public class DefaultWebSecurityManager extends DefaultSecurityManager implements WebSecurityManager
WebSecurityManager implementation used in web-based applications or any
application that requires HTTP connectivity (SOAP, http remoting, etc).| Modifier and Type | Field and Description |
|---|---|
static String |
HTTP_SESSION_MODE
Deprecated.
|
static String |
NATIVE_SESSION_MODE
Deprecated.
|
rememberMeManager, subjectDAO, subjectFactory| Constructor and Description |
|---|
DefaultWebSecurityManager() |
DefaultWebSecurityManager(Collection<Realm> realms) |
DefaultWebSecurityManager(Realm singleRealm) |
| Modifier and Type | Method and Description |
|---|---|
protected void |
afterSessionManagerSet() |
protected void |
beforeLogout(Subject subject) |
protected SubjectContext |
copy(SubjectContext subjectContext) |
protected SessionContext |
createSessionContext(SubjectContext subjectContext) |
protected SessionManager |
createSessionManager(String sessionMode) |
protected SubjectContext |
createSubjectContext() |
protected SessionKey |
getSessionKey(SubjectContext context) |
String |
getSessionMode()
Deprecated.
|
boolean |
isHttpSessionMode()
Security information needs to be retained from request to request, so Shiro makes use of a
session for this.
|
protected void |
removeRequestIdentity(Subject subject) |
void |
setSessionManager(SessionManager sessionManager)
Sets the underlying delegate
SessionManager instance that will be used to support this implementation's
SessionManager method calls. |
void |
setSessionMode(String sessionMode)
Deprecated.
since 1.2
|
void |
setSubjectDAO(SubjectDAO subjectDAO)
Sets the
SubjectDAO responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services). |
bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbindafterCacheManagerSet, afterEventBusSet, applyCacheManagerToSessionManager, applyEventBusToSessionManager, destroy, getSession, getSessionManager, startafterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizerauthenticate, getAuthenticator, setAuthenticatorapplyCacheManagerToRealms, applyEventBusToRealms, getRealms, setRealm, setRealmsapplyEventBusToCacheManager, getCacheManager, getEventBus, setCacheManager, setEventBusclone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitcreateSubject, login, logoutauthenticatecheckPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAllgetSession, start@Deprecated public static final String HTTP_SESSION_MODE
@Deprecated public static final String NATIVE_SESSION_MODE
public DefaultWebSecurityManager()
public DefaultWebSecurityManager(Realm singleRealm)
public DefaultWebSecurityManager(Collection<Realm> realms)
protected SubjectContext createSubjectContext()
createSubjectContext in class DefaultSecurityManagerpublic void setSubjectDAO(SubjectDAO subjectDAO)
DefaultSecurityManagerSubjectDAO responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services). Unless configured otherwise, the default
implementation is a DefaultSubjectDAO.setSubjectDAO in class DefaultSecurityManagersubjectDAO - the SubjectDAO responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services).DefaultSubjectDAOprotected void afterSessionManagerSet()
afterSessionManagerSet in class SessionsSecurityManagerprotected SubjectContext copy(SubjectContext subjectContext)
copy in class DefaultSecurityManager@Deprecated public String getSessionMode()
@Deprecated public void setSessionMode(String sessionMode)
sessionMode - public void setSessionManager(SessionManager sessionManager)
SessionsSecurityManagerSessionManager instance that will be used to support this implementation's
SessionManager method calls.
This SecurityManager implementation does not provide logic to support the inherited
SessionManager interface, but instead delegates these calls to an internal
SessionManager instance.
If a SessionManager instance is not set, a default one will be automatically created and
initialized appropriately for the the existing runtime environment.setSessionManager in class SessionsSecurityManagersessionManager - delegate instance to use to support this manager's SessionManager method calls.public boolean isHttpSessionMode()
WebSecurityManagerisHttpSessionMode in interface WebSecurityManagertrue if the security manager is using the HTTP session; otherwise,
false.protected SessionManager createSessionManager(String sessionMode)
protected SessionContext createSessionContext(SubjectContext subjectContext)
createSessionContext in class DefaultSecurityManagerprotected SessionKey getSessionKey(SubjectContext context)
getSessionKey in class DefaultSecurityManagerprotected void beforeLogout(Subject subject)
beforeLogout in class DefaultSecurityManagerprotected void removeRequestIdentity(Subject subject)
Copyright © 2004–2016 The Apache Software Foundation. All rights reserved.