| Package | Description |
|---|---|
| org.apache.shiro.mgt |
Provides the master
SecurityManager interface and a default implementation
hierarchy for managing all aspects of Shiro's functionality in an application. |
| org.apache.shiro.session |
Components related to managing sessions, the time-based data contexts in which a Subject
interacts with an application.
|
| org.apache.shiro.session.mgt |
SessionManager components supporting enterprise session management. |
| org.apache.shiro.session.mgt.eis |
EIS (Enterprise Information System)-tier components that can perform CRUD operations for sessions
using any EIS API.
|
| org.apache.shiro.subject |
Components supporting the
Subject interface, the most important concept in
Shiro's API. |
| org.apache.shiro.subject.support |
Concrete support implementations of most of the
org.apache.shiro.subject interfaces. |
| org.apache.shiro.web.mgt |
Components supporting web-specific
SecurityManager implementations. |
| org.apache.shiro.web.servlet |
Shiro-specific implementations of the Servlet API (Servlet Filters, et al).
|
| org.apache.shiro.web.session |
Components supporting Session management in web-enabled applications.
|
| org.apache.shiro.web.session.mgt | |
| org.apache.shiro.web.subject.support |
Supporting implementations of
org.apache.shiro.web.subject package interfaces. |
| Modifier and Type | Method and Description |
|---|---|
Session |
SessionsSecurityManager.getSession(SessionKey key) |
protected Session |
DefaultSecurityManager.resolveContextSession(SubjectContext context) |
Session |
SessionsSecurityManager.start(SessionContext context) |
| Modifier and Type | Method and Description |
|---|---|
protected Subject |
DefaultSubjectFactory.newSubjectInstance(PrincipalCollection principals,
boolean authenticated,
String host,
Session session,
SecurityManager securityManager)
Deprecated.
since 1.2 - override
DefaultSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext) directly if you
need to instantiate a custom Subject class. |
| Modifier and Type | Class and Description |
|---|---|
class |
ProxiedSession
Simple
Session implementation that immediately delegates all corresponding calls to an
underlying proxied session instance. |
| Modifier and Type | Field and Description |
|---|---|
protected Session |
ProxiedSession.delegate
The proxied instance
|
| Modifier and Type | Method and Description |
|---|---|
void |
SessionListenerAdapter.onExpiration(Session session)
Adapter no-op implementation - does nothing and returns immediately.
|
void |
SessionListener.onExpiration(Session session)
Notification callback that occurs when the corresponding Session has expired.
|
void |
SessionListenerAdapter.onStart(Session session)
Adapter no-op implementation - does nothing and returns immediately.
|
void |
SessionListener.onStart(Session session)
Notification callback that occurs when the corresponding Session has started.
|
void |
SessionListenerAdapter.onStop(Session session)
Adapter no-op implementation - does nothing and returns immediately.
|
void |
SessionListener.onStop(Session session)
Notification callback that occurs when the corresponding Session has stopped, either programmatically via
stop() or automatically upon a subject logging out. |
| Constructor and Description |
|---|
ProxiedSession(Session target)
Constructs an instance that proxies the specified
target. |
| Modifier and Type | Interface and Description |
|---|---|
interface |
ValidatingSession
A
ValidatingSession is a Session that is capable of determining it is valid or not and
is able to validate itself if necessary. |
| Modifier and Type | Class and Description |
|---|---|
class |
DelegatingSession
A DelegatingSession is a client-tier representation of a server side
Session. |
class |
ImmutableProxiedSession
Implementation of the
Session interface that proxies another Session, but does not
allow any 'write' operations to the underlying session. |
class |
SimpleSession
Simple
Session JavaBeans-compatible POJO implementation, intended to be used on the
business/server tier. |
| Modifier and Type | Method and Description |
|---|---|
protected Session |
AbstractNativeSessionManager.beforeInvalidNotification(Session session)
Returns the session instance to use to pass to registered
SessionListeners for notification
that the session has been invalidated (stopped or expired). |
protected Session |
AbstractNativeSessionManager.createExposedSession(Session session,
SessionContext context) |
protected Session |
AbstractNativeSessionManager.createExposedSession(Session session,
SessionKey key) |
Session |
SimpleSessionFactory.createSession(SessionContext initData)
Creates a new
SimpleSession instance retaining the context's
host if one can be found. |
Session |
SessionFactory.createSession(SessionContext initData)
Creates a new
Session instance based on the specified contextual initialization data. |
protected Session |
AbstractValidatingSessionManager.createSession(SessionContext context) |
protected abstract Session |
AbstractNativeSessionManager.createSession(SessionContext context)
Creates a new
Session Session instance based on the specified (possibly null)
initialization data. |
protected Session |
DefaultSessionManager.doCreateSession(SessionContext context) |
protected abstract Session |
AbstractValidatingSessionManager.doCreateSession(SessionContext initData) |
protected Session |
AbstractValidatingSessionManager.doGetSession(SessionKey key) |
protected abstract Session |
AbstractNativeSessionManager.doGetSession(SessionKey key) |
Session |
SessionManager.getSession(SessionKey key)
Retrieves the session corresponding to the specified contextual data (such as a session ID if applicable), or
null if no Session could be found. |
Session |
AbstractNativeSessionManager.getSession(SessionKey key) |
protected Session |
DefaultSessionManager.newSessionInstance(SessionContext context) |
protected Session |
DefaultSessionManager.retrieveSession(SessionKey sessionKey) |
protected abstract Session |
AbstractValidatingSessionManager.retrieveSession(SessionKey key)
Looks up a session from the underlying data store based on the specified session key.
|
protected Session |
DefaultSessionManager.retrieveSessionFromDataSource(Serializable sessionId) |
Session |
SessionManager.start(SessionContext context)
Starts a new session based on the specified contextual initialization data, which can be used by the underlying
implementation to determine how exactly to create the internal Session instance.
|
Session |
AbstractNativeSessionManager.start(SessionContext context) |
| Modifier and Type | Method and Description |
|---|---|
protected Collection<Session> |
DefaultSessionManager.getActiveSessions() |
protected abstract Collection<Session> |
AbstractValidatingSessionManager.getActiveSessions() |
| Modifier and Type | Method and Description |
|---|---|
protected void |
DefaultSessionManager.afterExpired(Session session) |
protected void |
AbstractValidatingSessionManager.afterExpired(Session session) |
protected void |
DefaultSessionManager.afterStopped(Session session) |
protected void |
AbstractNativeSessionManager.afterStopped(Session session) |
protected void |
AbstractNativeSessionManager.applyGlobalSessionTimeout(Session session) |
protected Session |
AbstractNativeSessionManager.beforeInvalidNotification(Session session)
Returns the session instance to use to pass to registered
SessionListeners for notification
that the session has been invalidated (stopped or expired). |
protected void |
DefaultSessionManager.create(Session session)
Persists the given session instance to an underlying EIS (Enterprise Information System).
|
protected Session |
AbstractNativeSessionManager.createExposedSession(Session session,
SessionContext context) |
protected Session |
AbstractNativeSessionManager.createExposedSession(Session session,
SessionKey key) |
protected void |
DefaultSessionManager.delete(Session session) |
protected void |
AbstractValidatingSessionManager.doValidate(Session session) |
protected long |
AbstractValidatingSessionManager.getTimeout(Session session)
Subclass template hook in case per-session timeout is not based on
getTimeout(). |
protected void |
AbstractNativeSessionManager.notifyExpiration(Session session) |
protected void |
AbstractNativeSessionManager.notifyStart(Session session)
Notifies any interested
SessionListeners that a Session has started. |
protected void |
AbstractNativeSessionManager.notifyStop(Session session) |
protected void |
DefaultSessionManager.onChange(Session session) |
protected void |
AbstractNativeSessionManager.onChange(Session s) |
protected void |
DefaultSessionManager.onExpiration(Session session) |
protected void |
AbstractValidatingSessionManager.onExpiration(Session session) |
protected void |
AbstractValidatingSessionManager.onExpiration(Session s,
ExpiredSessionException ese,
SessionKey key) |
protected void |
AbstractValidatingSessionManager.onInvalidation(Session s,
InvalidSessionException ise,
SessionKey key) |
protected void |
AbstractNativeSessionManager.onStart(Session session,
SessionContext context)
Template method that allows subclasses to react to a new session being created.
|
protected void |
DefaultSessionManager.onStop(Session session) |
protected void |
AbstractNativeSessionManager.onStop(Session session) |
protected void |
AbstractNativeSessionManager.onStop(Session session,
SessionKey key) |
protected void |
AbstractValidatingSessionManager.validate(Session session,
SessionKey key) |
| Constructor and Description |
|---|
ImmutableProxiedSession(Session target)
Constructs a new instance of this class proxying the specified
Session. |
| Modifier and Type | Method and Description |
|---|---|
protected Session |
MemorySessionDAO.doReadSession(Serializable sessionId) |
protected Session |
EnterpriseCacheSessionDAO.doReadSession(Serializable sessionId) |
protected abstract Session |
AbstractSessionDAO.doReadSession(Serializable sessionId)
Subclass implementation hook that retrieves the Session object from the underlying EIS or
null if a
session with that ID could not be found. |
protected Session |
CachingSessionDAO.getCachedSession(Serializable sessionId)
Returns the cached session with the corresponding
sessionId or null if there is
no session cached under that id (or if there is no Cache). |
protected Session |
CachingSessionDAO.getCachedSession(Serializable sessionId,
Cache<Serializable,Session> cache)
Returns the Session with the specified id from the specified cache.
|
Session |
SessionDAO.readSession(Serializable sessionId)
Retrieves the session from the EIS uniquely identified by the specified
sessionId. |
Session |
CachingSessionDAO.readSession(Serializable sessionId)
Attempts to acquire the Session from the cache first using the session ID as the cache key.
|
Session |
AbstractSessionDAO.readSession(Serializable sessionId)
Retrieves the Session object from the underlying EIS identified by sessionId by delegating to
the
AbstractSessionDAO.doReadSession(java.io.Serializable) method. |
protected Session |
MemorySessionDAO.storeSession(Serializable id,
Session session) |
| Modifier and Type | Method and Description |
|---|---|
protected Cache<Serializable,Session> |
CachingSessionDAO.createActiveSessionsCache()
Creates a cache instance used to store active sessions.
|
Collection<Session> |
SessionDAO.getActiveSessions()
Returns all sessions in the EIS that are considered active, meaning all sessions that
haven't been stopped/expired.
|
Collection<Session> |
MemorySessionDAO.getActiveSessions() |
Collection<Session> |
CachingSessionDAO.getActiveSessions()
Returns all active sessions in the system.
|
Cache<Serializable,Session> |
CachingSessionDAO.getActiveSessionsCache()
Returns the cache instance to use for storing active sessions.
|
| Modifier and Type | Method and Description |
|---|---|
protected void |
AbstractSessionDAO.assignSessionId(Session session,
Serializable sessionId)
Utility method available to subclasses that wish to
assign a generated session ID to the session instance directly.
|
protected void |
CachingSessionDAO.cache(Session session,
Serializable sessionId)
Caches the specified session under the cache entry key of
sessionId. |
protected void |
CachingSessionDAO.cache(Session session,
Serializable sessionId,
Cache<Serializable,Session> cache)
Caches the specified session in the given cache under the key of
sessionId. |
Serializable |
SessionDAO.create(Session session)
Inserts a new Session record into the underling EIS (e.g.
|
Serializable |
CachingSessionDAO.create(Session session)
Calls
super.create(session), then caches the session keyed by the returned sessionId, and then
returns this sessionId. |
Serializable |
AbstractSessionDAO.create(Session session)
Creates the session by delegating EIS creation to subclasses via the
AbstractSessionDAO.doCreate(org.apache.shiro.session.Session) method, and then
asserting that the returned sessionId is not null. |
void |
SessionDAO.delete(Session session)
Deletes the associated EIS record of the specified
session. |
void |
MemorySessionDAO.delete(Session session) |
void |
CachingSessionDAO.delete(Session session)
Removes the specified session from any cache and then permanently deletes the session from the EIS by
delegating to
CachingSessionDAO.doDelete(org.apache.shiro.session.Session). |
protected Serializable |
MemorySessionDAO.doCreate(Session session) |
protected Serializable |
EnterpriseCacheSessionDAO.doCreate(Session session) |
protected abstract Serializable |
AbstractSessionDAO.doCreate(Session session)
Subclass hook to actually persist the given Session instance to the underlying EIS.
|
protected void |
EnterpriseCacheSessionDAO.doDelete(Session session) |
protected abstract void |
CachingSessionDAO.doDelete(Session session)
Subclass implementation hook to permanently delete the given Session from the underlying EIS.
|
protected void |
EnterpriseCacheSessionDAO.doUpdate(Session session) |
protected abstract void |
CachingSessionDAO.doUpdate(Session session)
Subclass implementation hook to actually persist the
Session's state to the underlying EIS. |
Serializable |
SessionIdGenerator.generateId(Session session)
Generates a new ID to be applied to the specified
Session instance. |
Serializable |
RandomSessionIdGenerator.generateId(Session session)
Returns the String value of the configured
Random's nextLong() invocation. |
Serializable |
JavaUuidSessionIdGenerator.generateId(Session session)
Ignores the method argument and simply returns
UUID. |
protected Serializable |
AbstractSessionDAO.generateSessionId(Session session)
Generates a new ID to be applied to the specified
session instance. |
protected Session |
MemorySessionDAO.storeSession(Serializable id,
Session session) |
protected void |
CachingSessionDAO.uncache(Session session)
Removes the specified Session from the cache.
|
void |
SessionDAO.update(Session session)
Updates (persists) data from a previously created Session instance in the EIS identified by
{@link Session#getId() session.getId()}. |
void |
MemorySessionDAO.update(Session session) |
void |
CachingSessionDAO.update(Session session)
Updates the state of the given session to the EIS by first delegating to
CachingSessionDAO.doUpdate(org.apache.shiro.session.Session). |
| Modifier and Type | Method and Description |
|---|---|
protected void |
CachingSessionDAO.cache(Session session,
Serializable sessionId,
Cache<Serializable,Session> cache)
Caches the specified session in the given cache under the key of
sessionId. |
protected Session |
CachingSessionDAO.getCachedSession(Serializable sessionId,
Cache<Serializable,Session> cache)
Returns the Session with the specified id from the specified cache.
|
void |
CachingSessionDAO.setActiveSessionsCache(Cache<Serializable,Session> cache)
Sets the cache instance to use for storing active sessions.
|
| Modifier and Type | Method and Description |
|---|---|
Session |
SubjectContext.getSession()
Returns the
Session to use when building the Subject instance. |
Session |
Subject.getSession()
Returns the application
Session associated with this Subject. |
Session |
Subject.getSession(boolean create)
Returns the application
Session associated with this Subject. |
Session |
SubjectContext.resolveSession() |
| Modifier and Type | Method and Description |
|---|---|
Subject.Builder |
Subject.Builder.session(Session session)
Ensures the
Subject being built will use the specified Session instance. |
void |
SubjectContext.setSession(Session session)
Sets the
Session to use when building the Subject instance. |
| Modifier and Type | Field and Description |
|---|---|
protected Session |
DelegatingSubject.session |
| Modifier and Type | Method and Description |
|---|---|
protected Session |
DelegatingSubject.decorate(Session session) |
Session |
DelegatingSubject.getSession() |
Session |
DefaultSubjectContext.getSession() |
Session |
DelegatingSubject.getSession(boolean create) |
Session |
DefaultSubjectContext.resolveSession() |
| Modifier and Type | Method and Description |
|---|---|
protected Session |
DelegatingSubject.decorate(Session session) |
void |
DefaultSubjectContext.setSession(Session session) |
| Constructor and Description |
|---|
DelegatingSubject(PrincipalCollection principals,
boolean authenticated,
String host,
Session session,
boolean sessionCreationEnabled,
SecurityManager securityManager) |
DelegatingSubject(PrincipalCollection principals,
boolean authenticated,
String host,
Session session,
SecurityManager securityManager) |
| Modifier and Type | Method and Description |
|---|---|
protected Subject |
DefaultWebSubjectFactory.newSubjectInstance(PrincipalCollection principals,
boolean authenticated,
String host,
Session session,
ServletRequest request,
ServletResponse response,
SecurityManager securityManager)
Deprecated.
since 1.2 - override
DefaultWebSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext) directly if you
need to instantiate a custom Subject class. |
| Modifier and Type | Field and Description |
|---|---|
protected Session |
ShiroHttpSession.session |
| Modifier and Type | Method and Description |
|---|---|
Session |
ShiroHttpSession.getSession() |
| Constructor and Description |
|---|
ShiroHttpSession(Session session,
HttpServletRequest currentRequest,
ServletContext servletContext) |
| Modifier and Type | Class and Description |
|---|---|
class |
HttpServletSession
Session implementation that is backed entirely by a standard servlet container
HttpSession instance. |
| Modifier and Type | Method and Description |
|---|---|
protected Session |
DefaultWebSessionManager.createExposedSession(Session session,
SessionContext context) |
protected Session |
DefaultWebSessionManager.createExposedSession(Session session,
SessionKey key) |
protected Session |
ServletContainerSessionManager.createSession(HttpSession httpSession,
String host) |
protected Session |
ServletContainerSessionManager.createSession(SessionContext sessionContext) |
Session |
ServletContainerSessionManager.getSession(SessionKey key) |
Session |
ServletContainerSessionManager.start(SessionContext context) |
| Modifier and Type | Method and Description |
|---|---|
protected Session |
DefaultWebSessionManager.createExposedSession(Session session,
SessionContext context) |
protected Session |
DefaultWebSessionManager.createExposedSession(Session session,
SessionKey key) |
protected void |
DefaultWebSessionManager.onExpiration(Session s,
ExpiredSessionException ese,
SessionKey key) |
protected void |
DefaultWebSessionManager.onInvalidation(Session session,
InvalidSessionException ise,
SessionKey key) |
protected void |
DefaultWebSessionManager.onStart(Session session,
SessionContext context)
Stores the Session's ID, usually as a Cookie, to associate with future requests.
|
protected void |
DefaultWebSessionManager.onStop(Session session,
SessionKey key) |
| Constructor and Description |
|---|
WebDelegatingSubject(PrincipalCollection principals,
boolean authenticated,
String host,
Session session,
boolean sessionEnabled,
ServletRequest request,
ServletResponse response,
SecurityManager securityManager) |
WebDelegatingSubject(PrincipalCollection principals,
boolean authenticated,
String host,
Session session,
ServletRequest request,
ServletResponse response,
SecurityManager securityManager) |
Copyright © 2004–2017 The Apache Software Foundation. All rights reserved.