Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.shiro.web.mgt
Class DefaultWebSecurityManager

java.lang.Object
  extended by org.apache.shiro.mgt.CachingSecurityManager
      extended by org.apache.shiro.mgt.RealmSecurityManager
          extended by org.apache.shiro.mgt.AuthenticatingSecurityManager
              extended by org.apache.shiro.mgt.AuthorizingSecurityManager
                  extended by org.apache.shiro.mgt.SessionsSecurityManager
                      extended by org.apache.shiro.mgt.DefaultSecurityManager
                          extended by org.apache.shiro.web.mgt.DefaultWebSecurityManager
All Implemented Interfaces:
Authenticator, Authorizer, CacheManagerAware, SecurityManager, SessionManager, Destroyable, WebSecurityManager
public class DefaultWebSecurityManager
extends DefaultSecurityManager
implements WebSecurityManager

Default WebSecurityManager implementation used in web-based applications or any application that requires HTTP connectivity (SOAP, http remoting, etc).

Since:
0.2

Field Summary
static String HTTP_SESSION_MODE
          Deprecated. 
static String NATIVE_SESSION_MODE
          Deprecated. 
 
Fields inherited from class org.apache.shiro.mgt.DefaultSecurityManager
rememberMeManager, subjectDAO, subjectFactory
 
Constructor Summary
DefaultWebSecurityManager()
           
DefaultWebSecurityManager(Collection<Realm> realms)
           
DefaultWebSecurityManager(Realm singleRealm)
           
 
Method Summary
protected  void afterSessionManagerSet()
           
protected  void beforeLogout(Subject subject)
           
protected  SubjectContext copy(SubjectContext subjectContext)
           
protected  SessionContext createSessionContext(SubjectContext subjectContext)
           
protected  SessionManager createSessionManager(String sessionMode)
           
protected  SubjectContext createSubjectContext()
           
protected  SessionKey getSessionKey(SubjectContext context)
           
 String getSessionMode()
          Deprecated. 
 boolean isHttpSessionMode()
          Security information needs to be retained from request to request, so Shiro makes use of a session for this.
protected  void removeRequestIdentity(Subject subject)
           
 void setSessionManager(SessionManager sessionManager)
           
 void setSessionMode(String sessionMode)
          Deprecated. since 1.2
 void setSubjectDAO(SubjectDAO subjectDAO)
           
 
Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager
bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbind
 
Methods inherited from class org.apache.shiro.mgt.SessionsSecurityManager
afterCacheManagerSet, applyCacheManagerToSessionManager, destroy, getSession, getSessionManager, start
 
Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer
 
Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager
authenticate, getAuthenticator, setAuthenticator
 
Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager
applyCacheManagerToRealms, getRealms, setRealm, setRealms
 
Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager
getCacheManager, setCacheManager
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.shiro.mgt.SecurityManager
createSubject, login, logout
 
Methods inherited from interface org.apache.shiro.authc.Authenticator
authenticate
 
Methods inherited from interface org.apache.shiro.authz.Authorizer
checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll
 
Methods inherited from interface org.apache.shiro.session.mgt.SessionManager
getSession, start
 

Field Detail

HTTP_SESSION_MODE

@Deprecated
public static final String HTTP_SESSION_MODE
Deprecated. 
See Also:
Constant Field Values

NATIVE_SESSION_MODE

@Deprecated
public static final String NATIVE_SESSION_MODE
Deprecated. 
See Also:
Constant Field Values
Constructor Detail

DefaultWebSecurityManager

public DefaultWebSecurityManager()

DefaultWebSecurityManager

public DefaultWebSecurityManager(Realm singleRealm)

DefaultWebSecurityManager

public DefaultWebSecurityManager(Collection<Realm> realms)
Method Detail

createSubjectContext

protected SubjectContext createSubjectContext()
Overrides:
createSubjectContext in class DefaultSecurityManager

setSubjectDAO

public void setSubjectDAO(SubjectDAO subjectDAO)
Overrides:
setSubjectDAO in class DefaultSecurityManager

afterSessionManagerSet

protected void afterSessionManagerSet()
Overrides:
afterSessionManagerSet in class SessionsSecurityManager

copy

protected SubjectContext copy(SubjectContext subjectContext)
Overrides:
copy in class DefaultSecurityManager

getSessionMode

@Deprecated
public String getSessionMode()
Deprecated. 

setSessionMode

@Deprecated
public void setSessionMode(String sessionMode)
Deprecated. since 1.2

Parameters:
sessionMode -

setSessionManager

public void setSessionManager(SessionManager sessionManager)
Overrides:
setSessionManager in class SessionsSecurityManager

isHttpSessionMode

public boolean isHttpSessionMode()
Description copied from interface: WebSecurityManager
Security information needs to be retained from request to request, so Shiro makes use of a session for this. Typically, a security manager will use the servlet container's HTTP session but custom session implementations, for example based on EhCache, may also be used. This method indicates whether the security manager is using the HTTP session or not.

Specified by:
isHttpSessionMode in interface WebSecurityManager
Returns:
true if the security manager is using the HTTP session; otherwise, false.
Since:
1.0

createSessionManager

protected SessionManager createSessionManager(String sessionMode)

createSessionContext

protected SessionContext createSessionContext(SubjectContext subjectContext)
Overrides:
createSessionContext in class DefaultSecurityManager

getSessionKey

protected SessionKey getSessionKey(SubjectContext context)
Overrides:
getSessionKey in class DefaultSecurityManager

beforeLogout

protected void beforeLogout(Subject subject)
Overrides:
beforeLogout in class DefaultSecurityManager

removeRequestIdentity

protected void removeRequestIdentity(Subject subject)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2015 The Apache Software Foundation. All Rights Reserved.