All Classes and Interfaces
Class
Description
Base abstract Filter simplifying Filter initialization and
access to init parameters.Abstract base class that provides all standard Shiro request filtering behavior and expects
subclasses to implement configuration-specific logic (INI, XML, .properties, etc.).
Superclass for any filter that controls access to a resource and may redirect the user to the login page
if they are not authenticated.
A Servlet Filter that enables AOP-style "around" advice for a ServletRequest via
preHandle,
postHandle,
and afterCompletion
hooks.Filter that allows access to a path immediately without performing security checks of any kind.
JSP tag that renders the tag body only if the current user has executed a successful authentication attempt
during their current session.
An
AuthenticationFilter that is capable of automatically performing an authentication attempt
based on the incoming request.Base class for all Filters that require the current user to be authenticated.
Superclass for authorization-related filters.
Requires the requesting user to be
authenticated for the
request to continue, and if they're not, requires the user to login via the HTTP Basic protocol-specific challenge.Requires the requesting user to be
authenticated for the
request to continue, and if they're not, requires the user to login via the HTTP Bearer protocol-specific challenge.Interface representing HTTP cookie operations, supporting pojo-style getters and setters for all
attributes which includes HttpOnly support.
The SameSite attribute of the Set-Cookie HTTP response header allows you to declare
if your cookie should be restricted to a first-party or same-site context.
Remembers a Subject's identity by saving the Subject's
principals to a Cookie
for later retrieval.Enum representing all of the default Shiro Filter instances available to web applications.
Default
FilterChainManager implementation maintaining a map of Filter instances
(key: filter name, value: Filter) as well as a map of NamedFilterLists created from these
Filters (key: filter chain name, value: NamedFilterList).Default
WebEnvironment implementation based on a backing Map instance.Default
WebSecurityManager implementation used in web-based applications or any
application that requires HTTP connectivity (SOAP, http remoting, etc.).Default implementation of the
WebSessionContext interface which provides getters and setters that
wrap interaction with the underlying backing context map.Web-application capable
SessionManager implementation.A web-specific
SessionStorageEvaluator that performs the same logic as the parent class
DefaultSessionStorageEvaluator but additionally checks for a request-specific flag that may enable or
disable session access.Default
WebSubjectContext implementation that provides for additional storage and retrieval of
a ServletRequest and ServletResponse.A
SubjectFactory implementation that creates WebDelegatingSubject instances.An
EnvironmentLoader is responsible for loading a web application's Shiro WebEnvironment
(which includes the web app's WebSecurityManager) into the
ServletContext at application startup.Bootstrap listener to startup and shutdown the web application's Shiro
WebEnvironment at ServletContext startup and shutdown respectively.A
FilterChainManager manages the creation and modification of Filter chains from an available pool
of Filter instances.A
FilterChainResolver can resolve an appropriate FilterChain to execute during a
ServletRequest.Requires the requesting user to be authenticated for the request to continue, and if they are not, forces the user
to login via by redirecting them to the
loginUrl you configure.JSP tag that renders the tag body if the current user is not known to the system, either because they
haven't logged in yet, or because they have no 'RememberMe' identity.
Displays body content if the current user has any of the roles specified.
A Filter that can allow or deny access based on the host that sent the request.
A filter that translates an HTTP Request's Method (e.g.
Session implementation that is backed entirely by a standard servlet container
HttpSession instance.Deprecated.
Deprecated.
Matches a request based on IP Address or subnet mask matching against the remote
address.
A Filter that requires the request to be from within a specific set of IP
address ranges and / or not from with a specific (denied) set.
Represents a source of information for IP restrictions (see IpFilter)
Simple Filter that, upon receiving a request, will immediately log-out the currently executing
subject
and then redirect them to a configured redirectUrl.A
WebEnvironment that supports 'write' operations operations.Allows a filter to be named via JavaBeans-compatible
NameableFilter.getName()/NameableFilter.setName(String) methods.A
PathMatchingFilter that will disable creating new Sessions during the request.JSP tag that renders the tag body only if the current user has not executed a successful authentication
attempt during their current session.
Filter base class that guarantees to be just executed once per request,
on any servlet container.
An authentication filter that redirects the user to the login page when they are trying to access
a protected resource.
A PathConfigProcessor processes configuration entries on a per path (url) basis.
Base class for Filters that will process only specified paths and allow all others to pass through.
A
FilterChainResolver that resolves FilterChains based on url path
matching, as determined by a configurable PathMatcher.Filter that allows access if the current user has the permissions specified by the mapped value, or denies access
if the user does not have all of the permissions specified.
A Filter that requires the request to be on a specific port, and if not, redirects to the same URL on that port.
Tag used to print out the String value of a user's default principal,
or a specific principal as specified by the tag's attributes.
A proxied filter chain is a
FilterChain instance that proxies an original FilterChain as well
as a List of other Filters that might need to execute prior to the final wrapped
original chain.View that redirects to an absolute, context relative, or current request
relative URL, exposing all model attributes as HTTP query parameters.
A
RequestPairSource is a component that can supply a ServletRequest and
ServletResponse pair associated with a currently executing request.Abstract implementation for
WebEnvironments that can be initialized via resource paths (config files).Filter that allows access if the current user has the roles specified by the mapped value, or denies access
if the user does not have all of the roles specified.
Maintains request data for a request that was redirected, so that after authentication
the user can be redirected to the originally requested page.
SessionManager implementation providing
Session implementations that are merely wrappers for the
Servlet container's HttpSession.Base implementation for any components that need to access the web application's
ServletContext.Primary Shiro Filter for web applications configuring Shiro via Servlet <listener> in web.xml.
Configuration for Shiro's root level servlet filter.
A
ShiroHttpServletRequest wraps the Servlet container's original ServletRequest instance, but ensures
that all HttpServletRequest invocations that require Shiro's support (getRemoteUser,
getSession, etc.) can be executed first by Shiro as necessary before allowing the underlying
Servlet container instance's method to be invoked.HttpServletResponse implementation to support URL Encoding of Shiro Session IDs.
Wrapper class that uses a Shiro
Session under the hood for all session operations instead of the
Servlet Container's session mechanism.Default
Cookie implementation.Filter which requires a request to be over SSL.
Filter that allows access to resources if the accessor is a known user, which is defined as
having a known principal.
JSP tag that renders the tag body if the current user known to the system, either from a successful login attempt
(not necessarily during the current session) or from 'RememberMe' services.
Default
WebSubject implementation that additional ensures the ability to retain a
servlet request/response pair to be used by internal shiro components as necessary during the request execution.A web-specific
Environment instance, used in web applications.Deprecated.
use Shiro's
Environment mechanisms instead.This interface represents a
SecurityManager implementation that can used in web-enabled applications.A
WebSubjectContext is a SessionContext that additionally provides for type-safe
methods to set and retrieve a ServletRequest and ServletResponse, as the request/response pair will
often need to be referenced during construction of web-initiated Session instances.A
SessionKey implementation that also retains the
ServletRequest and ServletResponse associated with the web request that is performing the
session lookup.SessionManager specific to web-enabled applications.A
WebSubject represents a Subject instance that was acquired as a result of an incoming
ServletRequest.A
WebSubject.Builder performs the same function as a Subject.Builder, but
additionally ensures that the Servlet request/response pair that is triggering the Subject instance's creation
is retained for use by internal Shiro components as necessary.A
WebSubjectContext is a SubjectContext that additionally provides for type-safe
methods to set and retrieve a ServletRequest and ServletResponse.Simple utility class for operations used across multiple class hierarchies in the web framework code.
ShiroFilter