org.apache.shiro.web.mgt
Class CookieRememberMeManager

java.lang.Object
  extended by org.apache.shiro.mgt.AbstractRememberMeManager
      extended by org.apache.shiro.web.mgt.CookieRememberMeManager
All Implemented Interfaces:
RememberMeManager

public class CookieRememberMeManager
extends AbstractRememberMeManager

Remembers a Subject's identity by saving the Subject's principals to a Cookie for later retrieval.

Cookie attributes (path, domain, maxAge, etc) may be set on this class's default cookie attribute, which acts as a template to use to set all properties of outgoing cookies created by this implementation.

The default cookie has the following attribute values set:

Attribute Name Value
name rememberMe
path /
maxAge Cookie.ONE_YEAR

Note that because this class subclasses the AbstractRememberMeManager which already provides serialization and encryption logic, this class utilizes both for added security before setting the cookie value.

Since:
1.0

Field Summary
static String DEFAULT_REMEMBER_ME_COOKIE_NAME
          The default name of the underlying rememberMe cookie which is rememberMe.
 
Constructor Summary
CookieRememberMeManager()
          Constructs a new CookieRememberMeManager with a default rememberMe cookie template.
 
Method Summary
protected  void forgetIdentity(Subject subject)
          Removes the 'rememberMe' cookie from the associated WebSubject's request/response pair.
 void forgetIdentity(SubjectContext subjectContext)
          Removes the 'rememberMe' cookie from the associated WebSubjectContext's request/response pair.
 Cookie getCookie()
          Returns the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.
protected  byte[] getRememberedSerializedIdentity(SubjectContext subjectContext)
          Returns a previously serialized identity byte array or null if the byte array could not be acquired.
protected  void rememberSerializedIdentity(Subject subject, byte[] serialized)
          Base64-encodes the specified serialized byte array and sets that base64-encoded String as the cookie value.
 void setCookie(Cookie cookie)
          Sets the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.
 
Methods inherited from class org.apache.shiro.mgt.AbstractRememberMeManager
convertBytesToPrincipals, convertPrincipalsToBytes, decrypt, deserialize, encrypt, getCipherKey, getCipherService, getDecryptionCipherKey, getEncryptionCipherKey, getIdentityToRemember, getRememberedPrincipals, getSerializer, isRememberMe, onFailedLogin, onLogout, onRememberedPrincipalFailure, onSuccessfulLogin, rememberIdentity, rememberIdentity, serialize, setCipherKey, setCipherService, setDecryptionCipherKey, setEncryptionCipherKey, setSerializer
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_REMEMBER_ME_COOKIE_NAME

public static final String DEFAULT_REMEMBER_ME_COOKIE_NAME
The default name of the underlying rememberMe cookie which is rememberMe.

See Also:
Constant Field Values
Constructor Detail

CookieRememberMeManager

public CookieRememberMeManager()
Constructs a new CookieRememberMeManager with a default rememberMe cookie template.

Method Detail

getCookie

public Cookie getCookie()
Returns the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager. Outgoing cookies will match this one except for the value attribute, which is necessarily set dynamically at runtime.

Please see the class-level JavaDoc for the default cookie's attribute values.

Returns:
the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.

setCookie

public void setCookie(Cookie cookie)
Sets the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager. Outgoing cookies will match this one except for the value attribute, which is necessarily set dynamically at runtime.

Please see the class-level JavaDoc for the default cookie's attribute values.

Parameters:
cookie - the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.

rememberSerializedIdentity

protected void rememberSerializedIdentity(Subject subject,
                                          byte[] serialized)
Base64-encodes the specified serialized byte array and sets that base64-encoded String as the cookie value.

The subject instance is expected to be a WebSubject instance with an HTTP Request/Response pair so an HTTP cookie can be set on the outgoing response. If it is not a WebSubject or that WebSubject does not have an HTTP Request/Response pair, this implementation does nothing.

Specified by:
rememberSerializedIdentity in class AbstractRememberMeManager
Parameters:
subject - the Subject for which the identity is being serialized.
serialized - the serialized bytes to be persisted.

getRememberedSerializedIdentity

protected byte[] getRememberedSerializedIdentity(SubjectContext subjectContext)
Returns a previously serialized identity byte array or null if the byte array could not be acquired. This implementation retrieves an HTTP cookie, Base64-decodes the cookie value, and returns the resulting byte array.

The SubjectContext instance is expected to be a WebSubjectContext instance with an HTTP Request/Response pair so an HTTP cookie can be retrieved from the incoming request. If it is not a WebSubjectContext or that WebSubjectContext does not have an HTTP Request/Response pair, this implementation returns null.

Specified by:
getRememberedSerializedIdentity in class AbstractRememberMeManager
Parameters:
subjectContext - the contextual data, usually provided by a Subject.Builder implementation, that is being used to construct a Subject instance. To be used to assist with data lookup.
Returns:
a previously serialized identity byte array or null if the byte array could not be acquired.

forgetIdentity

protected void forgetIdentity(Subject subject)
Removes the 'rememberMe' cookie from the associated WebSubject's request/response pair.

The subject instance is expected to be a WebSubject instance with an HTTP Request/Response pair. If it is not a WebSubject or that WebSubject does not have an HTTP Request/Response pair, this implementation does nothing.

Specified by:
forgetIdentity in class AbstractRememberMeManager
Parameters:
subject - the subject instance for which identity data should be forgotten from the underlying persistence

forgetIdentity

public void forgetIdentity(SubjectContext subjectContext)
Removes the 'rememberMe' cookie from the associated WebSubjectContext's request/response pair.

The SubjectContext instance is expected to be a WebSubjectContext instance with an HTTP Request/Response pair. If it is not a WebSubjectContext or that WebSubjectContext does not have an HTTP Request/Response pair, this implementation does nothing.

Parameters:
subjectContext - the contextual data, usually provided by a Subject.Builder implementation


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.