Package org.apache.shiro.web.mgt

Class DefaultWebSecurityManager

  • All Implemented Interfaces:
    org.apache.shiro.authc.Authenticator, org.apache.shiro.authz.Authorizer, org.apache.shiro.cache.CacheManagerAware, org.apache.shiro.event.EventBusAware, org.apache.shiro.mgt.SecurityManager, org.apache.shiro.session.mgt.SessionManager, org.apache.shiro.util.Destroyable, WebSecurityManager
    public class DefaultWebSecurityManager
extends org.apache.shiro.mgt.DefaultSecurityManager
implements WebSecurityManager
    Default WebSecurityManager implementation used in web-based applications or any application that requires HTTP connectivity (SOAP, http remoting, etc).
    Since:
    0.2

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static String HTTP_SESSION_MODE
      Deprecated.
      static String NATIVE_SESSION_MODE
      Deprecated.

      • Fields inherited from class org.apache.shiro.mgt.DefaultSecurityManager

        rememberMeManager, subjectDAO, subjectFactory

    • Method Summary

      All Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      protected void afterSessionManagerSet()  
      protected void beforeLogout​(org.apache.shiro.subject.Subject subject)  
      protected org.apache.shiro.subject.SubjectContext copy​(org.apache.shiro.subject.SubjectContext subjectContext)  
      protected org.apache.shiro.session.mgt.SessionContext createSessionContext​(org.apache.shiro.subject.SubjectContext subjectContext)  
      protected org.apache.shiro.session.mgt.SessionManager createSessionManager​(String sessionMode)  
      protected org.apache.shiro.subject.SubjectContext createSubjectContext()  
      protected org.apache.shiro.session.mgt.SessionKey getSessionKey​(org.apache.shiro.subject.SubjectContext context)  
      String getSessionMode()
      Deprecated.
      boolean isHttpSessionMode()
      Security information needs to be retained from request to request, so Shiro makes use of a session for this.
      protected void removeRequestIdentity​(org.apache.shiro.subject.Subject subject)  
      void setSessionManager​(org.apache.shiro.session.mgt.SessionManager sessionManager)  
      void setSessionMode​(String sessionMode)
      Deprecated.
      since 1.2
      void setSubjectDAO​(org.apache.shiro.mgt.SubjectDAO subjectDAO)  

      • Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager

        bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbind

      • Methods inherited from class org.apache.shiro.mgt.SessionsSecurityManager

        afterCacheManagerSet, afterEventBusSet, applyCacheManagerToSessionManager, applyEventBusToSessionManager, destroy, getSession, getSessionManager, start

      • Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager

        afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer

      • Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager

        authenticate, getAuthenticator, setAuthenticator

      • Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager

        applyCacheManagerToRealms, applyEventBusToRealms, getRealms, setRealm, setRealms

      • Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager

        applyEventBusToCacheManager, getCacheManager, getEventBus, setCacheManager, setEventBus

      • Methods inherited from interface org.apache.shiro.authc.Authenticator

        authenticate

      • Methods inherited from interface org.apache.shiro.authz.Authorizer

        checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll

      • Methods inherited from interface org.apache.shiro.mgt.SecurityManager

        createSubject, login, logout

      • Methods inherited from interface org.apache.shiro.session.mgt.SessionManager

        getSession, start

    • Constructor Detail

      • DefaultWebSecurityManager

        public DefaultWebSecurityManager()

      • DefaultWebSecurityManager

        public DefaultWebSecurityManager​(org.apache.shiro.realm.Realm singleRealm)

      • DefaultWebSecurityManager

        public DefaultWebSecurityManager​(Collection<org.apache.shiro.realm.Realm> realms)

    • Method Detail

      • createSubjectContext

        protected org.apache.shiro.subject.SubjectContext createSubjectContext()
        Overrides:
        createSubjectContext in class org.apache.shiro.mgt.DefaultSecurityManager

      • setSubjectDAO

        public void setSubjectDAO​(org.apache.shiro.mgt.SubjectDAO subjectDAO)
        Overrides:
        setSubjectDAO in class org.apache.shiro.mgt.DefaultSecurityManager

      • afterSessionManagerSet

        protected void afterSessionManagerSet()
        Overrides:
        afterSessionManagerSet in class org.apache.shiro.mgt.SessionsSecurityManager

      • copy

        protected org.apache.shiro.subject.SubjectContext copy​(org.apache.shiro.subject.SubjectContext subjectContext)
        Overrides:
        copy in class org.apache.shiro.mgt.DefaultSecurityManager

      • setSessionMode

        @Deprecated
public void setSessionMode​(String sessionMode)
        Deprecated.
        since 1.2
        Parameters:
        sessionMode -

      • setSessionManager

        public void setSessionManager​(org.apache.shiro.session.mgt.SessionManager sessionManager)
        Overrides:
        setSessionManager in class org.apache.shiro.mgt.SessionsSecurityManager

      • isHttpSessionMode

        public boolean isHttpSessionMode()
        Description copied from interface: WebSecurityManager
        Security information needs to be retained from request to request, so Shiro makes use of a session for this. Typically, a security manager will use the servlet container's HTTP session but custom session implementations, for example based on EhCache, may also be used. This method indicates whether the security manager is using the HTTP session or not.
        Specified by:
        isHttpSessionMode in interface WebSecurityManager
        Returns:
        true if the security manager is using the HTTP session; otherwise, false.
        Since:
        1.0

      • createSessionManager

        protected org.apache.shiro.session.mgt.SessionManager createSessionManager​(String sessionMode)

      • createSessionContext

        protected org.apache.shiro.session.mgt.SessionContext createSessionContext​(org.apache.shiro.subject.SubjectContext subjectContext)
        Overrides:
        createSessionContext in class org.apache.shiro.mgt.DefaultSecurityManager

      • getSessionKey

        protected org.apache.shiro.session.mgt.SessionKey getSessionKey​(org.apache.shiro.subject.SubjectContext context)
        Overrides:
        getSessionKey in class org.apache.shiro.mgt.DefaultSecurityManager

      • beforeLogout

        protected void beforeLogout​(org.apache.shiro.subject.Subject subject)
        Overrides:
        beforeLogout in class org.apache.shiro.mgt.DefaultSecurityManager

      • removeRequestIdentity

        protected void removeRequestIdentity​(org.apache.shiro.subject.Subject subject)