils.getSecurityManager().
Builder(SecurityManager, ServletRequest, ServletResponse) - Constructor for class org.apache.shiro.web.subject.WebSubject.Builder
Constructs a new Web.Builder instance using the specified SecurityManager instance to create the WebSubject instance.
buildHeaderValue(String, String, String, String, String, int, int, boolean, boolean) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
buildHeaderValue(String, String, String, String, String, int, int, boolean, boolean, Cookie.SameSiteOptions) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
buildPermissions(String[], String) - Method in class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
Builds a new array of permission strings based on the original argument, appending the specified action verb to each one per WildcardPermission conventions.
buildPermissions(HttpServletRequest, String[], String) - Method in class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
Returns a collection of String permissions with which to perform a permission check to determine if the filter will allow the request to continue.
buildWebSubject() - Method in class org.apache.shiro.web.subject.WebSubject.Builder
Returns super.buildSubject(), but additionally ensures that the returned instance is an instanceof WebSubject and to support a type-safe method so a caller does not have to cast.

C

cleanup(ServletRequest, ServletResponse, Exception) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
Overrides the default behavior to call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object) and swallow the exception if the exception is UnauthenticatedException.
cleanup(ServletRequest, ServletResponse, Exception) - Method in class org.apache.shiro.web.servlet.AdviceFilter
Executes cleanup logic in the finally code block in the doFilterInternal implementation.
clear() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
COMMENT_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
CONFIG_INIT_PARAM_NAME - Static variable in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
 
CONFIG_LOCATIONS_PARAM - Static variable in class org.apache.shiro.web.env.EnvironmentLoader
Servlet Context config param for the resource path to use for configuring the WebEnvironment instance: shiroConfigLocations
CONFIG_PATH_INIT_PARAM_NAME - Static variable in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
 
configure() - Method in class org.apache.shiro.web.env.IniWebEnvironment
 
configure() - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
 
contains(Object) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
containsAll(Collection<?>) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
contextDestroyed(ServletContextEvent) - Method in class org.apache.shiro.web.env.EnvironmentLoaderListener
Destroys any previously created/bound WebEnvironment instance created by the EnvironmentLoaderListener.contextInitialized(javax.servlet.ServletContextEvent) method.
contextInitialized(ServletContextEvent) - Method in class org.apache.shiro.web.env.EnvironmentLoaderListener
Initializes the Shiro WebEnvironment and binds it to the ServletContext at application startup for future reference.
convertConfigToIni(String) - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
 
convertPathToIni(String) - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
Converts the specified file path to an Ini instance.
Cookie - Interface in org.apache.shiro.web.servlet
Interface representing HTTP cookie operations, supporting pojo-style getters and setters for all attributes which includes HttpOnly support.
COOKIE_DATE_FORMAT_STRING - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
COOKIE_HEADER_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
COOKIE_SESSION_ID_SOURCE - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
Cookie.SameSiteOptions - Enum in org.apache.shiro.web.servlet
The SameSite attribute of the Set-Cookie HTTP response header allows you to declare if your cookie should be restricted to a first-party or same-site context.
CookieRememberMeManager - Class in org.apache.shiro.web.mgt
Remembers a Subject's identity by saving the Subject's principals to a Cookie for later retrieval.
CookieRememberMeManager() - Constructor for class org.apache.shiro.web.mgt.CookieRememberMeManager
Constructs a new CookieRememberMeManager with a default rememberMe cookie template.
copy(SubjectContext) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
createBearerToken(String, ServletRequest) - Method in class org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter
 
createChain(String, String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
createChain(String, String) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager
Creates a filter chain for the given chainName with the specified chainDefinition String.
createChains(Map<String, String>, FilterChainManager) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
createDefaultChain(String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
createDefaultChain(String) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager
Creates a chain that should match any non-matched request paths, typically /** assuming an AntPathMatcher I used.
createDefaultInstance() - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
createDefaultInstance() - Method in class org.apache.shiro.web.config.WebIniSecurityManagerFactory
Deprecated.
Simply returns new DefaultWebSecurityManager(); to ensure a web-capable SecurityManager is available by default.
createDefaults(Ini, Ini.Section) - Method in class org.apache.shiro.web.config.WebIniSecurityManagerFactory
Deprecated.
 
createDefaultSecurityManager() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
 
createEnvironment(ServletContext) - Method in class org.apache.shiro.web.env.EnvironmentLoader
Instantiates a WebEnvironment based on the specified ServletContext.
createExposedSession(Session, SessionContext) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
createExposedSession(Session, SessionKey) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
createFilterChainResolver() - Method in class org.apache.shiro.web.env.IniWebEnvironment
 
createIni(String, boolean) - Method in class org.apache.shiro.web.env.IniWebEnvironment
Creates an Ini instance reflecting the specified path, or null if the path does not exist and is not required.
createInstance(Ini) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
createInstanceMap(FilterConfig) - Static method in enum org.apache.shiro.web.filter.mgt.DefaultFilter
 
createSession(HttpSession, String) - Method in class org.apache.shiro.web.session.mgt.ServletContainerSessionManager
 
createSession(SessionContext) - Method in class org.apache.shiro.web.session.mgt.ServletContainerSessionManager
 
createSessionContext() - Method in class org.apache.shiro.web.subject.support.WebDelegatingSubject
 
createSessionContext(SubjectContext) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
createSessionManager(String) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
createSubject(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
Creates a WebSubject instance to associate with the incoming request/response pair which will be used throughout the request/response execution.
createSubject(SubjectContext) - Method in class org.apache.shiro.web.mgt.DefaultWebSubjectFactory
 
createSubjectContext() - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
createToken(String, String, boolean, String) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
 
createToken(String, String, ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
 
createToken(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
 
createToken(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
Creates an AuthenticationToken for use during login attempt with the provided credentials in the http header.
createToken(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter
Creates an AuthenticationToken for use during login attempt with the provided credentials in the http header.
createToken(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
createWebSecurityManager() - Method in class org.apache.shiro.web.env.IniWebEnvironment
 
currentRequest - Variable in class org.apache.shiro.web.servlet.ShiroHttpSession
 
customizeEnvironment(WebEnvironment) - Method in class org.apache.shiro.web.env.EnvironmentLoader
Any additional customization of the Environment can be by overriding this method.

D

DAY_MILLIS - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
decodeRequestString(HttpServletRequest, String) - Static method in class org.apache.shiro.web.util.WebUtils
Decode the given source string with a URLDecoder.
DEFAULT_CHARACTER_ENCODING - Static variable in class org.apache.shiro.web.util.WebUtils
Default character encoding to use when request.getCharacterEncoding returns null, according to the Servlet spec.
DEFAULT_ENABLED - Static variable in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
 
DEFAULT_ENCODING_SCHEME - Static variable in class org.apache.shiro.web.util.RedirectView
The default encoding scheme: UTF-8
DEFAULT_ERROR_KEY_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
DEFAULT_HTTP_PORT - Static variable in class org.apache.shiro.web.filter.authz.PortFilter
 
DEFAULT_HTTPS_PORT - Static variable in class org.apache.shiro.web.filter.authz.SslFilter
 
DEFAULT_INCLUDE_SUB_DOMAINS - Static variable in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
 
DEFAULT_LOGIN_URL - Static variable in class org.apache.shiro.web.filter.AccessControlFilter
Simple default login URL equal to /login.jsp, which can be overridden by calling the setLoginUrl method.
DEFAULT_MAX_AGE - Static variable in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
 
DEFAULT_MAX_AGE - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
-1, indicating the cookie should expire when the browser closes.
DEFAULT_PASSWORD_PARAM - Static variable in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
DEFAULT_REDIRECT_URL - Static variable in class org.apache.shiro.web.filter.authc.LogoutFilter
The default redirect URL to where the user will be redirected after logout.
DEFAULT_REMEMBER_ME_COOKIE_NAME - Static variable in class org.apache.shiro.web.mgt.CookieRememberMeManager
The default name of the underlying rememberMe cookie which is rememberMe.
DEFAULT_REMEMBER_ME_PARAM - Static variable in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
DEFAULT_SESSION_ID_NAME - Static variable in class org.apache.shiro.web.servlet.ShiroHttpSession
 
DEFAULT_SUCCESS_URL - Static variable in class org.apache.shiro.web.filter.authc.AuthenticationFilter
 
DEFAULT_USERNAME_PARAM - Static variable in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
DEFAULT_VERSION - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
-1 indicating that no version property should be set on the cookie.
DEFAULT_WEB_INI_RESOURCE_PATH - Static variable in class org.apache.shiro.web.env.IniWebEnvironment
 
DEFAULT_WEB_INI_RESOURCE_PATH - Static variable in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
 
DefaultFilter - Enum in org.apache.shiro.web.filter.mgt
Enum representing all of the default Shiro Filter instances available to web applications.
DefaultFilterChainManager - Class in org.apache.shiro.web.filter.mgt
Default FilterChainManager implementation maintaining a map of Filter instances (key: filter name, value: Filter) as well as a map of NamedFilterLists created from these Filters (key: filter chain name, value: NamedFilterList).
DefaultFilterChainManager() - Constructor for class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
DefaultFilterChainManager(FilterConfig) - Constructor for class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
DefaultWebEnvironment - Class in org.apache.shiro.web.env
Default WebEnvironment implementation based on a backing Map instance.
DefaultWebEnvironment() - Constructor for class org.apache.shiro.web.env.DefaultWebEnvironment
 
DefaultWebSecurityManager - Class in org.apache.shiro.web.mgt
Default WebSecurityManager implementation used in web-based applications or any application that requires HTTP connectivity (SOAP, http remoting, etc).
DefaultWebSecurityManager() - Constructor for class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
DefaultWebSecurityManager(Collection<Realm>) - Constructor for class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
DefaultWebSecurityManager(Realm) - Constructor for class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
DefaultWebSessionContext - Class in org.apache.shiro.web.session.mgt
Default implementation of the WebSessionContext interface which provides getters and setters that wrap interaction with the underlying backing context map.
DefaultWebSessionContext() - Constructor for class org.apache.shiro.web.session.mgt.DefaultWebSessionContext
 
DefaultWebSessionContext(Map<String, Object>) - Constructor for class org.apache.shiro.web.session.mgt.DefaultWebSessionContext
 
DefaultWebSessionManager - Class in org.apache.shiro.web.session.mgt
Web-application capable SessionManager implementation.
DefaultWebSessionManager() - Constructor for class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
DefaultWebSessionStorageEvaluator - Class in org.apache.shiro.web.mgt
A web-specific SessionStorageEvaluator that performs the same logic as the parent class DefaultSessionStorageEvaluator but additionally checks for a request-specific flag that may enable or disable session access.
DefaultWebSessionStorageEvaluator() - Constructor for class org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator
 
DefaultWebSubjectContext - Class in org.apache.shiro.web.subject.support
Default WebSubjectContext implementation that provides for additional storage and retrieval of a ServletRequest and ServletResponse.
DefaultWebSubjectContext() - Constructor for class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
 
DefaultWebSubjectContext(WebSubjectContext) - Constructor for class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
 
DefaultWebSubjectFactory - Class in org.apache.shiro.web.mgt
A SubjectFactory implementation that creates WebDelegatingSubject instances.
DefaultWebSubjectFactory() - Constructor for class org.apache.shiro.web.mgt.DefaultWebSubjectFactory
 
DELETED_COOKIE_VALUE - Static variable in interface org.apache.shiro.web.servlet.Cookie
The value of deleted cookie (with the maxAge 0).
destroy() - Method in class org.apache.shiro.web.servlet.AbstractFilter
Default no-op implementation that can be overridden by subclasses for custom cleanup behavior.
destroyEnvironment(ServletContext) - Method in class org.apache.shiro.web.env.EnvironmentLoader
Destroys the WebEnvironment for the given servlet context.
determineEncoding(HttpServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils
Determine the encoding for the given request.
determineWebEnvironment(ServletContext) - Method in class org.apache.shiro.web.env.EnvironmentLoader
Return the WebEnvironment implementation class to use, based on the order of: A custom WebEnvironment class - specified in the servletContext EnvironmentLoader.ENVIRONMENT_ATTRIBUTE_KEY property ServiceLoader.load(WebEnvironment.class) - (if more then one instance is found a ConfigurationException will be thrown A call to EnvironmentLoader.getDefaultWebEnvironmentClass() (default: IniWebEnvironment)
determineWebEnvironmentClass(ServletContext) - Method in class org.apache.shiro.web.env.EnvironmentLoader
Deprecated.
This method is not longer used by Shiro, and will be removed in future versions, use EnvironmentLoader.determineWebEnvironment(ServletContext) or EnvironmentLoader.determineWebEnvironment(ServletContext)
doFilter(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.servlet.ProxiedFilterChain
 
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter
This doFilter implementation stores a request attribute for "already filtered", proceeding without filtering again if the attribute is already there.
doFilterInternal(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
doFilterInternal implementation that sets-up, executes, and cleans-up a Shiro-filtered request.
doFilterInternal(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AdviceFilter
Actually implements the chain execution logic, utilizing pre, post, and after advice hooks.
doFilterInternal(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter
DOMAIN_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
doStartTag() - Method in class org.apache.shiro.web.tags.SecureTag
 

E

encodeRedirectUrl(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
 
encodeRedirectURL(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
Encode the session identifier associated with this response into the specified redirect URL, if necessary.
encodeUrl(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
 
encodeURL(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
Encode the session identifier associated with this response into the specified URL, if necessary.
ensureChain(String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
ENVIRONMENT_ATTRIBUTE_KEY - Static variable in class org.apache.shiro.web.env.EnvironmentLoader
 
ENVIRONMENT_CLASS_PARAM - Static variable in class org.apache.shiro.web.env.EnvironmentLoader
Servlet Context config param for specifying the WebEnvironment implementation class to use: shiroEnvironmentClass
EnvironmentLoader - Class in org.apache.shiro.web.env
An EnvironmentLoader is responsible for loading a web application's Shiro WebEnvironment (which includes the web app's WebSecurityManager) into the ServletContext at application startup.
EnvironmentLoader() - Constructor for class org.apache.shiro.web.env.EnvironmentLoader
 
EnvironmentLoaderListener - Class in org.apache.shiro.web.env
Bootstrap listener to startup and shutdown the web application's Shiro WebEnvironment at ServletContext startup and shutdown respectively.
EnvironmentLoaderListener() - Constructor for class org.apache.shiro.web.env.EnvironmentLoaderListener
 
executeChain(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
Executes a FilterChain for the given request.
executeChain(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AdviceFilter
Actually executes the specified filter chain by calling chain.doFilter(request,response);.
executeLogin(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
 
EXPIRES_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 

F

FILTER_CHAIN_RESOLVER_NAME - Static variable in class org.apache.shiro.web.env.IniWebEnvironment
 
FilterChainManager - Interface in org.apache.shiro.web.filter.mgt
A FilterChainManager manages the creation and modification of Filter chains from an available pool of Filter instances.
FilterChainResolver - Interface in org.apache.shiro.web.filter.mgt
A FilterChainResolver can resolve an appropriate FilterChain to execute during a ServletRequest.
filterConfig - Variable in class org.apache.shiro.web.servlet.AbstractFilter
FilterConfig provided by the Servlet container at start-up.
FILTERS - Static variable in class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
finalizeEnvironment(WebEnvironment) - Method in class org.apache.shiro.web.env.EnvironmentLoader
Any additional cleanup of the Environment can be done by overriding this method.
forgetIdentity(Subject) - Method in class org.apache.shiro.web.mgt.CookieRememberMeManager
Removes the 'rememberMe' cookie from the associated WebSubject's request/response pair.
forgetIdentity(SubjectContext) - Method in class org.apache.shiro.web.mgt.CookieRememberMeManager
Removes the 'rememberMe' cookie from the associated WebSubjectContext's request/response pair.
FormAuthenticationFilter - Class in org.apache.shiro.web.filter.authc
Requires the requesting user to be authenticated for the request to continue, and if they are not, forces the user to login via by redirecting them to the loginUrl you configure.
FormAuthenticationFilter() - Constructor for class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
FORWARD_CONTEXT_PATH_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
 
FORWARD_PATH_INFO_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
 
FORWARD_QUERY_STRING_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
 
FORWARD_REQUEST_URI_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
Standard Servlet 2.4+ spec request attributes for forward URI and paths.
FORWARD_SERVLET_PATH_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
 

G

get(int) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
GET_METHOD - Static variable in class org.apache.shiro.web.filter.AccessControlFilter
Constant representing the HTTP 'GET' request method, equal to GET.
getAlreadyFilteredAttributeName() - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter
Return name of the request attribute that identifies that a request has already been filtered.
getAndClearSavedRequest(ServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils
 
getAttribute(Object) - Method in class org.apache.shiro.web.session.HttpServletSession
 
getAttribute(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
getAttributeKeys() - Method in class org.apache.shiro.web.session.HttpServletSession
 
getAttributeNames() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
getChain(String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
getChain(String) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager
Returns the filter chain identified by the specified chainName or null if there is no chain with that name.
getChain(ServletRequest, ServletResponse, FilterChain) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainResolver
Returns the filter chain that should be executed for the given request, or null if the original chain should be used.
getChain(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
 
getChainNames() - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
getChainNames() - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager
Returns the names of all configured chains or an empty Set if no chains have been configured.
getCleanParam(ServletRequest, String) - Static method in class org.apache.shiro.web.util.WebUtils
Convenience method that returns a request parameter value, first running it through StringUtils.clean(String).
getComment() - Method in interface org.apache.shiro.web.servlet.Cookie
 
getComment() - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
getConfig() - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
Returns the actual INI configuration text to use to build the SecurityManager and FilterChainResolver used by the web application or null if the configPath should be used to load a fallback INI source.
getConfigLocations() - Method in class org.apache.shiro.web.env.ResourceBasedWebEnvironment
 
getConfigPath() - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
Returns the config path to be used to load a .ini file for configuration if a configuration is not specified via the config attribute.
getContext() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
 
getContextAttribute(String) - Method in class org.apache.shiro.web.servlet.ServletContextSupport
 
getContextInitParam(String) - Method in class org.apache.shiro.web.servlet.ServletContextSupport
 
getContextPath(HttpServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils
Return the context path for the given request, detecting an include request URL if called within a RequestDispatcher include.
getCookie() - Method in class org.apache.shiro.web.mgt.CookieRememberMeManager
Returns the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.
getCreationTime() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
getDefaultConfigLocations() - Method in class org.apache.shiro.web.env.IniWebEnvironment
Returns an array with two elements, /WEB-INF/shiro.ini and classpath:shiro.ini.
getDefaultIni() - Method in class org.apache.shiro.web.env.IniWebEnvironment
 
getDefaults() - Method in class org.apache.shiro.web.env.IniWebEnvironment
 
getDefaultValue() - Method in class org.apache.shiro.web.tags.PrincipalTag
 
getDefaultWebEnvironmentClass() - Method in class org.apache.shiro.web.env.EnvironmentLoader
Returns the default WebEnvironment class, which is unless overridden: IniWebEnvironment.
getDomain() - Method in interface org.apache.shiro.web.servlet.Cookie
 
getDomain() - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
getExecutionChain(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
Returns the FilterChain to execute for the given request.
getFailureKeyAttribute() - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
getFilter(String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
getFilterChainManager() - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
 
getFilterChainResolver() - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
 
getFilterChainResolver() - Method in interface org.apache.shiro.web.env.WebEnvironment
Returns the web application's FilterChainResolver if one has been configured or null if one is not available.
getFilterChainResolver() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
 
getFilterChains() - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
getFilterClass() - Method in enum org.apache.shiro.web.filter.mgt.DefaultFilter
 
getFilterConfig() - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
getFilterConfig() - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
Returns the FilterConfig provided by the Servlet container at webapp startup.
getFilterConfig() - Method in class org.apache.shiro.web.servlet.AbstractFilter
Returns the servlet container specified FilterConfig instance provided at startup.
getFilters() - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
getFilters() - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager
Returns the pool of available Filters managed by this manager, keyed by name.
getFilters(Map<String, String>, Map<String, ?>) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
getFrameworkIni() - Method in class org.apache.shiro.web.env.IniWebEnvironment
Extension point to allow subclasses to provide an Ini configuration that will be merged into the users configuration.
getGlobalFilters() - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
getHost() - Method in class org.apache.shiro.web.session.HttpServletSession
 
getHost(ServletRequest) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
Returns the host name or IP associated with the current subject.
getHsts() - Method in class org.apache.shiro.web.filter.authz.SslFilter
 
getHttpMethodAction(String) - Method in class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
Determines the corresponding application action that will be performed on the filtered resource based on the specified HTTP method (GET, POST, etc).
getHttpMethodAction(ServletRequest) - Method in class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
Determines the action (verb) attempting to be performed on the filtered resource by the current request.
getHttpMethodActions() - Method in class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
Returns the HTTP Method name (key) to action verb (value) mapping used to resolve actions based on an incoming HttpServletRequest.
getHttpRequest(Object) - Static method in class org.apache.shiro.web.util.WebUtils
 
getHttpResponse(Object) - Static method in class org.apache.shiro.web.util.WebUtils
 
getId() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
getId() - Method in class org.apache.shiro.web.session.HttpServletSession
 
getIni() - Method in class org.apache.shiro.web.env.IniWebEnvironment
Returns the Ini instance reflecting this WebEnvironment's configuration.
getInitParam(String) - Method in class org.apache.shiro.web.servlet.AbstractFilter
Returns the value for the named init-param, or null if there was no init-param specified by that name.
getKeyNames() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
getLastAccessedTime() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
getLastAccessTime() - Method in class org.apache.shiro.web.session.HttpServletSession
 
getLoginUrl() - Method in class org.apache.shiro.web.filter.AccessControlFilter
Returns the login URL used to authenticate a user.
getMaxAge() - Method in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
 
getMaxAge() - Method in interface org.apache.shiro.web.servlet.Cookie
 
getMaxAge() - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
getMaxInactiveInterval() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
getMethod() - Method in class org.apache.shiro.web.util.SavedRequest
 
getName() - Method in interface org.apache.shiro.web.filter.mgt.NamedFilterList
Returns the configuration-unique name assigned to this Filter list.
getName() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
getName() - Method in interface org.apache.shiro.web.servlet.Cookie
 
getName() - Method in class org.apache.shiro.web.servlet.NameableFilter
Returns the filter's name.
getName() - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
getName() - Method in class org.apache.shiro.web.tags.PermissionTag
 
getName() - Method in class org.apache.shiro.web.tags.RoleTag
 
getPassword(ServletRequest) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
getPasswordParam() - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
getPath() - Method in interface org.apache.shiro.web.servlet.Cookie
 
getPath() - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
getPathMatcher() - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
Returns the PatternMatcher used when determining if an incoming request's path matches a configured filter chain.
getPathWithinApplication(HttpServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils
Return the path within the web application for the given request.
getPathWithinApplication(ServletRequest) - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
Merely returns WebUtils.getPathWithinApplication(request) and can be overridden by subclasses for custom request-to-application-path resolution behavior.
getPathWithinApplication(ServletRequest) - Method in class org.apache.shiro.web.filter.PathMatchingFilter
Returns the context path within the application based on the specified request.
getPort() - Method in class org.apache.shiro.web.filter.authz.PortFilter
 
getPrincipalsAndCredentials(String, String) - Method in class org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
Returns the username and password pair based on the specified encoded String obtained from the request's authorization header.
getPrincipalsAndCredentials(String, String) - Method in class org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter
 
getProperty() - Method in class org.apache.shiro.web.tags.PrincipalTag
 
getQueryString() - Method in class org.apache.shiro.web.util.SavedRequest
 
getRedirectUrl() - Method in class org.apache.shiro.web.filter.authc.LogoutFilter
Returns the URL to where the user will be redirected after logout.
getRedirectUrl(ServletRequest, ServletResponse, Subject) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter
Returns the redirect URL to send the user after logout.
getRememberedSerializedIdentity(SubjectContext) - Method in class org.apache.shiro.web.mgt.CookieRememberMeManager
Returns a previously serialized identity byte array or null if the byte array could not be acquired.
getRememberMeParam() - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
getRemoteUser() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
getRequest() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
 
getRequest(Object) - Static method in class org.apache.shiro.web.util.WebUtils
 
getRequestedSessionId() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
getRequestUri(HttpServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils
Deprecated.
use getPathWithinApplication() to get the path minus the context path, or call HttpServletRequest.getRequestURI() directly from your code.
getRequestURI() - Method in class org.apache.shiro.web.util.SavedRequest
 
getRequestUrl() - Method in class org.apache.shiro.web.util.SavedRequest
 
getRequiredWebEnvironment(ServletContext) - Static method in class org.apache.shiro.web.util.WebUtils
Find the Shiro WebEnvironment for this web application, which is typically loaded via the EnvironmentLoaderListener.
getResponse(Object) - Static method in class org.apache.shiro.web.util.WebUtils
 
getSameSite() - Method in interface org.apache.shiro.web.servlet.Cookie
 
getSameSite() - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
getSavedRequest(ServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils
 
getScheme(String, int) - Method in class org.apache.shiro.web.filter.authz.PortFilter
 
getScheme(String, int) - Method in class org.apache.shiro.web.filter.authz.SslFilter
 
getSecurityManager() - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
 
getSecurityManager() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
 
getSecurityManagerFactory() - Method in class org.apache.shiro.web.env.IniWebEnvironment
Returns the SecurityManager factory used by this WebEnvironment.
getServletContext() - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
 
getServletContext() - Method in interface org.apache.shiro.web.env.WebEnvironment
Returns the ServletContext associated with this WebEnvironment instance.
getServletContext() - Method in class org.apache.shiro.web.servlet.ServletContextSupport
 
getServletContext() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
getServletContextIniResource(String) - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
Returns the INI instance reflecting the specified servlet context resource path or null if no resource was found.
getServletRequest() - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionContext
 
getServletRequest() - Method in interface org.apache.shiro.web.session.mgt.WebSessionContext
Returns the ServletRequest received by the servlet container triggering the creation of the Session instance.
getServletRequest() - Method in class org.apache.shiro.web.session.mgt.WebSessionKey
 
getServletRequest() - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
 
getServletRequest() - Method in class org.apache.shiro.web.subject.support.WebDelegatingSubject
 
getServletRequest() - Method in interface org.apache.shiro.web.subject.WebSubject
Returns the ServletRequest accessible when the Subject instance was created.
getServletRequest() - Method in interface org.apache.shiro.web.subject.WebSubjectContext
Returns the ServletRequest received by the servlet container triggering the creation of the Subject instance.
getServletRequest() - Method in interface org.apache.shiro.web.util.RequestPairSource
Returns the incoming ServletRequest associated with the component.
getServletResponse() - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionContext
 
getServletResponse() - Method in interface org.apache.shiro.web.session.mgt.WebSessionContext
The paired ServletResponse corresponding to the associated servletRequest.
getServletResponse() - Method in class org.apache.shiro.web.session.mgt.WebSessionKey
 
getServletResponse() - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
 
getServletResponse() - Method in class org.apache.shiro.web.subject.support.WebDelegatingSubject
 
getServletResponse() - Method in interface org.apache.shiro.web.subject.WebSubject
Returns the ServletResponse accessible when the Subject instance was created.
getServletResponse() - Method in interface org.apache.shiro.web.subject.WebSubjectContext
The paired ServletResponse corresponding to the associated servletRequest.
getServletResponse() - Method in interface org.apache.shiro.web.util.RequestPairSource
Returns the outgoing ServletResponse paired with the incoming servletRequest.
getSession() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
getSession() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
getSession(boolean) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
getSession(SessionKey) - Method in class org.apache.shiro.web.session.mgt.ServletContainerSessionManager
 
getSessionContext() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
getSessionId(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
getSessionId(SessionKey) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
getSessionIdCookie() - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
getSessionKey(SubjectContext) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
getSessionMode() - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
Deprecated.
getSpecifiedIni(String[]) - Method in class org.apache.shiro.web.env.IniWebEnvironment
 
getStartTimestamp() - Method in class org.apache.shiro.web.session.HttpServletSession
 
getSubject() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
getSubject() - Method in class org.apache.shiro.web.tags.SecureTag
 
getSubject(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.AccessControlFilter
Convenience method that acquires the Subject associated with the request.
getSubject(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter
Returns the currently executing Subject.
getSubjectPrincipal() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
getSuccessUrl() - Method in class org.apache.shiro.web.filter.authc.AuthenticationFilter
Returns the success url to use as the default location a user is sent after logging in.
getTimeout() - Method in class org.apache.shiro.web.session.HttpServletSession
 
getType() - Method in class org.apache.shiro.web.tags.PrincipalTag
 
getUnauthorizedUrl() - Method in class org.apache.shiro.web.filter.authz.AuthorizationFilter
Returns the URL to which users should be redirected if they are denied access to an underlying path or resource, or null if a raw HttpServletResponse.SC_UNAUTHORIZED response should be issued (401 Unauthorized).
getUrl() - Method in class org.apache.shiro.web.util.RedirectView
 
getUsername(ServletRequest) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
getUsernameParam() - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
getUserPrincipal() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
getValue() - Method in interface org.apache.shiro.web.servlet.Cookie
 
getValue() - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
getValue(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
getValueNames() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
getVersion() - Method in interface org.apache.shiro.web.servlet.Cookie
 
getVersion() - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
getWebEnvironment(ServletContext) - Static method in class org.apache.shiro.web.util.WebUtils
Find the Shiro WebEnvironment for this web application, which is typically loaded via EnvironmentLoaderListener.
getWebEnvironment(ServletContext, String) - Static method in class org.apache.shiro.web.util.WebUtils
Find the Shiro WebEnvironment for this web application.
getWebSecurityManager() - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
 
getWebSecurityManager() - Method in interface org.apache.shiro.web.env.WebEnvironment
Returns the web application's security manager instance.
GMT_TIME_ZONE_ID - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
GuestTag - Class in org.apache.shiro.web.tags
JSP tag that renders the tag body if the current user is not known to the system, either because they haven't logged in yet, or because they have no 'RememberMe' identity.
GuestTag() - Constructor for class org.apache.shiro.web.tags.GuestTag
 

H

HasAnyRolesTag - Class in org.apache.shiro.web.tags
Displays body content if the current user has any of the roles specified.
HasAnyRolesTag() - Constructor for class org.apache.shiro.web.tags.HasAnyRolesTag
 
hasChains() - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
hasChains() - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager
Returns true if one or more configured chains are available, false if none are configured.
HasPermissionTag - Class in org.apache.shiro.web.tags
 
HasPermissionTag() - Constructor for class org.apache.shiro.web.tags.HasPermissionTag
 
HasRoleTag - Class in org.apache.shiro.web.tags
 
HasRoleTag() - Constructor for class org.apache.shiro.web.tags.HasRoleTag
 
HostFilter - Class in org.apache.shiro.web.filter.authz
A Filter that can allow or deny access based on the host that sent the request.
HostFilter() - Constructor for class org.apache.shiro.web.filter.authz.HostFilter
 
HSTS() - Constructor for class org.apache.shiro.web.filter.authz.SslFilter.HSTS
 
HTTP_HEADER - Static variable in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
 
HTTP_ONLY_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
HTTP_SCHEME - Static variable in class org.apache.shiro.web.filter.authz.PortFilter
 
HTTP_SESSION_MODE - Static variable in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
Deprecated.
HttpMethodPermissionFilter - Class in org.apache.shiro.web.filter.authz
A filter that translates an HTTP Request's Method (eg GET, POST, etc) into an corresponding action (verb) and uses that verb to construct a permission that will be checked to determine access.
HttpMethodPermissionFilter() - Constructor for class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
Creates the filter instance with default method-to-action values in the instance's http method actions map.
HTTPS_SCHEME - Static variable in class org.apache.shiro.web.filter.authz.SslFilter
 
HttpServletSession - Class in org.apache.shiro.web.session
Session implementation that is backed entirely by a standard servlet container HttpSession instance.
HttpServletSession(HttpSession, String) - Constructor for class org.apache.shiro.web.session.HttpServletSession
 
httpSessions - Variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 

I

IDENTITY_REMOVED_KEY - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
INCLUDE_CONTEXT_PATH_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
 
INCLUDE_PATH_INFO_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
 
INCLUDE_QUERY_STRING_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
 
INCLUDE_REQUEST_URI_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
Standard Servlet 2.3+ spec request attributes for include URI and paths.
INCLUDE_SERVLET_PATH_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
 
indexOf(Object) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
IniFilterChainResolverFactory - Class in org.apache.shiro.web.config
A Factory that creates FilterChainResolver instances based on Ini configuration.
IniFilterChainResolverFactory() - Constructor for class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
IniFilterChainResolverFactory(Ini) - Constructor for class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
IniFilterChainResolverFactory(Ini, Map<String, ?>) - Constructor for class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
IniShiroFilter - Class in org.apache.shiro.web.servlet
Deprecated.
in 1.2 in favor of using the ShiroFilter
IniShiroFilter() - Constructor for class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
 
init() - Method in class org.apache.shiro.web.env.IniWebEnvironment
Initializes this instance by resolving any potential (explicit or resource-configured) Ini configuration and calling configure for actual instance configuration.
init() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
 
init() - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
 
init() - Method in class org.apache.shiro.web.servlet.ShiroFilter
Configures this instance based on the existing WebEnvironment instance available to the currently accessible servletContext.
init(FilterConfig) - Method in class org.apache.shiro.web.servlet.AbstractFilter
Sets the filter's filterConfig and then immediately calls onFilterConfigSet() to trigger any processing a subclass might wish to perform.
initEnvironment(ServletContext) - Method in class org.apache.shiro.web.env.EnvironmentLoader
Initializes Shiro's WebEnvironment instance for the specified ServletContext based on the EnvironmentLoader.CONFIG_LOCATIONS_PARAM value.
initFilter(Filter) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
Initializes the filter by calling filter.init( getFilterConfig() );.
IniWebEnvironment - Class in org.apache.shiro.web.env
WebEnvironment implementation configured by an Ini instance or Ini resource locations.
IniWebEnvironment() - Constructor for class org.apache.shiro.web.env.IniWebEnvironment
 
invalidate() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
invalidRequest - org.apache.shiro.web.filter.mgt.DefaultFilter
 
InvalidRequestFilter - Class in org.apache.shiro.web.filter
A request filter that blocks malicious requests.
InvalidRequestFilter() - Constructor for class org.apache.shiro.web.filter.InvalidRequestFilter
 
IPV4_PATTERN - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
 
IPV4_QUAD_REGEX - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
 
IPV4_REGEX - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
 
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.AccessControlFilter
Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response,mappedValue) method instead.
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
Determines whether the current subject should be allowed to make the current request.
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authc.AuthenticationFilter
Determines whether the current subject is authenticated.
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authc.UserFilter
Returns true if the request is a loginRequest or if the current subject is not null, false otherwise.
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.HostFilter
 
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter
Resolves an 'application friendly' action verb based on the HttpServletRequest's method, appends that action to each configured permission (the mappedValue argument is a String[] array), and delegates the permission check for the newly constructed permission(s) to the superclass isAccessAllowed implementation to perform the actual permission check.
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
 
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.PortFilter
 
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
 
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.SslFilter
Retains the parent method's port-matching behavior but additionally guarantees that the ServletRequest.isSecure().
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
 
isBlockBackslash() - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
 
isBlockNonAscii() - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
 
isBlockSemicolon() - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
 
isEmpty() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
isEnabled() - Method in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
 
isEnabled() - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter
Returns true if this filter should generally* execute for any request, false if it should let the request/response pass through immediately to the next element in the FilterChain.
isEnabled(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter
Returns true if this filter should filter the specified request, false if it should let the request/response pass through immediately to the next element in the FilterChain.
isEnabled(ServletRequest, ServletResponse, String, Object) - Method in class org.apache.shiro.web.filter.PathMatchingFilter
Path-matching version of the parent class's OncePerRequestFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse) method, but additionally allows for inspection of any path-specific configuration values corresponding to the specified request.
isEncodeable(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
Return true if the specified URL should be encoded with a session identifier.
isHttp(Object) - Static method in class org.apache.shiro.web.util.WebUtils
 
isHttpOnly() - Method in interface org.apache.shiro.web.servlet.Cookie
 
isHttpOnly() - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
isHttpSessionMode() - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
isHttpSessionMode() - Method in interface org.apache.shiro.web.mgt.WebSecurityManager
Security information needs to be retained from request to request, so Shiro makes use of a session for this.
isHttpSessions() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
 
isHttpSessions() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
isIncludeSubDomains() - Method in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
 
isIpv4Candidate(String) - Method in class org.apache.shiro.web.filter.authz.HostFilter
 
isLoginRequest(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.AccessControlFilter
Returns true if the incoming request is a login request, false otherwise.
isLoginSubmission(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
This default implementation merely returns true if the request is an HTTP POST, false otherwise.
isNew() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
isPermissive(Object) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
Returns true if the mappedValue contains the AuthenticatingFilter.PERMISSIVE qualifier.
isPermitted(String) - Method in class org.apache.shiro.web.tags.PermissionTag
 
isPostOnlyLogout() - Method in class org.apache.shiro.web.filter.authc.LogoutFilter
Due to browser pre-fetching, using a GET requests for logout my cause a user to be logged accidentally, for example: out while typing in an address bar.
isRememberMe(ServletRequest) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
Returns true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.
isRememberMe(ServletRequest) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
isRequestedSessionIdFromCookie() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
isRequestedSessionIdFromUrl() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
isRequestedSessionIdFromURL() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
isRequestedSessionIdValid() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
isSchemeChar(char) - Static method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
Determine if the character is allowed in the scheme of a URI.
isSecure() - Method in interface org.apache.shiro.web.servlet.Cookie
 
isSecure() - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
isServletContainerSessions() - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
This is a native session manager implementation, so this method returns false always.
isServletContainerSessions() - Method in class org.apache.shiro.web.session.mgt.ServletContainerSessionManager
This implementation always delegates to the servlet container for sessions, so this method returns true always.
isServletContainerSessions() - Method in interface org.apache.shiro.web.session.mgt.WebSessionManager
Returns true if session management and storage is managed by the underlying Servlet container or false if managed by Shiro directly (called 'native' sessions).
isSessionCreationEnabled() - Method in class org.apache.shiro.web.subject.support.WebDelegatingSubject
Returns true if session creation is allowed (as determined by the super class's {@link super#isSessionCreationEnabled()} value and no request-specific override has disabled sessions for this subject, false otherwise.
isSessionIdCookieEnabled() - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
isSessionIdUrlRewritingEnabled() - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
isSessionStorageEnabled(Subject) - Method in class org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator
Returns true if session storage is generally available (as determined by the super class's global configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled() and no request-specific override has turned off session storage, false otherwise.
isStaticSecurityManagerEnabled() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
Returns true if the constructed securityManager reference should be bound to static memory (via SecurityUtils.setSecurityManager), false otherwise.
issueRedirect(ServletRequest, ServletResponse, String) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter
Issues an HTTP redirect to the specified URL after subject logout.
issueRedirect(ServletRequest, ServletResponse, String) - Static method in class org.apache.shiro.web.util.WebUtils
Redirects the current request to a new URL based on the given parameters and default values for unspecified parameters.
issueRedirect(ServletRequest, ServletResponse, String, Map) - Static method in class org.apache.shiro.web.util.WebUtils
Redirects the current request to a new URL based on the given parameters and default values for unspecified parameters.
issueRedirect(ServletRequest, ServletResponse, String, Map, boolean) - Static method in class org.apache.shiro.web.util.WebUtils
Redirects the current request to a new URL based on the given parameters and default values for unspecified parameters.
issueRedirect(ServletRequest, ServletResponse, String, Map, boolean, boolean) - Static method in class org.apache.shiro.web.util.WebUtils
Redirects the current request to a new URL based on the given parameters.
issueSuccessRedirect(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.AuthenticationFilter
Redirects to user to the previously attempted URL after a successful login.
isTrue(ServletRequest, String) - Static method in class org.apache.shiro.web.util.WebUtils
Checks to see if a request param is considered true using a loose matching strategy for general values that indicate that something is true or enabled, etc.
isUserInRole(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
isWeb(Object) - Static method in class org.apache.shiro.web.util.WebUtils
 
iterator() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 

L

LacksPermissionTag - Class in org.apache.shiro.web.tags
 
LacksPermissionTag() - Constructor for class org.apache.shiro.web.tags.LacksPermissionTag
 
LacksRoleTag - Class in org.apache.shiro.web.tags
 
LacksRoleTag() - Constructor for class org.apache.shiro.web.tags.LacksRoleTag
 
lastIndexOf(Object) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
LAX - org.apache.shiro.web.servlet.Cookie.SameSiteOptions
Cookies are allowed to be sent with top-level navigations and will be sent along with GET requests initiated by third party website.
listIterator() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
listIterator(int) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
loadIniFromConfig() - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
 
loadIniFromPath() - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
 
logout - org.apache.shiro.web.filter.mgt.DefaultFilter
 
LogoutFilter - Class in org.apache.shiro.web.filter.authc
Simple Filter that, upon receiving a request, will immediately log-out the currently executing subject and then redirect them to a configured redirectUrl.
LogoutFilter() - Constructor for class org.apache.shiro.web.filter.authc.LogoutFilter
 

M

MAXAGE_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
mergeIni(Ini, Ini) - Method in class org.apache.shiro.web.env.IniWebEnvironment
 
MutableWebEnvironment - Interface in org.apache.shiro.web.env
A WebEnvironment that supports 'write' operations operations.

N

NAME_VALUE_DELIMITER - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
NameableFilter - Class in org.apache.shiro.web.servlet
Allows a filter to be named via JavaBeans-compatible NameableFilter.getName()/NameableFilter.setName(String) methods.
NameableFilter() - Constructor for class org.apache.shiro.web.servlet.NameableFilter
 
NamedFilterList - Interface in org.apache.shiro.web.filter.mgt
A NamedFilterList is a List of Filter instances that is uniquely identified by a name.
NATIVE_SESSION_MODE - Static variable in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
Deprecated.
newInstance() - Method in enum org.apache.shiro.web.filter.mgt.DefaultFilter
 
newSubjectContextInstance() - Method in class org.apache.shiro.web.subject.WebSubject.Builder
Overrides the parent implementation to return a new instance of a DefaultWebSubjectContext to account for the additional request/response pair.
newSubjectInstance(PrincipalCollection, boolean, String, Session, ServletRequest, ServletResponse, SecurityManager) - Method in class org.apache.shiro.web.mgt.DefaultWebSubjectFactory
Deprecated.
since 1.2 - override DefaultWebSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext) directly if you need to instantiate a custom Subject class.
NONE - org.apache.shiro.web.servlet.Cookie.SameSiteOptions
Cookies will be sent in all contexts, i.e sending cross-origin is allowed.
normalize(String) - Static method in class org.apache.shiro.web.util.WebUtils
Normalize a relative URI path that may have relative values ("/./", "/../", and so on ) it it.
noSessionCreation - org.apache.shiro.web.filter.mgt.DefaultFilter
 
NoSessionCreationFilter - Class in org.apache.shiro.web.filter.session
A PathMatchingFilter that will disable creating new Sessions during the request.
NoSessionCreationFilter() - Constructor for class org.apache.shiro.web.filter.session.NoSessionCreationFilter
 
NotAuthenticatedTag - Class in org.apache.shiro.web.tags
JSP tag that renders the tag body only if the current user has not executed a successful authentication attempt during their current session.
NotAuthenticatedTag() - Constructor for class org.apache.shiro.web.tags.NotAuthenticatedTag
 

O

onAccessDenied(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.AccessControlFilter
Processes requests where the subject was denied access as determined by the isAccessAllowed method.
onAccessDenied(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
onAccessDenied(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
 
onAccessDenied(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.UserFilter
This default implementation simply calls saveRequestAndRedirectToLogin and then immediately returns false, thereby preventing the chain from continuing so the redirect may execute.
onAccessDenied(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authz.AuthorizationFilter
Handles the response when access has been denied.
onAccessDenied(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
 
onAccessDenied(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.AccessControlFilter
Processes requests where the subject was denied access as determined by the isAccessAllowed method, retaining the mappedValue that was used during configuration.
onAccessDenied(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.PortFilter
Redirects the request to the same exact incoming URL, but with the port listed in the filter's configuration.
OncePerRequestFilter - Class in org.apache.shiro.web.servlet
Filter base class that guarantees to be just executed once per request, on any servlet container.
OncePerRequestFilter() - Constructor for class org.apache.shiro.web.servlet.OncePerRequestFilter
 
onDoStartTag() - Method in class org.apache.shiro.web.tags.AuthenticatedTag
 
onDoStartTag() - Method in class org.apache.shiro.web.tags.GuestTag
 
onDoStartTag() - Method in class org.apache.shiro.web.tags.NotAuthenticatedTag
 
onDoStartTag() - Method in class org.apache.shiro.web.tags.PermissionTag
 
onDoStartTag() - Method in class org.apache.shiro.web.tags.PrincipalTag
 
onDoStartTag() - Method in class org.apache.shiro.web.tags.RoleTag
 
onDoStartTag() - Method in class org.apache.shiro.web.tags.SecureTag
 
onDoStartTag() - Method in class org.apache.shiro.web.tags.UserTag
 
ONE_YEAR - Static variable in interface org.apache.shiro.web.servlet.Cookie
The number of seconds in one year (= 60 * 60 * 24 * 365).
onExpiration(Session, ExpiredSessionException, SessionKey) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
onFilterConfigSet() - Method in class org.apache.shiro.web.servlet.AbstractFilter
Template method to be overridden by subclasses to perform initialization logic at start-up.
onFilterConfigSet() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
 
onInvalidation(Session, InvalidSessionException, SessionKey) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
onLoginFailure(AuthenticationToken, AuthenticationException, ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
 
onLoginFailure(AuthenticationToken, AuthenticationException, ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
onLoginSuccess(AuthenticationToken, Subject, ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
 
onLoginSuccess(AuthenticationToken, Subject, ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
onLogoutRequestNotAPost(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter
This method is called when postOnlyLogout is true, and the request was NOT a POST.
onPreHandle(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.AccessControlFilter
onPreHandle(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authc.AnonymousFilter
Always returns true allowing unchecked access to the underlying path or resource.
onPreHandle(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.PathMatchingFilter
This default implementation always returns true and should be overridden by subclasses for custom logic if necessary.
onPreHandle(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.session.NoSessionCreationFilter
 
onStart(Session, SessionContext) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
Stores the Session's ID, usually as a Cookie, to associate with future requests.
onStop(Session, SessionKey) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
org.apache.shiro.web - package org.apache.shiro.web
Shiro's web support module to support security in any web-enabled application.
org.apache.shiro.web.config - package org.apache.shiro.web.config
Web-specific implementation extensions to the org.apache.shiro.config components.
org.apache.shiro.web.env - package org.apache.shiro.web.env
Web-specific Environment implementation and support.
org.apache.shiro.web.filter - package org.apache.shiro.web.filter
Base package supporting all Servlet Filter implementations used to control access to web pages and URL resources.
org.apache.shiro.web.filter.authc - package org.apache.shiro.web.filter.authc
Servlet Filter implementations specific to controlling access based on a subject's authentication status, or those that can execute authentications (log-ins) directly.
org.apache.shiro.web.filter.authz - package org.apache.shiro.web.filter.authz
Servlet Filter implementations that perform authorization (access control) checks based on the Subject's abilities (for example, role or permission checks).
org.apache.shiro.web.filter.mgt - package org.apache.shiro.web.filter.mgt
The filter 'mgt' (management) package contains components used in managing Filters that are available for filter chain construction, the filter chains themselves, as well as resolving filter chains based by name.
org.apache.shiro.web.filter.session - package org.apache.shiro.web.filter.session
 
org.apache.shiro.web.mgt - package org.apache.shiro.web.mgt
Components supporting web-specific SecurityManager implementations.
org.apache.shiro.web.servlet - package org.apache.shiro.web.servlet
Shiro-specific implementations of the Servlet API (Servlet Filters, et al).
org.apache.shiro.web.session - package org.apache.shiro.web.session
Components supporting Session management in web-enabled applications.
org.apache.shiro.web.session.mgt - package org.apache.shiro.web.session.mgt
 
org.apache.shiro.web.subject - package org.apache.shiro.web.subject
Web-specific Subject interfaces to enable Subject use in web environments.
org.apache.shiro.web.subject.support - package org.apache.shiro.web.subject.support
Supporting implementations of org.apache.shiro.web.subject package interfaces.
org.apache.shiro.web.tags - package org.apache.shiro.web.tags
Provides the Shiro JSP Tag Library implementations.
org.apache.shiro.web.util - package org.apache.shiro.web.util
 

P

parseConfig() - Method in class org.apache.shiro.web.env.IniWebEnvironment
Loads configuration Ini from ResourceBasedWebEnvironment.getConfigLocations() if set, otherwise falling back to the IniWebEnvironment.getDefaultConfigLocations().
PassThruAuthenticationFilter - Class in org.apache.shiro.web.filter.authc
An authentication filter that redirects the user to the login page when they are trying to access a protected resource.
PassThruAuthenticationFilter() - Constructor for class org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
 
PATH_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
PathConfigProcessor - Interface in org.apache.shiro.web.filter
A PathConfigProcessor processes configuration entries on a per path (url) basis.
pathMatcher - Variable in class org.apache.shiro.web.filter.PathMatchingFilter
PatternMatcher used in determining which paths to react to for a given request.
pathMatches(String, String) - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
Returns true if an incoming request path (the path argument) matches a configured filter chain path (the pattern argument), false otherwise.
PathMatchingFilter - Class in org.apache.shiro.web.filter
Base class for Filters that will process only specified paths and allow all others to pass through.
PathMatchingFilter() - Constructor for class org.apache.shiro.web.filter.PathMatchingFilter
 
PathMatchingFilterChainResolver - Class in org.apache.shiro.web.filter.mgt
A FilterChainResolver that resolves FilterChains based on url path matching, as determined by a configurable PathMatcher.
PathMatchingFilterChainResolver() - Constructor for class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
 
PathMatchingFilterChainResolver(FilterConfig) - Constructor for class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
 
pathsMatch(String, String) - Method in class org.apache.shiro.web.filter.PathMatchingFilter
Returns true if the path matches the specified pattern string, false otherwise.
pathsMatch(String, ServletRequest) - Method in class org.apache.shiro.web.filter.PathMatchingFilter
Returns true if the incoming request matches the specified path pattern, false otherwise.
PermissionsAuthorizationFilter - Class in org.apache.shiro.web.filter.authz
Filter that allows access if the current user has the permissions specified by the mapped value, or denies access if the user does not have all of the permissions specified.
PermissionsAuthorizationFilter() - Constructor for class org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
 
PermissionTag - Class in org.apache.shiro.web.tags
 
PermissionTag() - Constructor for class org.apache.shiro.web.tags.PermissionTag
 
PERMISSIVE - Static variable in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
 
perms - org.apache.shiro.web.filter.mgt.DefaultFilter
 
port - org.apache.shiro.web.filter.mgt.DefaultFilter
 
PortFilter - Class in org.apache.shiro.web.filter.authz
A Filter that requires the request to be on a specific port, and if not, redirects to the same URL on that port.
PortFilter() - Constructor for class org.apache.shiro.web.filter.authz.PortFilter
 
POST_METHOD - Static variable in class org.apache.shiro.web.filter.AccessControlFilter
Constant representing the HTTP 'POST' request method, equal to POST.
postHandle(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authz.SslFilter
If HTTP Strict Transport Security (HSTS) is enabled the HTTP header will be written, otherwise this method does nothing.
postHandle(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.servlet.AdviceFilter
Allows 'post' advice logic to be called, but only if no exception occurs during filter chain execution.
preHandle(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter
Acquires the currently executing subject, a potentially Subject or request-specific redirectUrl, and redirects the end-user to that redirect url.
preHandle(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.PathMatchingFilter
Implementation that handles path-matching behavior before a request is evaluated.
preHandle(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.servlet.AdviceFilter
Returns true if the filter chain should be allowed to continue, false otherwise.
prepareServletRequest(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
Prepares the ServletRequest instance that will be passed to the FilterChain for request processing.
prepareServletResponse(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
Prepares the ServletResponse instance that will be passed to the FilterChain for request processing.
PrincipalTag - Class in org.apache.shiro.web.tags
Tag used to print out the String value of a user's default principal, or a specific principal as specified by the tag's attributes.
PrincipalTag() - Constructor for class org.apache.shiro.web.tags.PrincipalTag
 
PRIVATE_CLASS_A_REGEX - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
 
PRIVATE_CLASS_B_REGEX - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
 
PRIVATE_CLASS_B_SUBSET - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
 
PRIVATE_CLASS_C_REGEX - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
 
processPathConfig(String, String) - Method in interface org.apache.shiro.web.filter.PathConfigProcessor
Processes the specified config, unique to the given path, and returns the Filter that should execute for that path/config combination.
processPathConfig(String, String) - Method in class org.apache.shiro.web.filter.PathMatchingFilter
Splits any comma-delmited values that might be found in the config argument and sets the resulting String[] array on the appliedPaths internal Map.
ProxiedFilterChain - Class in org.apache.shiro.web.servlet
A proxied filter chain is a FilterChain instance that proxies an original FilterChain as well as a List of other Filters that might need to execute prior to the final wrapped original chain.
ProxiedFilterChain(FilterChain, List<Filter>) - Constructor for class org.apache.shiro.web.servlet.ProxiedFilterChain
 
proxy(FilterChain) - Method in interface org.apache.shiro.web.filter.mgt.NamedFilterList
Returns a new FilterChain instance that will first execute this list's Filters (in list order) and end with the execution of the given filterChain instance.
proxy(FilterChain) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
proxy(FilterChain, String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
proxy(FilterChain, String) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager
Proxies the specified original FilterChain with the named chain.
putValue(String, Object) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 

Q

queryProperties(Map) - Method in class org.apache.shiro.web.util.RedirectView
Determine name-value pairs for query strings, which will be stringified, URL-encoded and formatted by appendQueryProperties.

R

readValue(HttpServletRequest, HttpServletResponse) - Method in interface org.apache.shiro.web.servlet.Cookie
 
readValue(HttpServletRequest, HttpServletResponse) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
redirectToLogin(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.AccessControlFilter
Convenience method for subclasses that merely acquires the getLoginUrl and redirects the request to that url.
redirectToSavedRequest(ServletRequest, ServletResponse, String) - Static method in class org.apache.shiro.web.util.WebUtils
Redirects the to the request url from a previously saved request, or if there is no saved request, redirects the end user to the specified fallbackUrl.
RedirectView - Class in org.apache.shiro.web.util
View that redirects to an absolute, context relative, or current request relative URL, exposing all model attributes as HTTP query parameters.
RedirectView() - Constructor for class org.apache.shiro.web.util.RedirectView
Constructor for use as a bean.
RedirectView(String) - Constructor for class org.apache.shiro.web.util.RedirectView
Create a new RedirectView with the given URL.
RedirectView(String, boolean) - Constructor for class org.apache.shiro.web.util.RedirectView
Create a new RedirectView with the given URL.
RedirectView(String, boolean, boolean) - Constructor for class org.apache.shiro.web.util.RedirectView
Create a new RedirectView with the given URL.
REFERENCED_SESSION_ID - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
REFERENCED_SESSION_ID_IS_VALID - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
REFERENCED_SESSION_ID_SOURCE - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
REFERENCED_SESSION_IS_NEW - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
registerFilters(Map<String, Filter>, FilterChainManager) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
rememberSerializedIdentity(Subject, byte[]) - Method in class org.apache.shiro.web.mgt.CookieRememberMeManager
Base64-encodes the specified serialized byte array and sets that base64-encoded String as the cookie value.
remove(int) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
remove(Object) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
removeAll(Collection<?>) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
removeAttribute(Object) - Method in class org.apache.shiro.web.session.HttpServletSession
 
removeAttribute(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
removeContextAttribute(String) - Method in class org.apache.shiro.web.servlet.ServletContextSupport
 
removeFrom(HttpServletRequest, HttpServletResponse) - Method in interface org.apache.shiro.web.servlet.Cookie
 
removeFrom(HttpServletRequest, HttpServletResponse) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
removeRequestIdentity(Subject) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
removeValue(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
renderMergedOutputModel(Map, HttpServletRequest, HttpServletResponse) - Method in class org.apache.shiro.web.util.RedirectView
Convert model to request parameters and redirect to the given URL.
RequestPairSource - Interface in org.apache.shiro.web.util
A RequestPairSource is a component that can supply a ServletRequest and ServletResponse pair associated with a currently executing request.
resolveHost() - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
 
resolveServletRequest() - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
 
resolveServletRequest() - Method in interface org.apache.shiro.web.subject.WebSubjectContext
 
resolveServletResponse() - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
 
resolveServletResponse() - Method in interface org.apache.shiro.web.subject.WebSubjectContext
 
ResourceBasedWebEnvironment - Class in org.apache.shiro.web.env
Abstract implementation for WebEnvironments that can be initialized via resource paths (config files).
ResourceBasedWebEnvironment() - Constructor for class org.apache.shiro.web.env.ResourceBasedWebEnvironment
 
rest - org.apache.shiro.web.filter.mgt.DefaultFilter
 
retainAll(Collection<?>) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
roles - org.apache.shiro.web.filter.mgt.DefaultFilter
 
RolesAuthorizationFilter - Class in org.apache.shiro.web.filter.authz
Filter that allows access if the current user has the roles specified by the mapped value, or denies access if the user does not have all of the roles specified.
RolesAuthorizationFilter() - Constructor for class org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
 
RoleTag - Class in org.apache.shiro.web.tags
 
RoleTag() - Constructor for class org.apache.shiro.web.tags.RoleTag
 
ROOT_PATH - Static variable in interface org.apache.shiro.web.servlet.Cookie
Root path to use when the path hasn't been set and request context root is empty or null.

S

SAME_SITE_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
SAVED_REQUEST_KEY - Static variable in class org.apache.shiro.web.util.WebUtils
Session key used to save a request and later restore it, for example when redirecting to a requested page after login, equal to shiroSavedRequest.
SavedRequest - Class in org.apache.shiro.web.util
Maintains request data for a request that was redirected, so that after authentication the user can be redirected to the originally requested page.
SavedRequest(HttpServletRequest) - Constructor for class org.apache.shiro.web.util.SavedRequest
Constructs a new instance from the given HTTP request.
saveRequest(ServletRequest) - Method in class org.apache.shiro.web.filter.AccessControlFilter
Convenience method merely delegates to WebUtils.saveRequest(request) to save the request state for reuse later.
saveRequest(ServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils
 
saveRequestAndRedirectToLogin(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.AccessControlFilter
Convenience method for subclasses to use when a login redirect is required.
saveTo(HttpServletRequest, HttpServletResponse) - Method in interface org.apache.shiro.web.servlet.Cookie
 
saveTo(HttpServletRequest, HttpServletResponse) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
SECURE_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 
SecureTag - Class in org.apache.shiro.web.tags
 
SecureTag() - Constructor for class org.apache.shiro.web.tags.SecureTag
 
sendRedirect(HttpServletRequest, HttpServletResponse, String, boolean) - Method in class org.apache.shiro.web.util.RedirectView
Send a redirect back to the HTTP client
SERVLET_REQUEST_KEY - Static variable in class org.apache.shiro.web.util.WebUtils
 
SERVLET_RESPONSE_KEY - Static variable in class org.apache.shiro.web.util.WebUtils
 
ServletContainerSessionManager - Class in org.apache.shiro.web.session.mgt
SessionManager implementation providing Session implementations that are merely wrappers for the Servlet container's HttpSession.
ServletContainerSessionManager() - Constructor for class org.apache.shiro.web.session.mgt.ServletContainerSessionManager
 
servletContext - Variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
servletContext - Variable in class org.apache.shiro.web.servlet.ShiroHttpSession
 
ServletContextSupport - Class in org.apache.shiro.web.servlet
Base implementation for any components that need to access the web application's ServletContext.
ServletContextSupport() - Constructor for class org.apache.shiro.web.servlet.ServletContextSupport
 
session - Variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
session - Variable in class org.apache.shiro.web.servlet.ShiroHttpSession
 
SESSION_ID_URL_REWRITING_ENABLED - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
set(int, Filter) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
setAttribute(Object, Object) - Method in class org.apache.shiro.web.session.HttpServletSession
 
setAttribute(String, Object) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
setAuthorizedHosts(String) - Method in class org.apache.shiro.web.filter.authz.HostFilter
 
setBlockBackslash(boolean) - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
 
setBlockNonAscii(boolean) - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
 
setBlockSemicolon(boolean) - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
 
setComment(String) - Method in interface org.apache.shiro.web.servlet.Cookie
 
setComment(String) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
setConfig(String) - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
Sets the actual INI configuration text to use to build the SecurityManager and FilterChainResolver used by the web application.
setConfigLocations(String) - Method in class org.apache.shiro.web.env.ResourceBasedWebEnvironment
 
setConfigLocations(String[]) - Method in class org.apache.shiro.web.env.ResourceBasedWebEnvironment
 
setConfigPath(String) - Method in class org.apache.shiro.web.servlet.IniShiroFilter
Deprecated.
Sets the config path to be used to load a .ini file for configuration if a configuration is not specified via the config attribute.
setContext(ServletContext) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
 
setContextAttribute(String, Object) - Method in class org.apache.shiro.web.servlet.ServletContextSupport
 
setContextRelative(boolean) - Method in class org.apache.shiro.web.util.RedirectView
Set whether to interpret a given URL that starts with a slash ("/") as relative to the current ServletContext, i.e.
setCookie(Cookie) - Method in class org.apache.shiro.web.mgt.CookieRememberMeManager
Sets the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.
setDefaultValue(String) - Method in class org.apache.shiro.web.tags.PrincipalTag
 
setDeniedHosts(String) - Method in class org.apache.shiro.web.filter.authz.HostFilter
 
setDomain(String) - Method in interface org.apache.shiro.web.servlet.Cookie
 
setDomain(String) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
setEnabled(boolean) - Method in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
 
setEnabled(boolean) - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter
Sets whether or not this filter generally executes for any request.
setEncodingScheme(String) - Method in class org.apache.shiro.web.util.RedirectView
Set the encoding scheme for this view.
setFailureAttribute(ServletRequest, AuthenticationException) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
setFailureKeyAttribute(String) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
setFilterChainManager(FilterChainManager) - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
 
setFilterChainResolver(FilterChainResolver) - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
 
setFilterChainResolver(FilterChainResolver) - Method in interface org.apache.shiro.web.env.MutableWebEnvironment
Sets the WebEnvironment's FilterChainResolver.
setFilterChainResolver(FilterChainResolver) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
 
setFilterChains(Map<String, NamedFilterList>) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
setFilterConfig(FilterConfig) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
setFilterConfig(FilterConfig) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
Sets the FilterConfig provided by the Servlet container at webapp startup.
setFilterConfig(FilterConfig) - Method in class org.apache.shiro.web.servlet.AbstractFilter
Sets the FilterConfig and the ServletContext as attributes of this class for use by subclasses.
setFilters(Map<String, Filter>) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
setGlobalFilters(List<String>) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
setGlobalFilters(List<String>) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
 
setGlobalFilters(List<String>) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager
Configures the set of named filters that will match all paths.
setHost(String) - Method in class org.apache.shiro.web.session.HttpServletSession
 
setHsts(SslFilter.HSTS) - Method in class org.apache.shiro.web.filter.authz.SslFilter
 
setHttp10Compatible(boolean) - Method in class org.apache.shiro.web.util.RedirectView
Set whether to stay compatible with HTTP 1.0 clients.
setHttpOnly(boolean) - Method in interface org.apache.shiro.web.servlet.Cookie
 
setHttpOnly(boolean) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
setIncludeSubDomains(boolean) - Method in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
 
setIni(Ini) - Method in class org.apache.shiro.web.env.IniWebEnvironment
Allows for configuration via a direct Ini instance instead of via config locations.
setLoginUrl(String) - Method in class org.apache.shiro.web.filter.AccessControlFilter
Sets the login URL used to authenticate a user.
setLoginUrl(String) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
 
setMaxAge(int) - Method in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
 
setMaxAge(int) - Method in interface org.apache.shiro.web.servlet.Cookie
 
setMaxAge(int) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
setMaxInactiveInterval(int) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
 
setName(String) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
setName(String) - Method in interface org.apache.shiro.web.servlet.Cookie
 
setName(String) - Method in class org.apache.shiro.web.servlet.NameableFilter
Sets the filter's name.
setName(String) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
setName(String) - Method in class org.apache.shiro.web.tags.PermissionTag
 
setName(String) - Method in class org.apache.shiro.web.tags.RoleTag
 
setPasswordParam(String) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
Sets the request parameter name to look for when acquiring the password.
setPath(String) - Method in interface org.apache.shiro.web.servlet.Cookie
 
setPath(String) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
setPathMatcher(PatternMatcher) - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
Sets the PatternMatcher used when determining if an incoming request's path matches a configured filter chain.
setPort(int) - Method in class org.apache.shiro.web.filter.authz.PortFilter
 
setPostOnlyLogout(boolean) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter
Due to browser pre-fetching, using a GET requests for logout my cause a user to be logged accidentally, for example: out while typing in an address bar.
setProperty(String) - Method in class org.apache.shiro.web.tags.PrincipalTag
 
setRedirectUrl(String) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter
Sets the URL to where the user will be redirected after logout.
setRememberMeParam(String) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
Sets the request parameter name to look for when acquiring the rememberMe boolean value.
setRequest(ServletRequest) - Method in class org.apache.shiro.web.subject.WebSubject.Builder
Called by the WebSubject.Builder constructor, this method places the request object in the context map for later retrieval.
setRequest(ShiroHttpServletRequest) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
 
setResponse(ServletResponse) - Method in class org.apache.shiro.web.subject.WebSubject.Builder
Called by the WebSubject.Builder constructor, this method places the response object in the context map for later retrieval.
setSameSite(Cookie.SameSiteOptions) - Method in interface org.apache.shiro.web.servlet.Cookie
 
setSameSite(Cookie.SameSiteOptions) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
setSecure(boolean) - Method in interface org.apache.shiro.web.servlet.Cookie
 
setSecure(boolean) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
setSecurityManager(SecurityManager) - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
 
setSecurityManager(WebSecurityManager) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
 
setSecurityManagerFactory(WebIniSecurityManagerFactory) - Method in class org.apache.shiro.web.env.IniWebEnvironment
Allows for setting the SecurityManager factory which will be used to create the SecurityManager.
setServletContext(ServletContext) - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
 
setServletContext(ServletContext) - Method in interface org.apache.shiro.web.env.MutableWebEnvironment
Sets the WebEnvironment's associated ServletContext instance.
setServletContext(ServletContext) - Method in class org.apache.shiro.web.servlet.ServletContextSupport
 
setServletRequest(ServletRequest) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionContext
 
setServletRequest(ServletRequest) - Method in interface org.apache.shiro.web.session.mgt.WebSessionContext
Sets the ServletRequest received by the servlet container triggering the creation of the Session instance.
setServletRequest(ServletRequest) - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
 
setServletRequest(ServletRequest) - Method in interface org.apache.shiro.web.subject.WebSubjectContext
Sets the ServletRequest received by the servlet container triggering the creation of the Subject instance.
setServletResponse(ServletResponse) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionContext
 
setServletResponse(ServletResponse) - Method in interface org.apache.shiro.web.session.mgt.WebSessionContext
Sets the paired ServletResponse corresponding to the associated servletRequest.
setServletResponse(ServletResponse) - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
 
setServletResponse(ServletResponse) - Method in interface org.apache.shiro.web.subject.WebSubjectContext
Sets the paired ServletResponse corresponding to the associated servletRequest.
setSessionIdCookie(Cookie) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
setSessionIdCookieEnabled(boolean) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
setSessionIdUrlRewritingEnabled(boolean) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
 
setSessionManager(SessionManager) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
setSessionMode(String) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
Deprecated.
since 1.2
setStaticSecurityManagerEnabled(boolean) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
Sets if the constructed securityManager reference should be bound to static memory (via SecurityUtils.setSecurityManager).
setSubjectDAO(SubjectDAO) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
 
setSuccessUrl(String) - Method in class org.apache.shiro.web.filter.authc.AuthenticationFilter
Sets the default/fallback success url to use as the default location a user is sent after logging in.
setTimeout(long) - Method in class org.apache.shiro.web.session.HttpServletSession
 
setType(String) - Method in class org.apache.shiro.web.tags.PrincipalTag
 
setUnauthorizedUrl(String) - Method in class org.apache.shiro.web.filter.authz.AuthorizationFilter
Sets the URL to which users should be redirected if they are denied access to an underlying path or resource.
setUrl(String) - Method in class org.apache.shiro.web.util.RedirectView
 
setUsernameParam(String) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
Sets the request parameter name to look for when acquiring the username.
setValue(String) - Method in interface org.apache.shiro.web.servlet.Cookie
 
setValue(String) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
setVersion(int) - Method in interface org.apache.shiro.web.servlet.Cookie
 
setVersion(int) - Method in class org.apache.shiro.web.servlet.SimpleCookie
 
setWebSecurityManager(WebSecurityManager) - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
 
setWebSecurityManager(WebSecurityManager) - Method in interface org.apache.shiro.web.env.MutableWebEnvironment
Sets the WebEnvironment's WebSecurityManager.
ShiroFilter - Class in org.apache.shiro.web.servlet
Primary Shiro Filter for web applications configuring Shiro via Servlet <listener> in web.xml.
ShiroFilter() - Constructor for class org.apache.shiro.web.servlet.ShiroFilter
 
ShiroHttpServletRequest - Class in org.apache.shiro.web.servlet
A ShiroHttpServletRequest wraps the Servlet container's original ServletRequest instance, but ensures that all HttpServletRequest invocations that require Shiro's support (getRemoteUser, getSession, etc) can be executed first by Shiro as necessary before allowing the underlying Servlet container instance's method to be invoked.
ShiroHttpServletRequest(HttpServletRequest, ServletContext, boolean) - Constructor for class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
ShiroHttpServletResponse - Class in org.apache.shiro.web.servlet
HttpServletResponse implementation to support URL Encoding of Shiro Session IDs.
ShiroHttpServletResponse(HttpServletResponse, ServletContext, ShiroHttpServletRequest) - Constructor for class org.apache.shiro.web.servlet.ShiroHttpServletResponse
 
ShiroHttpSession - Class in org.apache.shiro.web.servlet
Wrapper class that uses a Shiro Session under the hood for all session operations instead of the Servlet Container's session mechanism.
ShiroHttpSession(Session, HttpServletRequest, ServletContext) - Constructor for class org.apache.shiro.web.servlet.ShiroHttpSession
 
shouldNotFilter(ServletRequest) - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter
Deprecated.
in favor of overriding OncePerRequestFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse) for custom behavior. This method will be removed in Shiro 2.0.
showTagBody(String) - Method in class org.apache.shiro.web.tags.HasAnyRolesTag
 
showTagBody(String) - Method in class org.apache.shiro.web.tags.HasPermissionTag
 
showTagBody(String) - Method in class org.apache.shiro.web.tags.HasRoleTag
 
showTagBody(String) - Method in class org.apache.shiro.web.tags.LacksPermissionTag
 
showTagBody(String) - Method in class org.apache.shiro.web.tags.LacksRoleTag
 
showTagBody(String) - Method in class org.apache.shiro.web.tags.PermissionTag
 
showTagBody(String) - Method in class org.apache.shiro.web.tags.RoleTag
 
SimpleCookie - Class in org.apache.shiro.web.servlet
Default Cookie implementation.
SimpleCookie() - Constructor for class org.apache.shiro.web.servlet.SimpleCookie
 
SimpleCookie(String) - Constructor for class org.apache.shiro.web.servlet.SimpleCookie
 
SimpleCookie(Cookie) - Constructor for class org.apache.shiro.web.servlet.SimpleCookie
 
SimpleNamedFilterList - Class in org.apache.shiro.web.filter.mgt
Simple NamedFilterList implementation that is supported by a backing List instance and a simple name property.
SimpleNamedFilterList(String) - Constructor for class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
Creates a new SimpleNamedFilterList instance with the specified name, defaulting to a new ArrayList instance as the backing list.
SimpleNamedFilterList(String, List<Filter>) - Constructor for class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
Creates a new SimpleNamedFilterList instance with the specified name and backingList.
size() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
splitChainDefinition(String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
Splits the comma-delimited filter chain definition line into individual filter definition tokens.
ssl - org.apache.shiro.web.filter.mgt.DefaultFilter
 
SslFilter - Class in org.apache.shiro.web.filter.authz
Filter which requires a request to be over SSL.
SslFilter() - Constructor for class org.apache.shiro.web.filter.authz.SslFilter
 
SslFilter.HSTS - Class in org.apache.shiro.web.filter.authz
Helper class for HTTP Strict Transport Security (HSTS)
start(SessionContext) - Method in class org.apache.shiro.web.session.mgt.ServletContainerSessionManager
 
stop() - Method in class org.apache.shiro.web.session.HttpServletSession
 
STRICT - org.apache.shiro.web.servlet.Cookie.SameSiteOptions
Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites.
subList(int, int) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 

T

toArray() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
toArray(T[]) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
 
toEncoded(String, String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
Return the specified URL with the specified session identifier suitably encoded.
toHttp(ServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils
A convenience method that merely casts the incoming ServletRequest to an HttpServletRequest:
toHttp(ServletResponse) - Static method in class org.apache.shiro.web.util.WebUtils
A convenience method that merely casts the incoming ServletResponse to an HttpServletResponse:
toNameConfigPair(String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
Based on the given filter chain definition token (e.g.
toPort(Object) - Method in class org.apache.shiro.web.filter.authz.PortFilter
 
toString() - Method in class org.apache.shiro.web.servlet.ServletContextSupport
It is highly recommended not to override this method directly, and instead override the toStringBuilder() method, a better-performing alternative.
toStringBuilder() - Method in class org.apache.shiro.web.servlet.NameableFilter
Returns a StringBuilder instance with the name, or if the name is null, just the super.toStringBuilder() instance.
toStringBuilder() - Method in class org.apache.shiro.web.servlet.ServletContextSupport
Same concept as toString(), but returns a StringBuilder instance instead.
touch() - Method in class org.apache.shiro.web.session.HttpServletSession
 

U

updateSessionLastAccessTime(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
Updates any 'native' Session's last access time that might exist to the timestamp when this method is called.
URL_SESSION_ID_SOURCE - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
 
urlEncode(String, String) - Method in class org.apache.shiro.web.util.RedirectView
URL-encode the given input String with the given encoding scheme, using URLEncoder.encode(input, enc).
URLS - Static variable in class org.apache.shiro.web.config.IniFilterChainResolverFactory
 
user - org.apache.shiro.web.filter.mgt.DefaultFilter
 
UserFilter - Class in org.apache.shiro.web.filter.authc
Filter that allows access to resources if the accessor is a known user, which is defined as having a known principal.
UserFilter() - Constructor for class org.apache.shiro.web.filter.authc.UserFilter
 
UserTag - Class in org.apache.shiro.web.tags
JSP tag that renders the tag body if the current user known to the system, either from a successful login attempt (not necessarily during the current session) or from 'RememberMe' services.
UserTag() - Constructor for class org.apache.shiro.web.tags.UserTag
 

V

valueOf(String) - Static method in enum org.apache.shiro.web.filter.mgt.DefaultFilter
Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum org.apache.shiro.web.servlet.Cookie.SameSiteOptions
Returns the enum constant of this type with the specified name.
values() - Static method in enum org.apache.shiro.web.filter.mgt.DefaultFilter
Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum org.apache.shiro.web.servlet.Cookie.SameSiteOptions
Returns an array containing the constants of this enum type, in the order they are declared.
verifyAttributes() - Method in class org.apache.shiro.web.tags.PermissionTag
 
verifyAttributes() - Method in class org.apache.shiro.web.tags.SecureTag
 
VERSION_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
 

W

WebDelegatingSubject - Class in org.apache.shiro.web.subject.support
Default WebSubject implementation that additional ensures the ability to retain a servlet request/response pair to be used by internal shiro components as necessary during the request execution.
WebDelegatingSubject(PrincipalCollection, boolean, String, Session, boolean, ServletRequest, ServletResponse, SecurityManager) - Constructor for class org.apache.shiro.web.subject.support.WebDelegatingSubject
 
WebDelegatingSubject(PrincipalCollection, boolean, String, Session, ServletRequest, ServletResponse, SecurityManager) - Constructor for class org.apache.shiro.web.subject.support.WebDelegatingSubject
 
WebEnvironment - Interface in org.apache.shiro.web.env
A web-specific Environment instance, used in web applications.
WebIniSecurityManagerFactory - Class in org.apache.shiro.web.config
Deprecated.
use Shiro's Environment mechanisms instead.
WebIniSecurityManagerFactory() - Constructor for class org.apache.shiro.web.config.WebIniSecurityManagerFactory
Deprecated.
Creates a new WebIniSecurityManagerFactory instance which will construct web-capable SecurityManager instances.
WebIniSecurityManagerFactory(Ini) - Constructor for class org.apache.shiro.web.config.WebIniSecurityManagerFactory
Deprecated.
Creates a new WebIniSecurityManagerFactory instance which will construct web-capable SecurityManager instances.
WebSecurityManager - Interface in org.apache.shiro.web.mgt
This interface represents a SecurityManager implementation that can used in web-enabled applications.
WebSessionContext - Interface in org.apache.shiro.web.session.mgt
A WebSubjectContext is a SessionContext that additionally provides for type-safe methods to set and retrieve a ServletRequest and ServletResponse, as the request/response pair will often need to be referenced during construction of web-initiated Session instances.
WebSessionKey - Class in org.apache.shiro.web.session.mgt
A SessionKey implementation that also retains the ServletRequest and ServletResponse associated with the web request that is performing the session lookup.
WebSessionKey(Serializable, ServletRequest, ServletResponse) - Constructor for class org.apache.shiro.web.session.mgt.WebSessionKey
 
WebSessionKey(ServletRequest, ServletResponse) - Constructor for class org.apache.shiro.web.session.mgt.WebSessionKey
 
WebSessionManager - Interface in org.apache.shiro.web.session.mgt
SessionManager specific to web-enabled applications.
WebSubject - Interface in org.apache.shiro.web.subject
A WebSubject represents a Subject instance that was acquired as a result of an incoming ServletRequest.
WebSubject.Builder - Class in org.apache.shiro.web.subject
A WebSubject.Builder performs the same function as a Subject.Builder, but additionally ensures that the Servlet request/response pair that is triggering the Subject instance's creation is retained for use by internal Shiro components as necessary.
WebSubjectContext - Interface in org.apache.shiro.web.subject
A WebSubjectContext is a SubjectContext that additionally provides for type-safe methods to set and retrieve a ServletRequest and ServletResponse.
WebUtils - Class in org.apache.shiro.web.util
Simple utility class for operations used across multiple class hierarchies in the web framework code.
WebUtils() - Constructor for class org.apache.shiro.web.util.WebUtils
 
wrapServletRequest(HttpServletRequest) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
Wraps the original HttpServletRequest in a ShiroHttpServletRequest, which is required for supporting Servlet Specification behavior backed by a Subject instance.
wrapServletResponse(HttpServletResponse, ShiroHttpServletRequest) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
Returns a new ShiroHttpServletResponse instance, wrapping the orig argument, in order to provide correct URL rewriting behavior required by the Servlet Specification when using Shiro-based sessions (and not Servlet Container HTTP-based sessions).

_

_isSessionCreationEnabled(Object) - Static method in class org.apache.shiro.web.util.WebUtils
Returns true if a session is allowed to be created for a subject-associated request, false otherwise.
_isSessionCreationEnabled(ServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils
Returns true if a session is allowed to be created for a subject-associated request, false otherwise.
A B C D E F G H I L M N O P Q R S T U V W _ 
All Classes All Packages