org.apache.shiro.web.mgt
Class DefaultWebSecurityManager

java.lang.Object
  extended by org.apache.shiro.mgt.CachingSecurityManager
      extended by org.apache.shiro.mgt.RealmSecurityManager
          extended by org.apache.shiro.mgt.AuthenticatingSecurityManager
              extended by org.apache.shiro.mgt.AuthorizingSecurityManager
                  extended by org.apache.shiro.mgt.SessionsSecurityManager
                      extended by org.apache.shiro.mgt.DefaultSecurityManager
                          extended by org.apache.shiro.web.mgt.DefaultWebSecurityManager
All Implemented Interfaces:
Authenticator, Authorizer, CacheManagerAware, SecurityManager, SessionManager, Destroyable, WebSecurityManager

public class DefaultWebSecurityManager
extends DefaultSecurityManager
implements WebSecurityManager

Default WebSecurityManager implementation used in web-based applications or any application that requires HTTP connectivity (SOAP, http remoting, etc).

Since:
0.2

Field Summary
static String HTTP_SESSION_MODE
          Deprecated. 
static String NATIVE_SESSION_MODE
          Deprecated. 
 
Fields inherited from class org.apache.shiro.mgt.DefaultSecurityManager
rememberMeManager, subjectDAO, subjectFactory
 
Constructor Summary
DefaultWebSecurityManager()
           
DefaultWebSecurityManager(Collection<Realm> realms)
           
DefaultWebSecurityManager(Realm singleRealm)
           
 
Method Summary
protected  void afterSessionManagerSet()
           
protected  void beforeLogout(Subject subject)
           
protected  SubjectContext copy(SubjectContext subjectContext)
           
protected  SessionContext createSessionContext(SubjectContext subjectContext)
           
protected  SessionManager createSessionManager(String sessionMode)
           
protected  SubjectContext createSubjectContext()
           
protected  SessionKey getSessionKey(SubjectContext context)
           
 String getSessionMode()
          Deprecated. 
 boolean isHttpSessionMode()
          Security information needs to be retained from request to request, so Shiro makes use of a session for this.
protected  void removeRequestIdentity(Subject subject)
           
 void setSessionManager(SessionManager sessionManager)
          Sets the underlying delegate SessionManager instance that will be used to support this implementation's SessionManager method calls.
 void setSessionMode(String sessionMode)
          Deprecated. since 1.2
 void setSubjectDAO(SubjectDAO subjectDAO)
          Sets the SubjectDAO responsible for persisting Subject state, typically used after login or when an Subject identity is discovered (eg after RememberMe services).
 
Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager
bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbind
 
Methods inherited from class org.apache.shiro.mgt.SessionsSecurityManager
afterCacheManagerSet, applyCacheManagerToSessionManager, destroy, getSession, getSessionManager, start
 
Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer
 
Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager
authenticate, getAuthenticator, setAuthenticator
 
Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager
applyCacheManagerToRealms, getRealms, setRealm, setRealms
 
Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager
getCacheManager, setCacheManager
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 
Methods inherited from interface org.apache.shiro.mgt.SecurityManager
createSubject, login, logout
 
Methods inherited from interface org.apache.shiro.authc.Authenticator
authenticate
 
Methods inherited from interface org.apache.shiro.authz.Authorizer
checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll
 
Methods inherited from interface org.apache.shiro.session.mgt.SessionManager
getSession, start
 

Field Detail

HTTP_SESSION_MODE

@Deprecated
public static final String HTTP_SESSION_MODE
Deprecated. 
See Also:
Constant Field Values

NATIVE_SESSION_MODE

@Deprecated
public static final String NATIVE_SESSION_MODE
Deprecated. 
See Also:
Constant Field Values
Constructor Detail

DefaultWebSecurityManager

public DefaultWebSecurityManager()

DefaultWebSecurityManager

public DefaultWebSecurityManager(Realm singleRealm)

DefaultWebSecurityManager

public DefaultWebSecurityManager(Collection<Realm> realms)
Method Detail

createSubjectContext

protected SubjectContext createSubjectContext()
Overrides:
createSubjectContext in class DefaultSecurityManager

setSubjectDAO

public void setSubjectDAO(SubjectDAO subjectDAO)
Description copied from class: DefaultSecurityManager
Sets the SubjectDAO responsible for persisting Subject state, typically used after login or when an Subject identity is discovered (eg after RememberMe services). Unless configured otherwise, the default implementation is a DefaultSubjectDAO.

Overrides:
setSubjectDAO in class DefaultSecurityManager
Parameters:
subjectDAO - the SubjectDAO responsible for persisting Subject state, typically used after login or when an Subject identity is discovered (eg after RememberMe services).
See Also:
DefaultSubjectDAO

afterSessionManagerSet

protected void afterSessionManagerSet()
Overrides:
afterSessionManagerSet in class SessionsSecurityManager

copy

protected SubjectContext copy(SubjectContext subjectContext)
Overrides:
copy in class DefaultSecurityManager

getSessionMode

@Deprecated
public String getSessionMode()
Deprecated. 


setSessionMode

@Deprecated
public void setSessionMode(String sessionMode)
Deprecated. since 1.2

Parameters:
sessionMode -

setSessionManager

public void setSessionManager(SessionManager sessionManager)
Description copied from class: SessionsSecurityManager
Sets the underlying delegate SessionManager instance that will be used to support this implementation's SessionManager method calls.

This SecurityManager implementation does not provide logic to support the inherited SessionManager interface, but instead delegates these calls to an internal SessionManager instance.

If a SessionManager instance is not set, a default one will be automatically created and initialized appropriately for the the existing runtime environment.

Overrides:
setSessionManager in class SessionsSecurityManager
Parameters:
sessionManager - delegate instance to use to support this manager's SessionManager method calls.

isHttpSessionMode

public boolean isHttpSessionMode()
Description copied from interface: WebSecurityManager
Security information needs to be retained from request to request, so Shiro makes use of a session for this. Typically, a security manager will use the servlet container's HTTP session but custom session implementations, for example based on EhCache, may also be used. This method indicates whether the security manager is using the HTTP session or not.

Specified by:
isHttpSessionMode in interface WebSecurityManager
Returns:
true if the security manager is using the HTTP session; otherwise, false.
Since:
1.0

createSessionManager

protected SessionManager createSessionManager(String sessionMode)

createSessionContext

protected SessionContext createSessionContext(SubjectContext subjectContext)
Overrides:
createSessionContext in class DefaultSecurityManager

getSessionKey

protected SessionKey getSessionKey(SubjectContext context)
Overrides:
getSessionKey in class DefaultSecurityManager

beforeLogout

protected void beforeLogout(Subject subject)
Overrides:
beforeLogout in class DefaultSecurityManager

removeRequestIdentity

protected void removeRequestIdentity(Subject subject)


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.