Package org.apache.shiro.web.mgt
Class DefaultWebSecurityManager
java.lang.Object
org.apache.shiro.mgt.CachingSecurityManager
org.apache.shiro.mgt.RealmSecurityManager
org.apache.shiro.mgt.AuthenticatingSecurityManager
org.apache.shiro.mgt.AuthorizingSecurityManager
org.apache.shiro.mgt.SessionsSecurityManager
org.apache.shiro.mgt.DefaultSecurityManager
org.apache.shiro.web.mgt.DefaultWebSecurityManager
- All Implemented Interfaces:
org.apache.shiro.authc.Authenticator,org.apache.shiro.authz.Authorizer,org.apache.shiro.cache.CacheManagerAware,org.apache.shiro.event.EventBusAware,org.apache.shiro.lang.util.Destroyable,org.apache.shiro.mgt.SecurityManager,org.apache.shiro.session.mgt.SessionManager,WebSecurityManager
public class DefaultWebSecurityManager
extends org.apache.shiro.mgt.DefaultSecurityManager
implements WebSecurityManager
Default
WebSecurityManager implementation used in web-based applications or any
application that requires HTTP connectivity (SOAP, http remoting, etc.).- Since:
- 0.2
-
Field Summary
FieldsFields inherited from class org.apache.shiro.mgt.DefaultSecurityManager
rememberMeManager, subjectDAO, subjectFactory -
Constructor Summary
ConstructorsConstructorDescriptionDefaultWebSecurityManager(Collection<org.apache.shiro.realm.Realm> realms) DefaultWebSecurityManager(Supplier<byte[]> keySupplier) DefaultWebSecurityManager(org.apache.shiro.realm.Realm singleRealm) -
Method Summary
Modifier and TypeMethodDescriptionprotected voidprotected voidbeforeLogout(org.apache.shiro.subject.Subject subject) protected org.apache.shiro.subject.SubjectContextcopy(org.apache.shiro.subject.SubjectContext subjectContext) protected org.apache.shiro.session.mgt.SessionContextcreateSessionContext(org.apache.shiro.subject.SubjectContext subjectContext) protected org.apache.shiro.session.mgt.SessionManagercreateSessionManager(String sessionMode) protected org.apache.shiro.subject.SubjectContextprotected org.apache.shiro.session.mgt.SessionKeygetSessionKey(org.apache.shiro.subject.SubjectContext context) Deprecated.booleanSecurity information needs to be retained from request to request, so Shiro makes use of a session for this.protected voidremoveRequestIdentity(org.apache.shiro.subject.Subject subject) voidsetSessionManager(org.apache.shiro.session.mgt.SessionManager sessionManager) voidsetSessionMode(String sessionMode) Deprecated.since 1.2voidsetSubjectDAO(org.apache.shiro.mgt.SubjectDAO subjectDAO) Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager
bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbindMethods inherited from class org.apache.shiro.mgt.SessionsSecurityManager
afterCacheManagerSet, afterEventBusSet, applyCacheManagerToSessionManager, applyEventBusToSessionManager, destroy, getSession, getSessionManager, startMethods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizerMethods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager
authenticate, getAuthenticator, setAuthenticatorMethods inherited from class org.apache.shiro.mgt.RealmSecurityManager
applyCacheManagerToRealms, applyEventBusToRealms, getRealms, setRealm, setRealmsMethods inherited from class org.apache.shiro.mgt.CachingSecurityManager
applyEventBusToCacheManager, getCacheManager, getEventBus, setCacheManager, setEventBusMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.apache.shiro.authc.Authenticator
authenticateMethods inherited from interface org.apache.shiro.authz.Authorizer
checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAllMethods inherited from interface org.apache.shiro.mgt.SecurityManager
createSubject, login, logoutMethods inherited from interface org.apache.shiro.session.mgt.SessionManager
getSession, start
-
Field Details
-
HTTP_SESSION_MODE
Deprecated.- See Also:
-
NATIVE_SESSION_MODE
Deprecated.- See Also:
-
-
Constructor Details
-
DefaultWebSecurityManager
public DefaultWebSecurityManager() -
DefaultWebSecurityManager
-
DefaultWebSecurityManager
-
DefaultWebSecurityManager
-
-
Method Details
-
createSubjectContext
- Overrides:
createSubjectContextin classorg.apache.shiro.mgt.DefaultSecurityManager
-
setSubjectDAO
- Overrides:
setSubjectDAOin classorg.apache.shiro.mgt.DefaultSecurityManager
-
afterSessionManagerSet
- Overrides:
afterSessionManagerSetin classorg.apache.shiro.mgt.SessionsSecurityManager
-
copy
protected org.apache.shiro.subject.SubjectContext copy(org.apache.shiro.subject.SubjectContext subjectContext) - Overrides:
copyin classorg.apache.shiro.mgt.DefaultSecurityManager
-
getSessionMode
Deprecated. -
setSessionMode
Deprecated.since 1.2- Parameters:
sessionMode-
-
setSessionManager
- Overrides:
setSessionManagerin classorg.apache.shiro.mgt.SessionsSecurityManager
-
isHttpSessionMode
Description copied from interface:WebSecurityManagerSecurity information needs to be retained from request to request, so Shiro makes use of a session for this. Typically, a security manager will use the servlet container's HTTP session but custom session implementations, for example based on EhCache, may also be used. This method indicates whether the security manager is using the HTTP session or not.- Specified by:
isHttpSessionModein interfaceWebSecurityManager- Returns:
trueif the security manager is using the HTTP session; otherwise,false.- Since:
- 1.0
-
createSessionManager
-
createSessionContext
protected org.apache.shiro.session.mgt.SessionContext createSessionContext(org.apache.shiro.subject.SubjectContext subjectContext) - Overrides:
createSessionContextin classorg.apache.shiro.mgt.DefaultSecurityManager
-
getSessionKey
protected org.apache.shiro.session.mgt.SessionKey getSessionKey(org.apache.shiro.subject.SubjectContext context) - Overrides:
getSessionKeyin classorg.apache.shiro.mgt.DefaultSecurityManager
-
beforeLogout
- Overrides:
beforeLogoutin classorg.apache.shiro.mgt.DefaultSecurityManager
-
removeRequestIdentity
-