org.apache.shiro.web.mgt
Class DefaultWebSecurityManager
java.lang.Object
org.apache.shiro.mgt.CachingSecurityManager
org.apache.shiro.mgt.RealmSecurityManager
org.apache.shiro.mgt.AuthenticatingSecurityManager
org.apache.shiro.mgt.AuthorizingSecurityManager
org.apache.shiro.mgt.SessionsSecurityManager
org.apache.shiro.mgt.DefaultSecurityManager
org.apache.shiro.web.mgt.DefaultWebSecurityManager
- All Implemented Interfaces:
- Authenticator, Authorizer, CacheManagerAware, SecurityManager, SessionManager, Destroyable, WebSecurityManager
public class DefaultWebSecurityManager
- extends DefaultSecurityManager
- implements WebSecurityManager
Default WebSecurityManager implementation used in web-based applications or any
application that requires HTTP connectivity (SOAP, http remoting, etc).
- Since:
- 0.2
| Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager |
bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbind |
| Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager |
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
| Methods inherited from interface org.apache.shiro.authz.Authorizer |
checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll |
HTTP_SESSION_MODE
@Deprecated
public static final String HTTP_SESSION_MODE
- Deprecated.
- See Also:
- Constant Field Values
NATIVE_SESSION_MODE
@Deprecated
public static final String NATIVE_SESSION_MODE
- Deprecated.
- See Also:
- Constant Field Values
DefaultWebSecurityManager
public DefaultWebSecurityManager()
DefaultWebSecurityManager
public DefaultWebSecurityManager(Realm singleRealm)
DefaultWebSecurityManager
public DefaultWebSecurityManager(Collection<Realm> realms)
createSubjectContext
protected SubjectContext createSubjectContext()
- Overrides:
createSubjectContext in class DefaultSecurityManager
setSubjectDAO
public void setSubjectDAO(SubjectDAO subjectDAO)
- Description copied from class:
DefaultSecurityManager
- Sets the
SubjectDAO responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services). Unless configured otherwise, the default
implementation is a DefaultSubjectDAO.
- Overrides:
setSubjectDAO in class DefaultSecurityManager
- Parameters:
subjectDAO - the SubjectDAO responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services).- See Also:
DefaultSubjectDAO
afterSessionManagerSet
protected void afterSessionManagerSet()
- Overrides:
afterSessionManagerSet in class SessionsSecurityManager
copy
protected SubjectContext copy(SubjectContext subjectContext)
- Overrides:
copy in class DefaultSecurityManager
getSessionMode
@Deprecated
public String getSessionMode()
- Deprecated.
setSessionMode
@Deprecated
public void setSessionMode(String sessionMode)
- Deprecated. since 1.2
- Parameters:
sessionMode -
setSessionManager
public void setSessionManager(SessionManager sessionManager)
- Description copied from class:
SessionsSecurityManager
- Sets the underlying delegate
SessionManager instance that will be used to support this implementation's
SessionManager method calls.
This SecurityManager implementation does not provide logic to support the inherited
SessionManager interface, but instead delegates these calls to an internal
SessionManager instance.
If a SessionManager instance is not set, a default one will be automatically created and
initialized appropriately for the the existing runtime environment.
- Overrides:
setSessionManager in class SessionsSecurityManager
- Parameters:
sessionManager - delegate instance to use to support this manager's SessionManager method calls.
isHttpSessionMode
public boolean isHttpSessionMode()
- Description copied from interface:
WebSecurityManager
- Security information needs to be retained from request to request, so Shiro makes use of a
session for this. Typically, a security manager will use the servlet container's HTTP session
but custom session implementations, for example based on EhCache, may also be used. This
method indicates whether the security manager is using the HTTP session or not.
- Specified by:
isHttpSessionMode in interface WebSecurityManager
- Returns:
true if the security manager is using the HTTP session; otherwise,
false.- Since:
- 1.0
createSessionManager
protected SessionManager createSessionManager(String sessionMode)
createSessionContext
protected SessionContext createSessionContext(SubjectContext subjectContext)
- Overrides:
createSessionContext in class DefaultSecurityManager
getSessionKey
protected SessionKey getSessionKey(SubjectContext context)
- Overrides:
getSessionKey in class DefaultSecurityManager
beforeLogout
protected void beforeLogout(Subject subject)
- Overrides:
beforeLogout in class DefaultSecurityManager
removeRequestIdentity
protected void removeRequestIdentity(Subject subject)
Copyright © 2004-2012 The Apache Software Foundation. All Rights Reserved.