org.apache.shiro.web.mgt

Class DefaultWebSecurityManager

java.lang.Object

org.apache.shiro.mgt.CachingSecurityManager

org.apache.shiro.mgt.RealmSecurityManager

org.apache.shiro.mgt.AuthenticatingSecurityManager

org.apache.shiro.mgt.AuthorizingSecurityManager

org.apache.shiro.mgt.SessionsSecurityManager

org.apache.shiro.mgt.DefaultSecurityManager

org.apache.shiro.web.mgt.DefaultWebSecurityManager

All Implemented Interfaces:

org.apache.shiro.authc.Authenticator, org.apache.shiro.authz.Authorizer, org.apache.shiro.cache.CacheManagerAware, org.apache.shiro.event.EventBusAware, org.apache.shiro.mgt.SecurityManager, org.apache.shiro.session.mgt.SessionManager, org.apache.shiro.util.Destroyable, WebSecurityManager

public class DefaultWebSecurityManager
extends org.apache.shiro.mgt.DefaultSecurityManager
implements WebSecurityManager

Default WebSecurityManager implementation used in web-based applications or any application that requires HTTP connectivity (SOAP, http remoting, etc).

Since:

0.2

Field Summary

Fields

Modifier and Type	Field and Description
static String	HTTP_SESSION_MODE Deprecated.
static String	NATIVE_SESSION_MODE Deprecated.

Fields inherited from class org.apache.shiro.mgt.DefaultSecurityManager

rememberMeManager, subjectDAO, subjectFactory

Constructor Summary

Constructors

Constructor and Description
DefaultWebSecurityManager()
DefaultWebSecurityManager(Collection<org.apache.shiro.realm.Realm> realms)
DefaultWebSecurityManager(org.apache.shiro.realm.Realm singleRealm)

Method Summary

Modifier and Type	Method and Description
protected void	afterSessionManagerSet()
protected void	beforeLogout(org.apache.shiro.subject.Subject subject)
protected org.apache.shiro.subject.SubjectContext	copy(org.apache.shiro.subject.SubjectContext subjectContext)
protected org.apache.shiro.session.mgt.SessionContext	createSessionContext(org.apache.shiro.subject.SubjectContext subjectContext)
protected org.apache.shiro.session.mgt.SessionManager	createSessionManager(String sessionMode)
protected org.apache.shiro.subject.SubjectContext	createSubjectContext()
protected org.apache.shiro.session.mgt.SessionKey	getSessionKey(org.apache.shiro.subject.SubjectContext context)
String	getSessionMode() Deprecated.
boolean	isHttpSessionMode() Security information needs to be retained from request to request, so Shiro makes use of a session for this.
protected void	removeRequestIdentity(org.apache.shiro.subject.Subject subject)
void	setSessionManager(org.apache.shiro.session.mgt.SessionManager sessionManager)
void	setSessionMode(String sessionMode) Deprecated. since 1.2
void	setSubjectDAO(org.apache.shiro.mgt.SubjectDAO subjectDAO)

Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager

bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbind

Methods inherited from class org.apache.shiro.mgt.SessionsSecurityManager

afterCacheManagerSet, afterEventBusSet, applyCacheManagerToSessionManager, applyEventBusToSessionManager, destroy, getSession, getSessionManager, start

Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager

afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer

Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager

authenticate, getAuthenticator, setAuthenticator

Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager

applyCacheManagerToRealms, applyEventBusToRealms, getRealms, setRealm, setRealms

Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager

applyEventBusToCacheManager, getCacheManager, getEventBus, setCacheManager, setEventBus

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.shiro.mgt.SecurityManager

createSubject, login, logout

Methods inherited from interface org.apache.shiro.authc.Authenticator

authenticate

Methods inherited from interface org.apache.shiro.authz.Authorizer

checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll

Methods inherited from interface org.apache.shiro.session.mgt.SessionManager

getSession, start

Field Detail

HTTP_SESSION_MODE

@Deprecated
public static final String HTTP_SESSION_MODE

Deprecated.

See Also:

Constant Field Values

NATIVE_SESSION_MODE

@Deprecated
public static final String NATIVE_SESSION_MODE

Deprecated.

See Also:

Constant Field Values

Constructor Detail

DefaultWebSecurityManager

public DefaultWebSecurityManager()

DefaultWebSecurityManager

public DefaultWebSecurityManager(org.apache.shiro.realm.Realm singleRealm)

DefaultWebSecurityManager

public DefaultWebSecurityManager(Collection<org.apache.shiro.realm.Realm> realms)

Method Detail

createSubjectContext

protected org.apache.shiro.subject.SubjectContext createSubjectContext()

Overrides:

createSubjectContext in class org.apache.shiro.mgt.DefaultSecurityManager

setSubjectDAO

public void setSubjectDAO(org.apache.shiro.mgt.SubjectDAO subjectDAO)

Overrides:

setSubjectDAO in class org.apache.shiro.mgt.DefaultSecurityManager

afterSessionManagerSet

protected void afterSessionManagerSet()

Overrides:

afterSessionManagerSet in class org.apache.shiro.mgt.SessionsSecurityManager

copy

protected org.apache.shiro.subject.SubjectContext copy(org.apache.shiro.subject.SubjectContext subjectContext)

Overrides:

copy in class org.apache.shiro.mgt.DefaultSecurityManager

getSessionMode

@Deprecated
public String getSessionMode()

Deprecated.

setSessionMode

@Deprecated
public void setSessionMode(String sessionMode)

Deprecated. since 1.2

Parameters:

sessionMode -

setSessionManager

public void setSessionManager(org.apache.shiro.session.mgt.SessionManager sessionManager)

Overrides:

setSessionManager in class org.apache.shiro.mgt.SessionsSecurityManager

isHttpSessionMode

public boolean isHttpSessionMode()

Description copied from interface: WebSecurityManager

Security information needs to be retained from request to request, so Shiro makes use of a session for this. Typically, a security manager will use the servlet container's HTTP session but custom session implementations, for example based on EhCache, may also be used. This method indicates whether the security manager is using the HTTP session or not.

Specified by:

isHttpSessionMode in interface WebSecurityManager

Returns:

true if the security manager is using the HTTP session; otherwise, false.

Since:

1.0

createSessionManager

protected org.apache.shiro.session.mgt.SessionManager createSessionManager(String sessionMode)

createSessionContext

protected org.apache.shiro.session.mgt.SessionContext createSessionContext(org.apache.shiro.subject.SubjectContext subjectContext)

Overrides:

createSessionContext in class org.apache.shiro.mgt.DefaultSecurityManager

getSessionKey

protected org.apache.shiro.session.mgt.SessionKey getSessionKey(org.apache.shiro.subject.SubjectContext context)

Overrides:

getSessionKey in class org.apache.shiro.mgt.DefaultSecurityManager

beforeLogout

protected void beforeLogout(org.apache.shiro.subject.Subject subject)

Overrides:

beforeLogout in class org.apache.shiro.mgt.DefaultSecurityManager

removeRequestIdentity

protected void removeRequestIdentity(org.apache.shiro.subject.Subject subject)