DefaultWebSecurityManager (Apache Shiro

java.lang.Object
- org.apache.shiro.mgt.CachingSecurityManager
- - org.apache.shiro.mgt.RealmSecurityManager
  - - org.apache.shiro.mgt.AuthenticatingSecurityManager
    - - org.apache.shiro.mgt.AuthorizingSecurityManager
      - org.apache.shiro.mgt.SessionsSecurityManager
        
        org.apache.shiro.mgt.DefaultSecurityManager
        
        org.apache.shiro.web.mgt.DefaultWebSecurityManager

All Implemented Interfaces:

Authenticator, Authorizer, CacheManagerAware, SecurityManager, SessionManager, Destroyable, WebSecurityManager
```
public class DefaultWebSecurityManager
extends DefaultSecurityManager
implements WebSecurityManager
```
Default WebSecurityManager implementation used in web-based applications or any application that requires HTTP connectivity (SOAP, http remoting, etc).

Since:

0.2

Field Summary

Fields
Modifier and Type Field and Description

static String HTTP_SESSION_MODE
Deprecated.

static String NATIVE_SESSION_MODE
Deprecated.
- Fields inherited from class org.apache.shiro.mgt.DefaultSecurityManager
  rememberMeManager, subjectDAO, subjectFactory

Fields
Modifier and Type	Field and Description
`static String`	`HTTP_SESSION_MODE` Deprecated.
`static String`	`NATIVE_SESSION_MODE` Deprecated.

Constructor Summary

Constructors
Constructor and Description

DefaultWebSecurityManager()

DefaultWebSecurityManager(Collection<Realm> realms)

DefaultWebSecurityManager(Realm singleRealm)

Constructors
Constructor and Description
`DefaultWebSecurityManager()`
`DefaultWebSecurityManager(Collection<Realm> realms)`
`DefaultWebSecurityManager(Realm singleRealm)`

Method Summary

All Methods Instance Methods Concrete Methods Deprecated Methods
Modifier and Type	Method and Description
`protected void`	`afterSessionManagerSet()`
`protected void`	`beforeLogout(Subject subject)`
`protected SubjectContext`	`copy(SubjectContext subjectContext)`
`protected SessionContext`	`createSessionContext(SubjectContext subjectContext)`
`protected SessionManager`	`createSessionManager(String sessionMode)`
`protected SubjectContext`	`createSubjectContext()`
`protected SessionKey`	`getSessionKey(SubjectContext context)`
`String`	`getSessionMode()` Deprecated.
`boolean`	`isHttpSessionMode()` Security information needs to be retained from request to request, so Shiro makes use of a session for this.
`protected void`	`removeRequestIdentity(Subject subject)`
`void`	`setSessionManager(SessionManager sessionManager)`
`void`	`setSessionMode(String sessionMode)` Deprecated. since 1.2
`void`	`setSubjectDAO(SubjectDAO subjectDAO)`

Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager
bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbind

Methods inherited from class org.apache.shiro.mgt.SessionsSecurityManager
afterCacheManagerSet, applyCacheManagerToSessionManager, destroy, getSession, getSessionManager, start

Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer

Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager
authenticate, getAuthenticator, setAuthenticator

Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager
applyCacheManagerToRealms, getRealms, setRealm, setRealms

Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager
getCacheManager, setCacheManager

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.shiro.mgt.SecurityManager
createSubject, login, logout

Methods inherited from interface org.apache.shiro.authc.Authenticator
authenticate

Methods inherited from interface org.apache.shiro.authz.Authorizer
checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll

Methods inherited from interface org.apache.shiro.session.mgt.SessionManager
getSession, start

- Field Detail
  - HTTP_SESSION_MODE
```
@Deprecated
public static final String HTTP_SESSION_MODE
```
    Deprecated.
    
    See Also:
    
    Constant Field Values
  - NATIVE_SESSION_MODE
```
@Deprecated
public static final String NATIVE_SESSION_MODE
```
    Deprecated.
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - DefaultWebSecurityManager
```
public DefaultWebSecurityManager()
```
  - DefaultWebSecurityManager
```
public DefaultWebSecurityManager(Realm singleRealm)
```
  - DefaultWebSecurityManager
```
public DefaultWebSecurityManager(Collection<Realm> realms)
```
- Method Detail
  - createSubjectContext
```
protected SubjectContext createSubjectContext()
```
    Overrides:
    
    createSubjectContext in class DefaultSecurityManager
  - setSubjectDAO
```
public void setSubjectDAO(SubjectDAO subjectDAO)
```
    Overrides:
    
    setSubjectDAO in class DefaultSecurityManager
  - afterSessionManagerSet
```
protected void afterSessionManagerSet()
```
    Overrides:
    
    afterSessionManagerSet in class SessionsSecurityManager
  - copy
```
protected SubjectContext copy(SubjectContext subjectContext)
```
    Overrides:
    
    copy in class DefaultSecurityManager
  - getSessionMode
```
@Deprecated
public String getSessionMode()
```
    Deprecated.
  - setSessionMode
```
@Deprecated
public void setSessionMode(String sessionMode)
```
    Deprecated. since 1.2
    
    Parameters:
    
    sessionMode -
  - setSessionManager
```
public void setSessionManager(SessionManager sessionManager)
```
    Overrides:
    
    setSessionManager in class SessionsSecurityManager
  - isHttpSessionMode
```
public boolean isHttpSessionMode()
```
    Description copied from interface: WebSecurityManager
    
    Security information needs to be retained from request to request, so Shiro makes use of a session for this. Typically, a security manager will use the servlet container's HTTP session but custom session implementations, for example based on EhCache, may also be used. This method indicates whether the security manager is using the HTTP session or not.
    
    Specified by:
    
    isHttpSessionMode in interface WebSecurityManager
    
    Returns:
    
    true if the security manager is using the HTTP session; otherwise, false.
    
    Since:
    
    1.0
  - createSessionManager
```
protected SessionManager createSessionManager(String sessionMode)
```
  - createSessionContext
```
protected SessionContext createSessionContext(SubjectContext subjectContext)
```
    Overrides:
    
    createSessionContext in class DefaultSecurityManager
  - getSessionKey
```
protected SessionKey getSessionKey(SubjectContext context)
```
    Overrides:
    
    getSessionKey in class DefaultSecurityManager
  - beforeLogout
```
protected void beforeLogout(Subject subject)
```
    Overrides:
    
    beforeLogout in class DefaultSecurityManager
  - removeRequestIdentity
```
protected void removeRequestIdentity(Subject subject)
```

Class DefaultWebSecurityManager

Field Summary

Fields inherited from class org.apache.shiro.mgt.DefaultSecurityManager

Constructor Summary

Method Summary

Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager

Methods inherited from class org.apache.shiro.mgt.SessionsSecurityManager

Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager

Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager

Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager

Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.shiro.mgt.SecurityManager

Methods inherited from interface org.apache.shiro.authc.Authenticator

Methods inherited from interface org.apache.shiro.authz.Authorizer

Methods inherited from interface org.apache.shiro.session.mgt.SessionManager

Field Detail

HTTP_SESSION_MODE

NATIVE_SESSION_MODE

Constructor Detail

DefaultWebSecurityManager

DefaultWebSecurityManager

DefaultWebSecurityManager

Method Detail

createSubjectContext

setSubjectDAO

afterSessionManagerSet

copy

getSessionMode

setSessionMode

setSessionManager

isHttpSessionMode

createSessionManager

createSessionContext

getSessionKey

beforeLogout

removeRequestIdentity