|
||||||||||
PREV NEXT | FRAMES NO FRAMES |
AuthenticationStrategy
implementations.Authenticator
implementations that performs the common work around authentication
attempts.CacheManager
implementation that retains all created Cache
instances in
an in-memory ConcurrentMap
.ConcurrentMap
.
SimpleHash
implementation directly.source
with no salt
using a single hash iteration.
source
using the given salt
using a single hash iteration.
source
using the given salt
a total of
hashIterations
times.
Realm
that authenticates with an LDAP
server to build the Subject for a user.NativeSessionManager
interface, supporting
SessionListener
s and application of the
globalSessionTimeout
.RememberMeManager
interface that handles
serialization
and
encryption
of the remembered user identity.DefaultSerializer
as the serializer
and
an AesCipherService
as the cipherService
.
SessionDAO
implementation that performs some sanity checks on session creation and reading and
allows for pluggable Session ID generation strategies if desired.sessionIdGenerator
to be a
JavaUuidSessionIdGenerator
.
SessionManager
interface, enabling configuration of an
application-wide globalSessionTimeout
.ValidatingSessionManager
interface.AuthenticationInfo
and
AuthorizationInfo
and represents authentication and authorization for a single account in a
single Realm.shiro-activeSessionCache
.
Realm
that authenticates with an active directory LDAP
server to determine the roles for a particular user.CipherService
using the AES
cipher algorithm for all encryption, decryption, and key operations.CipherService
instance using the AES
cipher algorithm with the following
important cipher default attributes:
Attribute
Value
keySize
128
bits
blockSize
128
bits (required for AES
mode
CBC
*
paddingScheme
PKCS5
initializationVectorSize
128
bits
generateInitializationVectors
true
**
* The CBC
operation mode is used instead of the JDK default ECB
to
ensure strong encryption.
aggregate
argument without modification.
aggregate
method argument is not null
and
aggregate.getPrincipals()
is not null
, and if either is null
, throws an AuthenticationException to indicate
that none of the realms authenticated successfully.
singleRealmInfo
into the
aggregateInfo
and then returns the aggregate.
info
into the aggregate
argument and returns it (just as the
parent implementation does), but additionally ensures the following:
if the Throwable
argument is not null
, re-throws it to immediately cancel the
authentication process, since this strategy requires all realms to authenticate successfully.
neither the info
or aggregate
argument is null
to ensure that each
realm did in fact authenticate successfully
CacheManager
has been set and is available for use via the
getCacheManager()
method.
applyCacheManagerToRealms()
to allow the
newly set CacheManager
to be propagated to the internal collection of Realm
that would need to use it.
super.afterCacheManagerSet()
and then immediately calls
applyCacheManagerToSessionManager()
to ensure the
CacheManager
is applied to the SessionManager as necessary.
CacheManager
instance being set on the realm instance via the
CachingRealm.setCacheManager(org.apache.shiro.cache.CacheManager)
mutator.
realms
to the internal delegate Authenticator
instance so
that it may use them during authentication attempts.
super.afterRealmsSet()
and then sets these same Realm
objects on this
instance's wrapped Authorizer
.
true
when matching credentials no matter what arguments
are passed in.implies
method always returns true.AnnotationHandler
who processes annotations of the
specified type.
AnnotationMethodInterceptor
with the
AnnotationHandler
that will be used to process annotations of a
corresponding type.
AnnotationMethodInterceptor
with the
AnnotationHandler
that will be used to process annotations of a
corresponding type, using the specified AnnotationResolver
to acquire annotations
at runtime.
methodInterceptors
attribute to contain two interceptors by default - the
RoleAnnotationMethodInterceptor
and the
PermissionAnnotationMethodInterceptor
to
support role and permission annotations.
CacheManager
on any internal configured
Realms
that implement the CacheManagerAware
interface.
SessionManager
is injected with the newly set
CacheManager
so it may use it for its internal caching needs.
ModularRealmAuthorizer.getPermissionResolver()
on any internal configured
Realms
that implement the PermissionResolverAware
interface.
ModularRealmAuthorizer.getRolePermissionResolver()
on any internal configured
Realms
that implement the RolePermissionResolverAware
interface.
methodInterceptors
collection, and for each one,
ensures that if the interceptor
supports
the invocation, that the interceptor
asserts
that the invocation is authorized to proceed.
Subject
is authenticated, and if not, throws an
UnauthenticatedException
indicating the method is not allowed to be executed.
MethodInvocation
.
Subject
is NOT a user, that is, they do not
have an identity
before continuing.
Subject
has the Annotation's specified permissions, and if not, throws an
AuthorizingException
indicating access is denied.
Subject
has the Annotation's specified roles, and if not, throws an
AuthorizingException
indicating that access is denied.
Subject
is a user, that is, they are either
authenticated
or remembered via remember
me services before allowing access, and if not, throws an
AuthorizingException
indicating access is not allowed.
AuthenticationToken
's credentials match the stored account
AuthenticationInfo
's credentials, and if not, throws an AuthenticationException
.
Authorizer
implementation methods to ensure that the realms
has been set.
Callable
instance matching the given argument while additionally ensuring that it will
retain and execute under this Subject's identity.
Runnable
instance matching the given argument while additionally ensuring that it will
retain and execute under this Subject's identity.
Runnable
with the currently executing subject
and then return the associated Runnable.
Authenticator
interface that functions in the following manner:
Calls template doAuthenticate
method for subclass execution of the actual
authentication behavior.
If an AuthenticationException
is thrown during doAuthenticate
,
notify
any registered
AuthenticationListener
s of the exception and then propogate the exception
for the caller to handle.
If no exception is thrown (indicating a successful login),
notify
any registered
AuthenticationListener
s of the successful attempt.
Return the AuthenticationInfo
AuthenticationToken
.
Authenticator
for authentication.
Subject
being built will be considered
authenticated
.
RequiresAuthentication
annotations and ensures the calling subject is
authenticated before allowing access.RequiresAuthentication
annotations.
RequiresAuthenticated
annotation
is declared, and if so, ensures the calling
Subject
.isAuthenticated()
before invoking
the method.RequiresAuthentication
annotations in a method
declaration.
SecurityManager
class hierarchy that delegates all
authentication operations to a wrapped Authenticator
instance.authenticator
instance to a
ModularRealmAuthenticator
.
AuthenticationInfo
represents a Subject's (aka user's) stored account information relevant to the
authentication/log-in process only.AuthenticationListener
listens for notifications while Subject
s authenticate with the system.AuthenticationStrategy
implementation assists the ModularRealmAuthenticator
during the
log-in process in a pluggable realm (PAM) environment.AuthorizationInfo
represents a single Subject's stored authorization data (roles, permissions, etc)
used during authorization (access control) checks only.AuthorizingAnnotationHandler
who processes annotations of the
specified type.
handler
is set which will be used to perform the
authorization assertion checks when a supported annotation is encountered.
AuthorizingRealm
extends the AuthenticatingRealm
's capabilities by adding Authorization
(access control) support.SecurityManager
class hierarchy that delegates all
authorization (access control) operations to a wrapped Authorizer
instance.ModularRealmAuthorizer
.
HashFormat
that outputs only the hash's digest bytes in Base64 format.new SimpleAuthenticationInfo
();
, which supports
aggregating account data across realms.
token
- called before any Realm
is actually invoked.
null
immediately, relying on this class's merge
implementation to return
only the first info
object it encounters, ignoring all subsequent ones.
aggregate
method argument, without modification.
Realm
supports
the given
token
argument.
SessionListener
s for notification
that the session has been invalidated (stopped or expired).
save(subject)
.
Subject
and SecurityManager
to the
ThreadContext
so they can be retrieved later by any
SecurityUtils.
getSubject()
calls that might occur
during the thread's execution.
CipherService
using the Blowfish
cipher algorithm for all encryption, decryption, and key operations.CipherService
instance using the Blowfish
cipher algorithm with the following
important cipher default attributes:
Attribute
Value
keySize
128
bits
blockSize
64
bits (required for Blowfish
)
mode
CBC
*
paddingScheme
PKCS5
initializationVectorSize
64
bits
generateInitializationVectors
true
**
* The CBC
operation mode is used instead of the JDK default ECB
to
ensure strong encryption.
HashRequest
instance reflecting the specified configuration.
Subject
instance reflecting the cumulative state acquired by the
other methods in this class.
ByteSource
instance representing the specified byte array.
ByteSource
instance representing the specified character array's bytes.
ByteSource
instance representing the specified string's bytes.
ByteSource
instance representing the specified ByteSource.
ByteSource
instance representing the specified File's bytes.
ByteSource
instance representing the specified InputStream's bytes.
ByteSource
instance representing the specified byte source argument.
ByteSource
wraps a byte array and provides additional encoding operations.sessionId
.
sessionId
.
CacheException
.
CacheException
.
CacheException
.
CacheException
.
Cache
instances.Realm
interface that provides caching support for subclasses.cachingEnabled
(for general caching) to true
and sets a
default name
based on the class name.
Permission.implies(Permission)
implies} the specified Permission.
isPermitted(permission)
, throws
an UnauthorizedException
otherwise returns quietly.
isPermitted(permission)
, throws
an UnauthorizedException
otherwise returns quietly.
implies
the specified Permission
.
implies
all of the
specified permission strings.
implies
all of the
specified permission strings.
isPermitted(permission)
,
throws an UnauthorizedException
otherwise returns quietly.
isPermitted(permission)
for
all the given Permissions, throws
an UnauthorizedException
otherwise returns quietly.
implies
all of the
specified permission strings.
implies
all of the
specified permission strings.
AuthorizationException
if they do not.
hasRole(role)
, throws
an UnauthorizedException
otherwise returns quietly.
AuthorizationException
if they do not.
AuthorizationException
if they do not.
checkRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers)
but doesn't require a collection
as an argument.
checkRole
for each role specified.
AuthorizationException
if they do not.
checkRoles(Collection roleIdentifiers)
but
doesn't require a collection as a an argument.
InvalidSessionException
indicating that the session id is invalid.
CipherService
uses a cryptographic algorithm called a
Cipher to convert an original input source using a key
to
an uninterpretable format.classpath:
Class
es, such as acquiring them from the
application ClassLoader
s and instantiating Objects from them.removes
the ThreadContext
state.
ThreadContext
state.
InputStream
, logging any
IOException
that might occur.
CodecException
.
CodecException
.
CodecException
.
CodecException
.
HashService
that allows configuration of its strategy via JavaBeans-compatible setter methods.Map
used to construct the
Subject
instance.
cipherService
is available, it will be used to first decrypt the byte array.
salt
argument's bytes and returns them in the form of a ByteSource
instance.
source
argument's bytes and returns them in the form of a ByteSource
instance.
AbstractSessionDAO.doCreate(org.apache.shiro.session.Session)
method, and then
asserting that the returned sessionId is not null.
super.create(session)
, then caches the session keyed by the returned sessionId
, and then
returns this sessionId
.
AuthenticationInfo
resulting from a Subject's successful LDAP authentication attempt.
Cache
instance associated with the specified name
.
MapCache
instance backed by a SoftHashMap
.
InitialLdapContext
instance.
Realm
from the Ini instance containing account data.
Session Session
instance based on the specified (possibly null
)
initialization data.
Session
instance based on the specified contextual initialization data.
SimpleSession
instance retaining the context's
host
if one can be found.
Subject
instance for the user represented by the given method arguments.
SubjectContext
is as populated as it can be, using heuristics to acquire
data that may not have already been available to it (such as a referenced session or remembered principals).
Calls DefaultSecurityManager.doCreateSubject(org.apache.shiro.subject.SubjectContext)
to actually perform the
Subject
instance creation.
calls save(subject)
to ensure the constructed
Subject
's state is accessible for future requests/invocations if necessary.
returns the constructed Subject
instance.
Subject
instance reflecting the specified contextual data.
InputStream
, decrypts it, and sends the resulting decrypted data
to the given OutputStream
.
cipherService
.
','
30
minutes.
JdbcRealm.saltStyle
is COLUMN.
SecurityManager
instance may be acquired, equal to
securityManager
.
AbstractValidatingSessionManager.setSessionValidationInterval(long)
AnnotationResolver
implementation that merely inspects the
MethodInvocation
's target method
,
and returns targetMethod
.getAnnotation(class)
.DefaultBlockCipherService
using the specified block cipher algorithmName
.
Environment
implementation that stores Shiro objects as key-value pairs in a
Map
instance.ConcurrentHashMap
backing map.
HashFormatFactory
implementation heuristically determines a HashFormat
class to
instantiate based on the input argument and returns a new instance of the discovered class.HashService
interface, supporting a customizable hash algorithm name,
secure-random salt generation, multiple hash iterations and an optional internal
privateSalt
.DefaultHashService
instance with the following defaults:
hashAlgorithmName
= SHA-512
hashIterations
= 1
randomNumberGenerator
=
new SecureRandomNumberGenerator
()
generatePublicSalt
= false
If this hashService will be used for password hashing it is recommended to set the
privateSalt
and significantly increase the number of
hashIterations
.
JndiLdapContextFactory
implementation. This implementation will be removed
prior to Shiro 2.0PasswordService
interface that relies on an internal
HashService
, HashFormat
, and HashFormatFactory
to function:SecurityManager
interface,
based around a collection of Realm
s.realms
.
SessionContext
interface which provides getters and setters that
wrap interaction with the underlying backing context map.SessionKey
interface, which allows setting and retrieval of a concrete
sessionId
that the SessionManager
implementation can use to look up a
Session
instance.ValidatingSessionManager
.SessionStorageEvaluator
that provides reasonable control over if and how Sessions may be used for
storing Subject state.SubjectContext
interface.SubjectDAO
implementation that stores Subject state in the Subject's Session by default (but this
can be disabled - see below).SubjectFactory
implementation that creates DelegatingSubject
instances.Session
.Subject
interface that delegates
method calls to an underlying SecurityManager
instance for security checks.DefaultSecurityManager.logout(org.apache.shiro.subject.Subject)
..
Subject
instance.
CachingSessionDAO.doDelete(org.apache.shiro.session.Session)
.
session
.
ObjectInputStream
using a source
ByteArrayInputStream
constructed with the argument byte array.
serialized
source back into an Object by using a
ByteArrayInputStream
to wrap the argument and then decode this
stream via an XMLDecoder
, where the
readObject
call results in the original Object to return.
serializer
's
deserialize
method.
destroys
all of it's managed caches and then
clears
out the internally referenced cache map.
cacheManager
via LifecycleUtils.destroy
.
destroy
for each object in the collection.
Subject
session
, but that Subject
's sessions are disabled.Realm
s.
AuthenticatingRealm.clearCachedAuthenticationInfo(org.apache.shiro.subject.PrincipalCollection)
.
super.doClearCache
to ensure any cached authentication data is removed and then calls
AuthorizingRealm.clearCachedAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection)
to remove any cached
authorization data.
Subject
instance by delegating to the internal
subjectFactory
.
true
always no matter what the method arguments are.
true
if the provided token credentials match the stored account credentials,
false
otherwise.
token
's credentials, potentially using a
salt
if the info
argument is a
SaltedAuthenticationInfo
.
token
's credentials
(via getCredentials(token)
)
and then the account
's credentials
(via getCredentials(account)
) and then passes both of
them to the equals(tokenCredentials, accountCredentials)
method for equality
comparison.
JndiLdapRealm.queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken, LdapContextFactory)
,
wrapping any NamingException
s in a Shiro AuthenticationException
to satisfy the parent method
signature.
name
path
against the given pattern
.
AuthenticationStrategy
object
as each realm is consulted for AuthenticationInfo
for the specified token
.
null
if a
session with that ID could not be found.
Runnable
's run()
method.
Session
's state to the underlying EIS.
ScheduledExecutorService
to validate sessions at fixed intervals
and enables this scheduler.
H64
-encoded String.
InputStream
, encrypts it, and sends the resulting encrypted data to the
given OutputStream
.
cipherService
.
SecurityManager
instance in the context, and if not, adds 'this' to the
context.
Environment
instance encapsulates all of the objects that Shiro requires to function.Environment
instances or configuration.true
if the tokenCredentials
argument is logically equal to the
accountCredentials
argument.
true
if the specified object is also a SimpleAccount
and its
principals
are equal to this object's principals
, false
otherwise.
true
if the Object argument is an instanceof SimpleAuthenticationInfo
and
its principals
are equal to this instance's principals, false
otherwise.
true
if the specified object is a Hash and its byte array
is identical to
this Hash's byte array, false
otherwise.
true
if the specified object is a Hash and its byte array
is identical to
this Hash's byte array, false
otherwise.
true
if the specified argument is an instanceof
SimpleSession
and both
id
s are equal.
Subject
and then
dispatches the associated Runnable to the underlying target Executor
instance.
Callable
with this Subject
instance and then executes it on the
currently running thread.
Runnable
with this Subject
instance and then executes it on the
currently running thread.
Subject
executes a
Callable
.ScheduledExecutorService
to call ValidatingSessionManager.validateSessions()
every
interval
milliseconds.file:
AuthenticationStrategy
implementation that only accepts the account data from
the first successfully consulted Realm and ignores all subsequent realms.Subject
instance.
hash != null ? hash.toBase64() : null
.
hash != null ? hash.toHex() : null
.
context class loader
, then the
current ClassLoader (ClassUtils.class.getClassLoader()
), then the system/application
ClassLoader (ClassLoader.getSystemClassLoader()
, in that order.
Ini
instance loaded with the INI-formatted data in the resource at the given path.
UUID
.randomUUID()
.toString()
.
Random
's nextLong()
invocation.
Session
instance.
Key
suitable for this CipherService's algorithm
by calling generateNewKey(128)
(uses a 128 bit size by default).
Key
of the specified size suitable for this CipherService
(based on the algorithmName
using the JDK KeyGenerator
.
session
instance.
key
or
null
if there is no Cache entry for that key
.
key
that is bound to
the current thread.
CacheManager
.
MessageDigest
algorithm name
to use when performing the hash.
SHA-256
, MD5
, etc.
HashService
should use when computing the Hash
, or
null
if the default algorithm configuration of the HashService
should be used.
MessageDigest
algorithm name to use when performing the hash.
Annotation
instance of the specified type based on the given
MethodInvocation
argument, or null
if no annotation
of that type could be found.
methodInvocation.
getMethod()
.getAnnotation(clazz)
.
value
, from which the Permission will be constructed.
Cache
instance to use for authentication caching, or null
if no cache has been
set.
AuthenticationInfo
instances are cached if authentication caching is enabled.
AuthenticationInfo
instances are cached if authentication caching is enabled.
Cache
to lookup from any available cacheManager
if
a cache is not explicitly configured via AuthenticatingRealm.setAuthenticationCache(org.apache.shiro.cache.Cache)
.
AuthenticationInfo
corresponding to the specified
AuthenticationToken
argument.
AuthenticationListener
s that should be notified during authentication
attempts.
AuthenticationStrategy
utilized by this modular authenticator during a multi-realm
log-in attempt.
Authenticator
instance that this SecurityManager uses to perform all
authentication operations.
principals
,
or null
if no account could be found.
Cipher
transformation string or 0
if the JCA Provider default block size
for the specified algorithm
should be used.
name
.
name
.
sessionId
or null
if there is
no session cached under that id (or if there is no Cache).
activeSessionsCache
if
one is not configured.
CipherService
to use for encrypting and decrypting serialized identity data to prevent easy
inspection of Subject identity data.
account identity
.
Hash
instance representing the already-hashed AuthenticationInfo credentials stored in the system.
token
's credentials.
account
's credentials.
this.authcInfo.getCredentials
.
password
char array.
CredentialsMatcher
used during an authentication attempt to verify submitted
credentials with those stored in the system.
null
if no salt was used.
null
if no salt
was used or credentials were not hashed at all.
null
if no salt was used or credentials were not
hashed at all.
nextBytes()
.
null
if none should be used.
LdapContext
).
hashFormatAlias
-to-fullyQualifiedHashFormatClassNameImplementation
map.
AnnotationHandler
used to perform authorization behavior based on
an annotation discovered at runtime.
Hash
algorithmName
to use
when performing hashes for credentials matching.
HashFormat
implementation class name in the specified
package based on the provided token.
AuthenticationToken
's credentials will be hashed before
comparing to the credentials stored in the system.
Subject
is initiating the
Session
.
null
if the host is unknown.
Subject
's originating location.
info
.getPrincipals()
and
ignores the Subject
argument.
CLASSPATH_PREFIX
,
URL_PREFIX
, or FILE_PREFIX
).
Hash
result.
Session
last interacted with the system.
DefaultLdapContextFactory.getLdapContext(Object, Object)
method should be used in all cases to ensure more than
String principals and credentials can be used. Shiro no longer calls this method - it will be
removed before the 2.0 release.
JndiLdapContextFactory.getLdapContext(Object, Object)
method should be used in all cases to ensure more than
String principals and credentials can be used. Shiro no longer calls this method - it will be
removed before the 2.0 release.
LdapContextFactory.getLdapContext(Object, Object)
method should be used in all cases to ensure more than
String principals and credentials can be used.
LdapContext
connection bound using the specified principal and
credentials.
Method
to be invoked.
Cipher
transformation string or null
if the JCA Provider default mode for
the specified algorithm
should be used.
Realm
.
null
if
no object with that name was found.
Permission
s assigned to the corresponding Subject.
Cipher
transformation string or null
if the JCA Provider default mode for
the specified algorithm
should be used.
null
getPermissionResolver() -
Method in class org.apache.shiro.realm.AuthorizingRealm
Subject
before assuming the current
runAs
identity, or null
if this Subject
is not operating under an assumed
identity (normal state).
Realm
principals, or null
if there are
no principals yet.
getUsername()
.
null
if this
Subject is anonymous because it doesn't yet have any associated account data (for example,
if they haven't logged in).
PrincipalCollection
or
null
if this Subject is anonymous because it doesn't yet have any associated account data (for example,
if they haven't logged in).
Subject
should reflect.
null
if no public salt should be used.
Authenticator
during an authentication attempt.
Authorizer
which are consulted during an authorization check.
Realm
s managed by this SecurityManager instance.
JNDI name
and returns all
discovered Realms in an ordered collection.
Realm
instances that will be used to construct
the application's SecurityManager instance.
acquiring
the remembered serialized byte array.
null
if there is no available data.
AnnotationResolver
to use to acquire annotations from intercepted
methods at runtime.
context class loader
, then the
current ClassLoader (ClassUtils.class.getClassLoader()
), then the system/application
ClassLoader (ClassLoader.getSystemClassLoader()
, in that order, using
getResourceAsStream(name)
.
null
getRolePermissionResolver() -
Method in class org.apache.shiro.realm.AuthorizingRealm
this.authzInfo.getRoles();
AuthenticationInfo
returned from the Realm
is a SaltedAuthenticationInfo
instance and its
getCredentialsSalt()
method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm
does not return
SaltedAuthenticationInfo
instances, but it is highly recommended that Realm
implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0.
null
if no salt was used.
HashService
during hash computation, or null
if no salt is
provided as part of the request.
HashFormat
implementations according to
heuristics defined in the getHashFormat(packageName, token)
JavaDoc.
Ini.Section
with the given name or null
if no section with that name exists.
Ini
instance or an empty collection if there are
no sections.
null
if the section or property do not exist.
defaultValue
if the section or
property do not exist.
Ini
instance or an empty collection if there are
no sections.
SecureRandom
backing this instance.
SecurityManager
instance accessible in the backing map using the
securityManagerName
property as the lookup key.
SecurityManager
instance.
Subject
instance or
null
if one has not yet been provided to this context.
SecurityManager
instance in the backing map.
Serializer
used to serialize and deserialize PrincipalCollection
instances for
persistent remember me storage.
null
if no Session could be found.
Session
associated with this Subject.
Session
associated with this Subject.
Session
to use when building the Subject
instance.
SessionFactory
used to generate new Session
instances.
Subject
instance.
SessionIdGenerator
used by the AbstractSessionDAO.generateSessionId(org.apache.shiro.session.Session)
method.
SessionManager
.
SessionStorageEvaluator
that will determine if a Subject
's state may be persisted in
the Subject's session.
HashService
.
Session
started (was created).
JcaCipherService.encrypt(java.io.InputStream, java.io.OutputStream, byte[])
and
JcaCipherService.decrypt(java.io.InputStream, java.io.OutputStream, byte[])
).
modeName
attribute, but is used instead only for for streaming
operations (JcaCipherService.encrypt(java.io.InputStream, java.io.OutputStream, byte[])
and
JcaCipherService.decrypt(java.io.InputStream, java.io.OutputStream, byte[])
).
Subject
associated with the currently-executing code.
Subject
associated with the currently-executing code.
Executor
instance.
Subject
available to the calling code depending on
runtime environment.
Subject
that may be in use at the time the new Subject
instance is
being created.
Subject
instance managed by this ThreadState
implementation.
Subject
instance, available to subclasses
since the context
class attribute is marked as private
.
SubjectDAO
responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services).
SubjectFactory
responsible for creating Subject
instances exposed to the application.
JndiLdapContextFactory.getLdapContext(Object, Object)
using the
systemUsername
and systemPassword
properties as
arguments.
LdapContext
connection bound using the system account, or
anonymously if no system account is configured.
systemUsername
that will be used when creating an
LDAP connection used for authorization queries.
Session.getTimeout()
.
Cipher
transformation string
.
Cipher.getInstance(java.lang.String)
call.
Cipher.getInstance(java.lang.String)
invocation when
creating a new Cipher
instance.
get
operation but additionally ensures that the value returned is of the specified
type
.
LdapContext
from the LdapContextFactory
.
null
if no
userDnTemplate
has been configured.
setUserDnTemplate
JavaDoc for a full explanation.
System.getProperty("java.version")
.
RequiresGuest
annotation
is declared, and if so, ensures the calling Subject
does not
have an identity
before invoking the method.RequiresGuest
annotations in a method
declaration.
RequiresGuest
annotation
is declared, and if so, ensures the calling Subject
does not
have an identity
before invoking the method.RequiresGuest
annotations in a method
declaration.
true
iff any of the configured realms'
ModularRealmAuthorizer.hasRole(org.apache.shiro.subject.PrincipalCollection, String)
call returns true
for
all roles specified, false
otherwise.
true
if this Subject has all of the specified roles, false
otherwise.
salt
for a single iteration.
salt
for the specified number of iterations.
Hash
represents a one-way conversion algorithm that transforms an input source to an
underlying byte array.salt
for a single iteration.
salt
for the specified number of iterations.
principals
are not null, returns principals.hashCode()
, otherwise
returns 0 (zero).
principals
instance.
HashedCredentialMatcher
provides support for hashing of supplied AuthenticationToken
credentials
before being compared to those in the AuthenticationInfo
from the data store.hashAlgorithmName
to hash submitted
credentials.
HashFormat
is able to format a Hash
instance into a well-defined formatted String.HashingPasswordService
is a PasswordService
that performs password encryption and comparisons
based on cryptographic Hash
es.token
's credentials using the salt stored with the account if the
info
instance is an instanceof
SaltedAuthenticationInfo
(see
the class-level JavaDoc for why this is the preferred approach).
hashIterations
times, using the given salt.
HashRequest
is composed of data that will be used by a HashService
to compute a hash (aka
'digest').HashRequest
instances.HashService
hashes input sources utilizing a particular hashing strategy.null
nor of length 0.
true
if the resource path is not null and starts with one of the recognized
resource prefixes (CLASSPATH_PREFIX
,
URL_PREFIX
, or FILE_PREFIX
), false
otherwise.
true
if any of the configured realms'
ModularRealmAuthorizer.hasRole(org.apache.shiro.subject.PrincipalCollection, String)
call returns true
,
false
otherwise.
true
if this Subject has the specified role, false
otherwise.
ModularRealmAuthorizer.hasRole(org.apache.shiro.subject.PrincipalCollection, String)
for each role name in the specified
collection and places the return value from each call at the respective location in the returned array.
HashFormat
that outputs only The hash's digest bytes in hex format.Subject
being built will reflect the specified host name or IP as its originating
location.
HostAuthenticationToken
retains the host information from where
an authentication attempt originates.Session
interface that proxies another Session
, but does not
allow any 'write' operations to the underlying session.Session
.
true
if this current instance implies all the functionality and/or resource access
described by the specified Permission
argument, false
otherwise.
Ini
instance.
Ini
instance with the specified defaults.
Ini.Section
is String-key-to-String-value Map, identifiable by a
name
unique within an Ini
instance.Factory
implementations that generate their instance(s) based on
Ini
configuration.Realm
implementation that creates
SimpleAccount
instances based on
Ini
configuration.Ini
argument.
Ini
resolved from the specified
resourcePath
.
Factory
that creates SecurityManager
instances based on Ini
configuration.init
for each object in the collection.
PermissionResolver.resolvePermission(String)
when the String being parsed is not
valid for that resolver.MethodInvocation
, allowing implementations to perform pre/post/finally
surrounding the actual invocation.
methodInvocation
is allowed to execute first before proceeding by calling the
assertAuthorized
method first.
methodInvocation.proceed
()
if authorization is allowed by first
calling assertAuthorized
.
true
if this Subject/user proved their identity during their current session
by providing valid credentials matching those known to the system, false
otherwise.
true
if the constructed Subject
should be considered authenticated, false
otherwise.
true
if authentication caching should be utilized if a CacheManager
has been
configured
, false
otherwise.
true
if authentication caching should be utilized based on the specified
AuthenticationToken
and/or AuthenticationInfo
, false
otherwise.
true
if authorization caching should be utilized if a CacheManager
has been
configured
, false
otherwise.
true
if the specified object can be easily converted to bytes by instances of this class,
false
otherwise.
true
if caching should be used if a CacheManager
has been
configured
, false
otherwise.
true
if the specified object can be easily represented as a ByteSource
using
the ByteSource.Util
's default heuristics, false
otherwise.
true
if the specified object is a recognized data type that can be easily converted to
bytes by instances of this class, false
otherwise.
true
if sessions should be automatically deleted after they are discovered to be invalid,
false
if invalid sessions will be manually deleted by some process external to Shiro's control.
true
if no sections have been configured, or if there are sections, but the sections themselves
are all empty, false
otherwise.
true
if this collection is empty, false
otherwise.
true
if the underlying wrapped byte array is null or empty (zero length), false
otherwise.
true
if the specified Collection
is null
or empty
,
false
otherwise.
true
if the specified Map
is null
or empty
,
false
otherwise.
true
if the specified PrincipalCollection
is null
or
empty
, false
otherwise.
true
if this Scheduler is enabled and ready to begin validation at the appropriate time,
false
otherwise.
true
if a public salt should be randomly generated and used to compute a hash if a
HashRequest
does not specify a salt, false
otherwise.
AuthenticationInfo
returned from the Realm
is a SaltedAuthenticationInfo
instance and its
getCredentialsSalt()
method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm
does not return
SaltedAuthenticationInfo
instances, but it is highly recommended that Realm
implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0.
true
if this Account is locked and thus cannot be used to login, false
otherwise.
true
if any of the configured realms'
ModularRealmAuthorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection, String)
returns true
,
false
otherwise.
true
if any of the configured realms'
ModularRealmAuthorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission)
call returns true
,
false
otherwise.
true
if any of the configured realms'
ModularRealmAuthorizer.isPermittedAll(org.apache.shiro.subject.PrincipalCollection, String...)
call returns
true
, false
otherwise.
true
if any of the configured realms'
ModularRealmAuthorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection, List)
call returns true
,
false
otherwise.
true
if this Subject is permitted to perform an action or access a resource summarized by the
specified permission string.
true
if this Subject is permitted to perform an action or access a resource summarized by the
specified permission.
true
if any of the configured realms'
ModularRealmAuthorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection, String)
call returns true
for all of the specified string permissions, false
otherwise.
true
if any of the configured realms'
ModularRealmAuthorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission)
call returns true
for all of the specified Permissions, false
otherwise.
true
if this Subject implies all of the specified permission strings, false
otherwise.
true
if this Subject implies all of the specified permissions, false
otherwise.
true
if LDAP connection pooling should be used when acquiring a connection based on the specified
account principal, false
otherwise.
true
if this Subject
has an identity (it is not anonymous) and the identity
(aka principals
) is remembered from a successful authentication during a previous
session.
true
if the submitting user wishes their identity (principal(s)) to be remembered
across sessions, false
otherwise.
true
if this Subject
is 'running as' another identity other than its original one or
false
otherwise (normal Subject
state).
true
if the constructed Subject
should be allowed to create a session, false
otherwise.
true
if this Subject is allowed to create sessions, false
otherwise.
Session
(typically because an application developer
has called subject.getSession()
already), Shiro will use that existing session to store subject state.
If a Subject does not yet have a Session, this implementation checks the
sessionStorageEnabled
property:
If sessionStorageEnabled
is true (the default setting), a new session may be created to persist
Subject state if necessary.
If sessionStorageEnabled
is false
, a new session will not be created to persist
session state.
Most applications use Sessions and are OK with the default true
setting for sessionStorageEnabled
.
true
if any Subject's Session
may be used to persist that Subject
's state,
false
otherwise.
true
if the specified Subject
's
session
may be used to persist that Subject's
state, false
otherwise.
true
if the system's stored credential hash is Hex encoded, false
if it
is Base64 encoded.
true
if the associated session is valid (it exists and is not stopped nor expired),
false
otherwise.
SessionIdGenerator
that generates String values of JDK UUID
's as the session IDs.CipherService
implementation utilizing Java's JCA APIs.JcaCipherService
instance which will use the specified cipher algorithmName
for all encryption, decryption, and key operations.
LdapContextFactory
implementation using the default Sun/Oracle JNDI Ldap API, utilizing JNDI
environment properties and an InitialContext
.environment template
with
the contextFactoryClassName
equal to
com.sun.jndi.ldap.LdapCtxFactory
(the Sun/Oracle default) and the default
referral
behavior to follow
.
Realm
implementation utilizing Sun's/Oracle's
JNDI API as an LDAP API.LdapContextFactory
instance to a
JndiLdapContextFactory
.
jndiNames
.Iterator
into
a single String containing the provided elements.
LdapContext
objects that are used by JndiLdapRealm
s to
perform authentication attempts and query for authorization data.Initializable.init()
and
Destroyable.destroy()
methods cleanly on any object.classpath:shiro.ini
file, or null
if
the file does not exist.
Ini
instance.
AuthenticationToken
argument, and if successful, constructs a
Subject
instance representing the authenticated account's identity.
authenticationToken
, returning an updated Subject
instance reflecting the authenticated state if successful or throwing AuthenticationException
if it is
not.
Session
and authorization data.
SecurityManager
instance in the backing map without performing any non-null guarantees.
MapCache
is a Cache
implementation that uses a backing Map
instance to store
and retrieve cached data.MapContext
provides a common base for context-based data storage in a Map
.true
if the given source
matches the specified pattern
,
false
otherwise.
hashAlgorithmName
property.hashAlgorithmName
property.CacheManager
implementation usable in production
environments.ConcurrentMap
.AuthenticationInfo
interface to be implemented by
classes that support merging with other AuthenticationInfo
instances.AuthenticationInfo
into this instance.
info
argument into the aggregate
argument and then returns an
aggregate for continued use throughout the login process.
aggregate
instance if is non null and valid (that is, has principals and they are
not empty) immediately, or, if it is null or not valid, the info
argument is returned instead.
AuthenticationInfo
into this Account
.
info
argument and adds its principals and credentials into this instance.
Subject.getPrincipals()
with whatever may be in
any available session.
HashFormat
that supports
Modular Crypt Format token rules.ModularRealmAuthenticator
delgates account lookups to a pluggable (modular) collection of
Realm
s.enables
an
AtLeastOneSuccessfulStrategy
by default.
Realm
s during an authorization operation.Realm
s to consult during an authorization check.
PrincipalCollection
that allows modification.Native
session manager is one that manages sessions natively - that is, it is directly responsible
for the creation, persistence and removal of Session
instances and their
lifecycles.SubjectContext
instance to be used to populate with subject contextual data that
will then be sent to the SecurityManager
to create a new Subject
instance.
DefaultSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext)
directly if you
need to instantiate a custom Subject
class.
AuthenticationListener
s that
authentication failed for the
specified token
which resulted in the specified ae
exception.
AuthenticationListener
s that a
Subject
has logged-out.
SessionListener
s that a Session has started.
AuthenticationListener
s that
authentication was successful for the specified token
which resulted in the specified
info
.
value
argument is not null.
objectArgument.toString()
.
null
if there are none
of the specified type.
forgetting
any
previously remembered identity.
Subject
has failed.
notifyLogout
to allow any registered listeners
to react to the logout.
Subject
logs-out of the system.
Subject
logs out of the system.
super.onLogout(principals)
to ensure a logout notification is issued, and for each
wrapped Realm
that implements the LogoutAware
interface, calls
((LogoutAware)realm).onLogout(principals)
to allow each realm the opportunity to perform
logout/cleanup operations during an user-logout.
forgets
any previously stored identity and returns.
Session.stop()
or automatically upon a subject logging out.
Subject
has succeeded.
forgetting
any previously
stored identity.
SecurityUtils
and
ShiroException
.CredentialsMatcher
interface and its supporting implementations.Realm
s).Permission
interface.Executor
, ExecutorService
,
and ScheduledExecutorService
implementations for transparent
Subject
association with threads in an asynchronous execution environment.SecurityManager
interface and a default implementation
hierarchy for managing all aspects of Shiro's functionality in an application.Realm
interface.File
s or
text streams.SessionManager
components supporting enterprise session management.Subject
interface, the most important concept in
Shiro's API.org.apache.shiro.subject
interfaces.CipherPaddingScheme
represents well-known
padding schemes supported by JPA providers in a
type-safe manner.ParsableHashFormat
is able to parse a formatted string and convert it into a Hash
instance.CredentialsMatcher
that employs best-practices comparisons for hashed text passwords.PasswordService
supports common use cases when using passwords as a credentials mechanism.true
if the submittedPlaintext
password matches the existing savedPasswordHash
,
false
otherwise.
true
if the submittedPlaintext
password matches the existing saved
password,
false
otherwise.
RequiresPermissions
annotation is
declared, and if so, performs a permission check to see if the calling Subject
is allowed continued
access.RequiresPermissions
annotations.
RequiresPermissions
annotation is declared, and if so, performs
a permission check to see if the calling Subject
is allowed to call the method.RequiresPermissions
annotations in a method declaration.
PermisisonResolver
resolves a String value and converts it into a
Permission
instance.UTF-8
.
Subject
.PrincipalMap
is map of all of a subject's principals - its identifying attributes like username, userId,
etc.Subject
being built will reflect the specified principals (aka identity).
TextConfigurationRealm
that defers all logic to the parent class, but just enables
Properties
based configuration in addition to the parent class's String configuration.HashFormat
implementations.Session
implementation that immediately delegates all corresponding calls to an
underlying proxied session instance.target
.
key
to the current thread.
AuthenticationInfo
object by querying the active directory LDAP context for the
specified username.
AuthenticationInfo
object by querying the LDAP context for the
specified username.
discovered principal
and provided
credentials
.
AuthorizationInfo
object by querying the active directory LDAP context for the
groups that a user is a member of.
AuthorizationInfo
object by querying the LDAP context for the
specified principal.
AuthorizationInfo
object by querying the LDAP context for the
specified principal.
Random
instance to generate random IDs.AbstractSessionDAO.doReadSession(java.io.Serializable)
method.
sessionId
.
Realm
instances
in any manner desired.SecurityManager
class hierarchy based around a collection of
Realm
s.PatternMatcher
implementation that uses standard java.util.regex
objects.#runAs runAs
was called.
converting
them to a byte
array and then remembers
that
byte array.
AuthenticationToken
that indicates if the user wishes their identity to be remembered across sessions.AbstractRememberMeManager.getRememberedSerializedIdentity(SubjectContext)
method.
key
from the current
thread.
Remove
s the underlying ThreadLocal
from the thread.
throws
an InvalidSessionException
in all
cases because this proxy is immutable.
Session
under the given attributeKey
.
key
name.
null
if the section did not exist.
Class
.Subject
to have all of the
specified roles.ObjectStreamClass
by delegating to Shiro's
ClassUtils.forName(String)
utility method, which is known to work in all ClassLoader environments.
WildcardPermission
instance constructed based on the specified
permissionString.
PrincipalCollection
) for the context using heuristics.
SecurityManager
instance that should be used to back the constructed Subject
instance (typically used to support DelegatingSubject
implementations).
Session
to ensure it may be referenced if necessary by the
invoked SubjectFactory
that performs actual Subject
construction.
true
if the resource at the specified path exists, false
otherwise.
Stream
-backed resources.Remove
s all thread-state that was bound by this instance.
bind
was invoked.
RequiresRoles
annotation is declared, and if so, performs
a role check to see if the calling Subject
is allowed to proceed.RequiresRoles
annotations.
RequiresRoles
annotation is declared, and if so, performs
a role check to see if the calling Subject
is allowed to invoke the method.RequiresRoles
annotations in a method declaration.
Permission
instances.Bind
s the Subject thread state, executes the target Runnable
and then guarantees
the previous thread state's restoration
:
session
only
if sessionStorageEnabled(subject)
.
session
.
RandomNumberGenerator
interface, backed by a
SecureRandom
instance.SecureRandom
and a
defaultNextBytesSize
of 16
, which equals 128 bits, a size commonly
used in cryptographic algorithms.
SecurityManager
executes all security operations for all Subjects (aka users) across a
single application.Subject
for the calling code depending on runtime environment.ObjectOutputStream
backed by a
ByteArrayOutputStream
.
source
into a byte[] array by using the
XMLEncoder
to encode the object out to a
ByteArrayOutputStream
, where the resulting byte[] array is returned.
principals
by serializing them to a byte array by using the
serializer
's serialize
method.
Serializer
converts objects to raw binary data and vice versa, enabling persistent storage
of objects to files, HTTP cookies, or other mechanism.Session
is a stateful data context associated with a single Subject (user, daemon process,
etc) who interacts with a software system over a period of time.Subject
being built will use the specified Session
instance.
SessionContext
is a 'bucket' of data presented to a SessionFactory
which interprets
this data to construct Session
instances.Session
if one does not
already exist.
Session
access to an
EIS (Enterprise Information System).Session
instances.Subject
instance that owns the Session
with the
specified sessionId
.
SessionDAO
implementations.SessionKey
is a key that allows look-up of any particular Session
instance.Session
's life cycle.SessionListener
interface, effectively providing
no-op implementations of all methods.Session
s.SecurityManager
class hierarchy that delegates all
session
operations to a wrapped
SessionManager
instance.SessionManager
delegate
instance.
Subject
's Session
to persist that Subject
's internal state.CacheManager
.
HashService
should use when computing the Hash
.
throws
an InvalidSessionException
in all
cases because this proxy is immutable.
value
to the associated session uniquely identified by the attributeKey
.
value
to this session, uniquely identified by the specifed
key
name.
Subject
instance should be considered as authenticated.
Cache
instance to use for authentication caching.
Cache
to lookup from any available cacheManager
if
a cache is not explicitly configured via AuthenticatingRealm.setAuthenticationCache(org.apache.shiro.cache.Cache)
.
CacheManager
has been
configured
, false
otherwise.
AuthenticationListener
s that should be notified during authentication
attempts.
AuthenticationStrategy
utilized during multi-realm log-in attempts.
Authenticator
instance that this SecurityManager uses to perform all
authentication operations.
CacheManager
has been
configured
, false
otherwise.
Cipher
transformation string.
SecurityManager
and potentially any of its
children components.
activeSessionsCache
if
one is not configured.
CacheManager
has been
configured
.
CipherService
to use for encrypting and decrypting serialized identity data to prevent easy
inspection of Subject identity data.
principals
, such as a password or private key.
null
if no salt
is used or credentials are not hashed at all.
null
if no salt was used or credentials were not
hashed at all.
nextBytes()
.
hash-format-alias
-to-fullyQualifiedHashFormatClassNameImplementation
map to be used in
the DefaultHashFormatFactory.getInstance(String)
implementation.
HashRequest
does not specify a salt.
AnnotationHandler
used to perform authorization behavior based on
an annotation discovered at runtime.
Hash
algorithmName
to use
when performing hashes for credentials matching.
MessageDigest
algorithm that will be used to compute
hashes.
AuthenticationToken
's credentials will be hashed before comparing
to the credentials stored in the system.
AuthenticationInfo
returned from the Realm
is a SaltedAuthenticationInfo
instance and its
getCredentialsSalt()
method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm
does not return
SaltedAuthenticationInfo
instances, but it is highly recommended that Realm
implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0.
Subject
is initiating the
Session
.
Subject
's originating location.
Hash
result.
Realm
.
LdapContextFactory
implementation that is used to create LDAP connections for
authentication and authorization.
Cipher
transformation string.
Cipher
transformation string.
Cipher
transformation string.
Cipher
transformation string, or null
if the JCA Provider default mode for
the specified algorithm
should be used.
PermissionResolver
on all of the wrapped realms that
implement the PermissionResolverAware
interface.
Subject
should reflect.
LdapContextFactory
.
RealmSecurityManager.setRealms(java.util.Collection)
method.
Authorizer
which are consulted during an authorization check.
AnnotationResolver
to use to acquire annotations from intercepted
methods at runtime.
RolePermissionResolver
on all of the wrapped realms that
implement the PermissionResolverAware
interface.
HashService
during hash computation.
HashService
during hash computation.
LdapContextFactory
.
HashFormat
implementations according to
heuristics defined in the getHashFormat(packageName, token)
JavaDoc.
sectionName
.
SecureRandom
to back this instance.
getSubject()
implementation.
Subject
instance
(typically used to support DelegatingSubject
implementations).
SecurityManager
instance in the backing map.
SecureRandom
instance with additional seed data.
Serializer
used to serialize and deserialize PrincipalCollection
instances for
persistent remember me storage.
Session
to use when building the Subject
instance.
Subject
instance should be allowed to create a session,
false
otherwise.
SessionFactory
used to generate new Session
instances.
Subject
instance.
SessionIdGenerator
used by the AbstractSessionDAO.generateSessionId(org.apache.shiro.session.Session)
method.
SessionManager
instance that will be used to support this implementation's
SessionManager method calls.
Session
may be used to persist that Subject
's state.
SessionStorageEvaluator
that will determine if a Subject
's state may be persisted in
the Subject's session.
setSessionValidationScheduler
method is
never called) , this method allows one to specify how
frequently session should be validated (to check for orphans).
HashService
.
HashService
.
JcaCipherService.encrypt(java.io.InputStream, java.io.OutputStream, byte[])
and
JcaCipherService.decrypt(java.io.InputStream, java.io.OutputStream, byte[])
).
Subject
that may be in use at the time the new Subject
instance is
being created.
SubjectDAO
responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services).
SubjectFactory
responsible for creating Subject
instances exposed to the application.
LdapContextFactory
.
systemUsername
that will be used when creating an
LDAP connection used for authorization queries.
LdapContextFactory
.
throws
an InvalidSessionException
in all
cases because this proxy is immutable.
LdapContextFactory
.
hashAlgorithmName
property.hashAlgorithmName
property.hashAlgorithmName
property.hashAlgorithmName
property.Shiro1CryptFormat
is a fully reversible
Modular Crypt Format (MCF).true
if the Ini contains account data and a Realm
should be implicitly
created
to reflect the account data, false
if no realm should be implicitly
created.
Account
interface that
contains principal and credential and authorization information (roles and permissions) as instance variables and
exposes them via getters and setters using standard JavaBean notation.Realm
interface that
uses a set of configured user accounts and roles to support authentication and authorization.MergableAuthenticationInfo
interface that holds the principals and
credentials.AuthorizationInfo
interface that stores roles and permissions as internal
attributes.ByteSource
implementation that maintains an internal byte[]
array and uses the
Hex
and Base64
codec classes to support the
toHex()
and toBase64()
implementations.Hash
implementation that allows any MessageDigest
algorithm name to
be used.algorithmName
set - no hashing is performed.
algorithmName
-specific hash of the specified source
with no salt
using a
single hash iteration.
algorithmName
-specific hash of the specified source
using the given salt
using a single hash iteration.
algorithmName
-specific hash of the specified source
using the given
salt
a total of hashIterations
times.
HashRequest
that can be used when interacting with a HashService
.MutablePrincipalCollection
interface that tracks principals internally
by storing them in a LinkedHashMap
.PrincipalMap
interface.Session
JavaBeans-compatible POJO implementation, intended to be used on the
business/server tier.SessionFactory
implementation that generates SimpleSession
instances.0
if the collection is null
.
0
if the map is null
.
SoftHashMap
is a memory-constrained map that stores its values in
SoftReference
s.DEFAULT_RETENTION_SIZE
(100 entries).
SoftHashMap
backed by the specified source
, with a default retention
size of DEFAULT_RETENTION_SIZE
(100 entries).
SoftHashMap
backed by the specified source
, with the specified retention size.
delimited
string (delimited by the specified separator
character) and returns the
delimited values as a Set
.
throws
an InvalidSessionException
in all
cases because this proxy is immutable.
Subject
represents state and security operations for a single application user.Subject
instances in a simplified way without
requiring knowledge of Shiro's construction techniques.Subject.Builder
instance, using the SecurityManager
instance available
to the calling code as determined by a call to SecurityUtils.getSecurityManager()
to build the Subject
instance.
Subject.Builder
instance which will use the specified SecurityManager
when
building the Subject
instance.
Executor
implementation that will automatically first associate any argument
Runnable
instances with the currently available Subject
and then
dispatch the Subject-enabled runnable to an underlying delegate Executor
instance.ExecutorService
implementation that will automatically first associate any argument
Runnable
or Callable
instances with the currently available subject
and then
dispatch the Subject-enabled runnable or callable to an underlying delegate
ExecutorService
instance.SubjectAwareExecutorService
but additionally supports the
ScheduledExecutorService
interface.SubjectCallable
associates a Subject
with a target/delegate
Callable
to ensure proper Subject
thread-state management when the Callable
executes.SubjectContext
is a 'bucket' of data presented to a SecurityManager
which interprets
this data to construct Subject
instances.SubjectDAO
is responsible for persisting a Subject instance's internal state such that the Subject instance
can be recreated at a later time if necessary.SubjectFactory
is responsible for constructing Subject
instances as needed.SubjectRunnable
ensures that a target/delegate Runnable
will execute such that any
call to SecurityUtils.
getSubject()
during the
Runnable
's execution will return the associated Subject
instance.SubjectRunnable
that, when executed, will execute the target delegate
, but
guarantees that it will run associated with the specified Subject
.
SubjectRunnable
that, when executed, will perform thread state
binding
and guaranteed restoration
before and after the
Runnable
's execution, respectively.
Subject
access (supporting
SecurityUtils.
getSubject()
calls)
during a thread's execution.SubjectThreadState
that will bind and unbind the specified Subject
to the
thread
true
if this interceptor supports, that is, should inspect, the specified
MethodInvocation
, false
otherwise.
AuthenticationToken
instance, false otherwise.
ThreadState
instance manages any state that might need to be bound and/or restored during a thread's
execution.InvalidSessionException
indicating that this proxy is immutable.
byte array
.
byte array
.
PREFERRED_ENCODING
.
CodecException
if the encoding fails.
InputStream
into a byte array.
ByteSource
instance.
PREFERRED_ENCODING
.
delimiter
argument.
delimiter
argument.
byte array
.
byte array
.
principals
.toString() if they are not null, otherwise prints out the string
"empty"
principals
.toString()
PREFERRED_ENCODING
.
toHex()
.
toHex()
.
getClass().getName() + ",id=" + getId()
.
throws
an InvalidSessionException
in all
cases because this proxy is immutable.
sessionId
.
lastAccessTime
of this session to the current time when
this method is invoked.
SecurityManager
instance, but Shiro's
lookup heuristics cannot find one.DefaultSecurityManager.delete(org.apache.shiro.subject.Subject)
RuntimeException
equivalent of the JDK's
ClassNotFoundException
, to maintain a RuntimeException paradigm.AuthenticationToken
implementation is encountered that is not
supported by one or more configured Realm
s.CachingSessionDAO.doUpdate(org.apache.shiro.session.Session)
.
{@link Session#getId() session.getId()}
.
url:
RequiresUser
annotation
is declared, and if so, ensures the calling Subject
is either
authenticated
or remembered via remember
me services before allowing access.RequiresUser
annotations.
RequiresUser
annotation
is declared, and if so, ensures the calling Subject
is either
authenticated
or remembered via remember
me services before invoking the method.RequiresUser
annotations in a method
declaration.
host
and a
rememberMe default of false.
host
and
a rememberMe default of false
ValidatingSession
is a Session
that is capable of determining it is valid or not and
is able to validate itself if necessary.WildcardPermission
is a very flexible permission construct supporting multiple levels of
permission matching.WildcardPermission
based on the input string.XMLEncoder
and XMLDecoder
to serialize
and deserialize, respectively.
|
||||||||||
PREV NEXT | FRAMES NO FRAMES |