|
||||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||
AuthenticationStrategy
implementations.Authenticator implementations that performs the common work around authentication
attempts.CacheManager implementation that retains all created Cache instances in
an in-memory ConcurrentMap.ConcurrentMap.
SimpleHash implementation directly.source with no salt using a single hash iteration.
source using the given salt using a single hash iteration.
source using the given salt a total of
hashIterations times.
Realm that authenticates with an LDAP
server to build the Subject for a user.NativeSessionManager interface, supporting
SessionListeners and application of the
globalSessionTimeout.RememberMeManager interface that handles
serialization and
encryption of the remembered user identity.DefaultSerializer as the serializer and
an AesCipherService as the cipherService.
SessionDAO implementation that performs some sanity checks on session creation and reading and
allows for pluggable Session ID generation strategies if desired.sessionIdGenerator to be a
JavaUuidSessionIdGenerator.
SessionManager interface, enabling configuration of an
application-wide globalSessionTimeout.ValidatingSessionManager interface.AuthenticationInfo and
AuthorizationInfo and represents authentication and authorization for a single account in a
single Realm.shiro-activeSessionCache.
Realm that authenticates with an active directory LDAP
server to determine the roles for a particular user.CipherService using the AES cipher algorithm for all encryption, decryption, and key operations.CipherService instance using the AES cipher algorithm with the following
important cipher default attributes:
Attribute
Value
keySize
128 bits
blockSize
128 bits (required for AES
mode
CBC*
paddingScheme
PKCS5
initializationVectorSize
128 bits
generateInitializationVectors
true**
* The CBC operation mode is used instead of the JDK default ECB to
ensure strong encryption.
aggregate argument without modification.
aggregate method argument is not null and
aggregate.getPrincipals()
is not null, and if either is null, throws an AuthenticationException to indicate
that none of the realms authenticated successfully.
singleRealmInfo into the
aggregateInfo and then returns the aggregate.
info into the aggregate argument and returns it (just as the
parent implementation does), but additionally ensures the following:
if the Throwable argument is not null, re-throws it to immediately cancel the
authentication process, since this strategy requires all realms to authenticate successfully.
neither the info or aggregate argument is null to ensure that each
realm did in fact authenticate successfully
CacheManager has been set and is available for use via the
getCacheManager() method.
applyCacheManagerToRealms() to allow the
newly set CacheManager to be propagated to the internal collection of Realm
that would need to use it.
super.afterCacheManagerSet() and then immediately calls
applyCacheManagerToSessionManager() to ensure the
CacheManager is applied to the SessionManager as necessary.
CacheManager instance being set on the realm instance via the
CachingRealm.setCacheManager(org.apache.shiro.cache.CacheManager) mutator.
realms to the internal delegate Authenticator instance so
that it may use them during authentication attempts.
super.afterRealmsSet() and then sets these same Realm objects on this
instance's wrapped Authorizer.
true when matching credentials no matter what arguments
are passed in.implies method always returns true.AnnotationHandler who processes annotations of the
specified type.
AnnotationMethodInterceptor with the
AnnotationHandler that will be used to process annotations of a
corresponding type.
AnnotationMethodInterceptor with the
AnnotationHandler that will be used to process annotations of a
corresponding type, using the specified AnnotationResolver to acquire annotations
at runtime.
methodInterceptors attribute to contain two interceptors by default - the
RoleAnnotationMethodInterceptor and the
PermissionAnnotationMethodInterceptor to
support role and permission annotations.
CacheManager on any internal configured
Realms that implement the CacheManagerAware interface.
SessionManager is injected with the newly set
CacheManager so it may use it for its internal caching needs.
ModularRealmAuthorizer.getPermissionResolver() on any internal configured
Realms that implement the PermissionResolverAware interface.
ModularRealmAuthorizer.getRolePermissionResolver() on any internal configured
Realms that implement the RolePermissionResolverAware interface.
methodInterceptors collection, and for each one,
ensures that if the interceptor
supports
the invocation, that the interceptor
asserts
that the invocation is authorized to proceed.
Subject is authenticated, and if not, throws an
UnauthenticatedException indicating the method is not allowed to be executed.
MethodInvocation.
Subject is NOT a user, that is, they do not
have an identity before continuing.
Subject has the Annotation's specified permissions, and if not, throws an
AuthorizingException indicating access is denied.
Subject has the Annotation's specified roles, and if not, throws an
AuthorizingException indicating that access is denied.
Subject is a user, that is, they are either
authenticated or remembered via remember
me services before allowing access, and if not, throws an
AuthorizingException indicating access is not allowed.
AuthenticationToken's credentials match the stored account
AuthenticationInfo's credentials, and if not, throws an AuthenticationException.
Authorizer implementation methods to ensure that the realms
has been set.
Callable instance matching the given argument while additionally ensuring that it will
retain and execute under this Subject's identity.
Runnable instance matching the given argument while additionally ensuring that it will
retain and execute under this Subject's identity.
Runnable with the currently executing subject
and then return the associated Runnable.
Authenticator interface that functions in the following manner:
Calls template doAuthenticate method for subclass execution of the actual
authentication behavior.
If an AuthenticationException is thrown during doAuthenticate,
notify any registered
AuthenticationListeners of the exception and then propogate the exception
for the caller to handle.
If no exception is thrown (indicating a successful login),
notify any registered
AuthenticationListeners of the successful attempt.
Return the AuthenticationInfo
AuthenticationToken.
Authenticator for authentication.
Subject being built will be considered
authenticated.
RequiresAuthentication annotations and ensures the calling subject is
authenticated before allowing access.RequiresAuthentication annotations.
RequiresAuthenticated annotation
is declared, and if so, ensures the calling
Subject.isAuthenticated() before invoking
the method.RequiresAuthentication annotations in a method
declaration.
SecurityManager class hierarchy that delegates all
authentication operations to a wrapped Authenticator instance.authenticator instance to a
ModularRealmAuthenticator.
AuthenticationInfo represents a Subject's (aka user's) stored account information relevant to the
authentication/log-in process only.AuthenticationListener listens for notifications while Subjects authenticate with the system.AuthenticationStrategy implementation assists the ModularRealmAuthenticator during the
log-in process in a pluggable realm (PAM) environment.AuthorizationInfo represents a single Subject's stored authorization data (roles, permissions, etc)
used during authorization (access control) checks only.AuthorizingAnnotationHandler who processes annotations of the
specified type.
handler is set which will be used to perform the
authorization assertion checks when a supported annotation is encountered.
AuthorizingRealm extends the AuthenticatingRealm's capabilities by adding Authorization
(access control) support.SecurityManager class hierarchy that delegates all
authorization (access control) operations to a wrapped Authorizer instance.ModularRealmAuthorizer.
HashFormat that outputs only the hash's digest bytes in Base64 format.new SimpleAuthenticationInfo();, which supports
aggregating account data across realms.
token - called before any Realm is actually invoked.
null immediately, relying on this class's merge implementation to return
only the first info object it encounters, ignoring all subsequent ones.
aggregate method argument, without modification.
Realm supports the given
token argument.
SessionListeners for notification
that the session has been invalidated (stopped or expired).
save(subject).
Subject and SecurityManager to the
ThreadContext so they can be retrieved later by any
SecurityUtils.getSubject() calls that might occur
during the thread's execution.
CipherService using the Blowfish cipher algorithm for all encryption, decryption, and key operations.CipherService instance using the Blowfish cipher algorithm with the following
important cipher default attributes:
Attribute
Value
keySize
128 bits
blockSize
64 bits (required for Blowfish)
mode
CBC*
paddingScheme
PKCS5
initializationVectorSize
64 bits
generateInitializationVectors
true**
* The CBC operation mode is used instead of the JDK default ECB to
ensure strong encryption.
HashRequest instance reflecting the specified configuration.
Subject instance reflecting the cumulative state acquired by the
other methods in this class.
ByteSource instance representing the specified byte array.
ByteSource instance representing the specified character array's bytes.
ByteSource instance representing the specified string's bytes.
ByteSource instance representing the specified ByteSource.
ByteSource instance representing the specified File's bytes.
ByteSource instance representing the specified InputStream's bytes.
ByteSource instance representing the specified byte source argument.
ByteSource wraps a byte array and provides additional encoding operations.sessionId.
sessionId.
CacheException.
CacheException.
CacheException.
CacheException.
Cache instances.Realm interface that provides caching support for subclasses.cachingEnabled (for general caching) to true and sets a
default name based on the class name.
Permission.implies(Permission) implies} the specified Permission.
isPermitted(permission), throws
an UnauthorizedException otherwise returns quietly.
isPermitted(permission), throws
an UnauthorizedException otherwise returns quietly.
implies the specified Permission.
implies all of the
specified permission strings.
implies all of the
specified permission strings.
isPermitted(permission),
throws an UnauthorizedException otherwise returns quietly.
isPermitted(permission) for
all the given Permissions, throws
an UnauthorizedException otherwise returns quietly.
implies all of the
specified permission strings.
implies all of the
specified permission strings.
AuthorizationException if they do not.
hasRole(role), throws
an UnauthorizedException otherwise returns quietly.
AuthorizationException if they do not.
AuthorizationException if they do not.
checkRoles(PrincipalCollection subjectPrincipal, Collection<String> roleIdentifiers) but doesn't require a collection
as an argument.
checkRole for each role specified.
AuthorizationException if they do not.
checkRoles(Collection roleIdentifiers) but
doesn't require a collection as a an argument.
InvalidSessionException indicating that the session id is invalid.
CipherService uses a cryptographic algorithm called a
Cipher to convert an original input source using a key to
an uninterpretable format.classpath:
Classes, such as acquiring them from the
application ClassLoaders and instantiating Objects from them.removes the ThreadContext state.
ThreadContext state.
InputStream, logging any
IOException that might occur.
CodecException.
CodecException.
CodecException.
CodecException.
HashService that allows configuration of its strategy via JavaBeans-compatible setter methods.Map used to construct the
Subject instance.
cipherService is available, it will be used to first decrypt the byte array.
salt argument's bytes and returns them in the form of a ByteSource instance.
source argument's bytes and returns them in the form of a ByteSource instance.
AbstractSessionDAO.doCreate(org.apache.shiro.session.Session) method, and then
asserting that the returned sessionId is not null.
super.create(session), then caches the session keyed by the returned sessionId, and then
returns this sessionId.
AuthenticationInfo resulting from a Subject's successful LDAP authentication attempt.
Cache instance associated with the specified name.
MapCache instance backed by a SoftHashMap.
InitialLdapContext instance.
Realm from the Ini instance containing account data.
Session Session instance based on the specified (possibly null)
initialization data.
Session instance based on the specified contextual initialization data.
SimpleSession instance retaining the context's
host if one can be found.
Subject instance for the user represented by the given method arguments.
SubjectContext is as populated as it can be, using heuristics to acquire
data that may not have already been available to it (such as a referenced session or remembered principals).
Calls DefaultSecurityManager.doCreateSubject(org.apache.shiro.subject.SubjectContext) to actually perform the
Subject instance creation.
calls save(subject) to ensure the constructed
Subject's state is accessible for future requests/invocations if necessary.
returns the constructed Subject instance.
Subject instance reflecting the specified contextual data.
InputStream, decrypts it, and sends the resulting decrypted data
to the given OutputStream.
cipherService.
','
30 minutes.
JdbcRealm.saltStyle is COLUMN.
SecurityManager instance may be acquired, equal to
securityManager.
AbstractValidatingSessionManager.setSessionValidationInterval(long)
AnnotationResolver implementation that merely inspects the
MethodInvocation's target method,
and returns targetMethod.getAnnotation(class).DefaultBlockCipherService using the specified block cipher algorithmName.
Environment implementation that stores Shiro objects as key-value pairs in a
Map instance.ConcurrentHashMap backing map.
HashFormatFactory implementation heuristically determines a HashFormat class to
instantiate based on the input argument and returns a new instance of the discovered class.HashService interface, supporting a customizable hash algorithm name,
secure-random salt generation, multiple hash iterations and an optional internal
privateSalt.DefaultHashService instance with the following defaults:
hashAlgorithmName = SHA-512
hashIterations = 1
randomNumberGenerator =
new SecureRandomNumberGenerator()
generatePublicSalt = false
If this hashService will be used for password hashing it is recommended to set the
privateSalt and significantly increase the number of
hashIterations.
JndiLdapContextFactory implementation. This implementation will be removed
prior to Shiro 2.0PasswordService interface that relies on an internal
HashService, HashFormat, and HashFormatFactory to function:SecurityManager interface,
based around a collection of Realms.realms.
SessionContext interface which provides getters and setters that
wrap interaction with the underlying backing context map.SessionKey interface, which allows setting and retrieval of a concrete
sessionId that the SessionManager implementation can use to look up a
Session instance.ValidatingSessionManager.SessionStorageEvaluator that provides reasonable control over if and how Sessions may be used for
storing Subject state.SubjectContext interface.SubjectDAO implementation that stores Subject state in the Subject's Session by default (but this
can be disabled - see below).SubjectFactory implementation that creates DelegatingSubject
instances.Session.Subject interface that delegates
method calls to an underlying SecurityManager instance for security checks.DefaultSecurityManager.logout(org.apache.shiro.subject.Subject)..
Subject instance.
CachingSessionDAO.doDelete(org.apache.shiro.session.Session).
session.
ObjectInputStream using a source
ByteArrayInputStream constructed with the argument byte array.
serialized source back into an Object by using a
ByteArrayInputStream to wrap the argument and then decode this
stream via an XMLDecoder, where the
readObject call results in the original Object to return.
serializer's
deserialize method.
destroys all of it's managed caches and then
clears out the internally referenced cache map.
cacheManager via LifecycleUtils.destroy.
destroy for each object in the collection.
Subject
session, but that Subject's sessions are disabled.Realms.
AuthenticatingRealm.clearCachedAuthenticationInfo(org.apache.shiro.subject.PrincipalCollection).
super.doClearCache to ensure any cached authentication data is removed and then calls
AuthorizingRealm.clearCachedAuthorizationInfo(org.apache.shiro.subject.PrincipalCollection) to remove any cached
authorization data.
Subject instance by delegating to the internal
subjectFactory.
true always no matter what the method arguments are.
true if the provided token credentials match the stored account credentials,
false otherwise.
token's credentials, potentially using a
salt if the info argument is a
SaltedAuthenticationInfo.
token's credentials
(via getCredentials(token))
and then the account's credentials
(via getCredentials(account)) and then passes both of
them to the equals(tokenCredentials, accountCredentials) method for equality
comparison.
JndiLdapRealm.queryForAuthenticationInfo(org.apache.shiro.authc.AuthenticationToken, LdapContextFactory),
wrapping any NamingExceptions in a Shiro AuthenticationException to satisfy the parent method
signature.
name
path against the given pattern.
AuthenticationStrategy object
as each realm is consulted for AuthenticationInfo for the specified token.
null if a
session with that ID could not be found.
Runnable's run() method.
Session's state to the underlying EIS.
ScheduledExecutorService to validate sessions at fixed intervals
and enables this scheduler.
H64-encoded String.
InputStream, encrypts it, and sends the resulting encrypted data to the
given OutputStream.
cipherService.
SecurityManager instance in the context, and if not, adds 'this' to the
context.
Environment instance encapsulates all of the objects that Shiro requires to function.Environment instances or configuration.true if the tokenCredentials argument is logically equal to the
accountCredentials argument.
true if the specified object is also a SimpleAccount and its
principals are equal to this object's principals, false otherwise.
true if the Object argument is an instanceof SimpleAuthenticationInfo and
its principals are equal to this instance's principals, false otherwise.
true if the specified object is a Hash and its byte array is identical to
this Hash's byte array, false otherwise.
true if the specified object is a Hash and its byte array is identical to
this Hash's byte array, false otherwise.
true if the specified argument is an instanceof SimpleSession and both
ids are equal.
Subject and then
dispatches the associated Runnable to the underlying target Executor instance.
Callable with this Subject instance and then executes it on the
currently running thread.
Runnable with this Subject instance and then executes it on the
currently running thread.
Subject executes a
Callable.ScheduledExecutorService to call ValidatingSessionManager.validateSessions() every
interval milliseconds.file:
AuthenticationStrategy implementation that only accepts the account data from
the first successfully consulted Realm and ignores all subsequent realms.Subject instance.
hash != null ? hash.toBase64() : null.
hash != null ? hash.toHex() : null.
context class loader, then the
current ClassLoader (ClassUtils.class.getClassLoader()), then the system/application
ClassLoader (ClassLoader.getSystemClassLoader(), in that order.
Ini instance loaded with the INI-formatted data in the resource at the given path.
UUID.randomUUID().toString().
Random's nextLong() invocation.
Session instance.
Key suitable for this CipherService's algorithm
by calling generateNewKey(128) (uses a 128 bit size by default).
Key of the specified size suitable for this CipherService
(based on the algorithmName using the JDK KeyGenerator.
session instance.
key or
null if there is no Cache entry for that key.
key that is bound to
the current thread.
CacheManager.
MessageDigest algorithm name
to use when performing the hash.
SHA-256, MD5, etc.
HashService should use when computing the Hash, or
null if the default algorithm configuration of the HashService should be used.
MessageDigest algorithm name to use when performing the hash.
Annotation instance of the specified type based on the given
MethodInvocation argument, or null if no annotation
of that type could be found.
methodInvocation.getMethod().getAnnotation(clazz).
value, from which the Permission will be constructed.
Cache instance to use for authentication caching, or null if no cache has been
set.
AuthenticationInfo instances are cached if authentication caching is enabled.
AuthenticationInfo instances are cached if authentication caching is enabled.
Cache to lookup from any available cacheManager if
a cache is not explicitly configured via AuthenticatingRealm.setAuthenticationCache(org.apache.shiro.cache.Cache).
AuthenticationInfo corresponding to the specified
AuthenticationToken argument.
AuthenticationListeners that should be notified during authentication
attempts.
AuthenticationStrategy utilized by this modular authenticator during a multi-realm
log-in attempt.
Authenticator instance that this SecurityManager uses to perform all
authentication operations.
principals,
or null if no account could be found.
Cipher transformation string or 0 if the JCA Provider default block size
for the specified algorithm should be used.
name.
name.
sessionId or null if there is
no session cached under that id (or if there is no Cache).
activeSessionsCache if
one is not configured.
CipherService to use for encrypting and decrypting serialized identity data to prevent easy
inspection of Subject identity data.
account identity.
Hash instance representing the already-hashed AuthenticationInfo credentials stored in the system.
token's credentials.
account's credentials.
this.authcInfo.getCredentials.
password char array.
CredentialsMatcher used during an authentication attempt to verify submitted
credentials with those stored in the system.
null if no salt was used.
null if no salt
was used or credentials were not hashed at all.
null if no salt was used or credentials were not
hashed at all.
nextBytes().
null if none should be used.
LdapContext).
hashFormatAlias-to-fullyQualifiedHashFormatClassNameImplementation map.
AnnotationHandler used to perform authorization behavior based on
an annotation discovered at runtime.
Hash algorithmName to use
when performing hashes for credentials matching.
HashFormat implementation class name in the specified
package based on the provided token.
AuthenticationToken's credentials will be hashed before
comparing to the credentials stored in the system.
Subject is initiating the
Session.
null
if the host is unknown.
Subject's originating location.
info.getPrincipals() and
ignores the Subject argument.
CLASSPATH_PREFIX,
URL_PREFIX, or FILE_PREFIX).
Hash result.
Session last interacted with the system.
DefaultLdapContextFactory.getLdapContext(Object, Object) method should be used in all cases to ensure more than
String principals and credentials can be used. Shiro no longer calls this method - it will be
removed before the 2.0 release.
JndiLdapContextFactory.getLdapContext(Object, Object) method should be used in all cases to ensure more than
String principals and credentials can be used. Shiro no longer calls this method - it will be
removed before the 2.0 release.
LdapContextFactory.getLdapContext(Object, Object) method should be used in all cases to ensure more than
String principals and credentials can be used.
LdapContext connection bound using the specified principal and
credentials.
Method to be invoked.
Cipher transformation string or null if the JCA Provider default mode for
the specified algorithm should be used.
Realm.
null if
no object with that name was found.
Permissions assigned to the corresponding Subject.
Cipher transformation string or null if the JCA Provider default mode for
the specified algorithm should be used.
nullgetPermissionResolver() -
Method in class org.apache.shiro.realm.AuthorizingRealm
Subject before assuming the current
runAs identity, or null if this Subject is not operating under an assumed
identity (normal state).
Realm principals, or null if there are
no principals yet.
getUsername().
null if this
Subject is anonymous because it doesn't yet have any associated account data (for example,
if they haven't logged in).
PrincipalCollection or
null if this Subject is anonymous because it doesn't yet have any associated account data (for example,
if they haven't logged in).
Subject should reflect.
null if no public salt should be used.
Authenticator during an authentication attempt.
Authorizer which are consulted during an authorization check.
Realms managed by this SecurityManager instance.
JNDI name and returns all
discovered Realms in an ordered collection.
Realm instances that will be used to construct
the application's SecurityManager instance.
acquiring
the remembered serialized byte array.
null if there is no available data.
AnnotationResolver to use to acquire annotations from intercepted
methods at runtime.
context class loader, then the
current ClassLoader (ClassUtils.class.getClassLoader()), then the system/application
ClassLoader (ClassLoader.getSystemClassLoader(), in that order, using
getResourceAsStream(name).
nullgetRolePermissionResolver() -
Method in class org.apache.shiro.realm.AuthorizingRealm
this.authzInfo.getRoles();
AuthenticationInfo
returned from the Realm is a SaltedAuthenticationInfo instance and its
getCredentialsSalt() method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm does not return
SaltedAuthenticationInfo instances, but it is highly recommended that Realm implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0.
null if no salt was used.
HashService during hash computation, or null if no salt is
provided as part of the request.
HashFormat implementations according to
heuristics defined in the getHashFormat(packageName, token) JavaDoc.
Ini.Section with the given name or null if no section with that name exists.
Ini instance or an empty collection if there are
no sections.
null if the section or property do not exist.
defaultValue if the section or
property do not exist.
Ini instance or an empty collection if there are
no sections.
SecureRandom backing this instance.
SecurityManager instance accessible in the backing map using the
securityManagerName property as the lookup key.
SecurityManager instance.
Subject instance or
null if one has not yet been provided to this context.
SecurityManager instance in the backing map.
Serializer used to serialize and deserialize PrincipalCollection instances for
persistent remember me storage.
null if no Session could be found.
Session associated with this Subject.
Session associated with this Subject.
Session to use when building the Subject instance.
SessionFactory used to generate new Session instances.
Subject instance.
SessionIdGenerator used by the AbstractSessionDAO.generateSessionId(org.apache.shiro.session.Session)
method.
SessionManager.
SessionStorageEvaluator that will determine if a Subject's state may be persisted in
the Subject's session.
HashService.
Session started (was created).
JcaCipherService.encrypt(java.io.InputStream, java.io.OutputStream, byte[]) and
JcaCipherService.decrypt(java.io.InputStream, java.io.OutputStream, byte[])).
modeName attribute, but is used instead only for for streaming
operations (JcaCipherService.encrypt(java.io.InputStream, java.io.OutputStream, byte[]) and
JcaCipherService.decrypt(java.io.InputStream, java.io.OutputStream, byte[])).
Subject associated with the currently-executing code.
Subject associated with the currently-executing code.
Executor instance.
Subject available to the calling code depending on
runtime environment.
Subject that may be in use at the time the new Subject instance is
being created.
Subject instance managed by this ThreadState implementation.
Subject instance, available to subclasses
since the context class attribute is marked as private.
SubjectDAO responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services).
SubjectFactory responsible for creating Subject instances exposed to the application.
JndiLdapContextFactory.getLdapContext(Object, Object) using the
systemUsername and systemPassword properties as
arguments.
LdapContext connection bound using the system account, or
anonymously if no system account is configured.
systemUsername that will be used when creating an
LDAP connection used for authorization queries.
Session.getTimeout().
Cipher
transformation string.
Cipher.getInstance(java.lang.String) call.
Cipher.getInstance(java.lang.String) invocation when
creating a new Cipher instance.
get operation but additionally ensures that the value returned is of the specified
type.
LdapContext from the LdapContextFactory.
null if no
userDnTemplate has been configured.
setUserDnTemplate JavaDoc for a full explanation.
System.getProperty("java.version").
RequiresGuest annotation
is declared, and if so, ensures the calling Subject does not
have an identity before invoking the method.RequiresGuest annotations in a method
declaration.
RequiresGuest annotation
is declared, and if so, ensures the calling Subject does not
have an identity before invoking the method.RequiresGuest annotations in a method
declaration.
true iff any of the configured realms'
ModularRealmAuthorizer.hasRole(org.apache.shiro.subject.PrincipalCollection, String) call returns true for
all roles specified, false otherwise.
true if this Subject has all of the specified roles, false otherwise.
salt for a single iteration.
salt for the specified number of iterations.
Hash represents a one-way conversion algorithm that transforms an input source to an
underlying byte array.salt for a single iteration.
salt for the specified number of iterations.
principals are not null, returns principals.hashCode(), otherwise
returns 0 (zero).
principals instance.
HashedCredentialMatcher provides support for hashing of supplied AuthenticationToken credentials
before being compared to those in the AuthenticationInfo from the data store.hashAlgorithmName to hash submitted
credentials.
HashFormat is able to format a Hash instance into a well-defined formatted String.HashingPasswordService is a PasswordService that performs password encryption and comparisons
based on cryptographic Hashes.token's credentials using the salt stored with the account if the
info instance is an instanceof SaltedAuthenticationInfo (see
the class-level JavaDoc for why this is the preferred approach).
hashIterations times, using the given salt.
HashRequest is composed of data that will be used by a HashService to compute a hash (aka
'digest').HashRequest instances.HashService hashes input sources utilizing a particular hashing strategy.null nor of length 0.
true if the resource path is not null and starts with one of the recognized
resource prefixes (CLASSPATH_PREFIX,
URL_PREFIX, or FILE_PREFIX), false otherwise.
true if any of the configured realms'
ModularRealmAuthorizer.hasRole(org.apache.shiro.subject.PrincipalCollection, String) call returns true,
false otherwise.
true if this Subject has the specified role, false otherwise.
ModularRealmAuthorizer.hasRole(org.apache.shiro.subject.PrincipalCollection, String) for each role name in the specified
collection and places the return value from each call at the respective location in the returned array.
HashFormat that outputs only The hash's digest bytes in hex format.Subject being built will reflect the specified host name or IP as its originating
location.
HostAuthenticationToken retains the host information from where
an authentication attempt originates.Session interface that proxies another Session, but does not
allow any 'write' operations to the underlying session.Session.
true if this current instance implies all the functionality and/or resource access
described by the specified Permission argument, false otherwise.
Ini instance.
Ini instance with the specified defaults.
Ini.Section is String-key-to-String-value Map, identifiable by a
name unique within an Ini instance.Factory implementations that generate their instance(s) based on
Ini configuration.Realm implementation that creates
SimpleAccount instances based on
Ini configuration.Ini argument.
Ini resolved from the specified
resourcePath.
Factory that creates SecurityManager instances based on Ini configuration.init for each object in the collection.
PermissionResolver.resolvePermission(String) when the String being parsed is not
valid for that resolver.MethodInvocation, allowing implementations to perform pre/post/finally
surrounding the actual invocation.
methodInvocation is allowed to execute first before proceeding by calling the
assertAuthorized method first.
methodInvocation.proceed()
if authorization is allowed by first
calling assertAuthorized.
true if this Subject/user proved their identity during their current session
by providing valid credentials matching those known to the system, false otherwise.
true if the constructed Subject should be considered authenticated, false
otherwise.
true if authentication caching should be utilized if a CacheManager has been
configured, false otherwise.
true if authentication caching should be utilized based on the specified
AuthenticationToken and/or AuthenticationInfo, false otherwise.
true if authorization caching should be utilized if a CacheManager has been
configured, false otherwise.
true if the specified object can be easily converted to bytes by instances of this class,
false otherwise.
true if caching should be used if a CacheManager has been
configured, false otherwise.
true if the specified object can be easily represented as a ByteSource using
the ByteSource.Util's default heuristics, false otherwise.
true if the specified object is a recognized data type that can be easily converted to
bytes by instances of this class, false otherwise.
true if sessions should be automatically deleted after they are discovered to be invalid,
false if invalid sessions will be manually deleted by some process external to Shiro's control.
true if no sections have been configured, or if there are sections, but the sections themselves
are all empty, false otherwise.
true if this collection is empty, false otherwise.
true if the underlying wrapped byte array is null or empty (zero length), false
otherwise.
true if the specified Collection is null or empty,
false otherwise.
true if the specified Map is null or empty,
false otherwise.
true if the specified PrincipalCollection is null or
empty, false otherwise.
true if this Scheduler is enabled and ready to begin validation at the appropriate time,
false otherwise.
true if a public salt should be randomly generated and used to compute a hash if a
HashRequest does not specify a salt, false otherwise.
AuthenticationInfo
returned from the Realm is a SaltedAuthenticationInfo instance and its
getCredentialsSalt() method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm does not return
SaltedAuthenticationInfo instances, but it is highly recommended that Realm implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0.
true if this Account is locked and thus cannot be used to login, false otherwise.
true if any of the configured realms'
ModularRealmAuthorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection, String) returns true,
false otherwise.
true if any of the configured realms'
ModularRealmAuthorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) call returns true,
false otherwise.
true if any of the configured realms'
ModularRealmAuthorizer.isPermittedAll(org.apache.shiro.subject.PrincipalCollection, String...) call returns
true, false otherwise.
true if any of the configured realms'
ModularRealmAuthorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection, List) call returns true,
false otherwise.
true if this Subject is permitted to perform an action or access a resource summarized by the
specified permission string.
true if this Subject is permitted to perform an action or access a resource summarized by the
specified permission.
true if any of the configured realms'
ModularRealmAuthorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection, String) call returns true
for all of the specified string permissions, false otherwise.
true if any of the configured realms'
ModularRealmAuthorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection, Permission) call returns true
for all of the specified Permissions, false otherwise.
true if this Subject implies all of the specified permission strings, false otherwise.
true if this Subject implies all of the specified permissions, false otherwise.
true if LDAP connection pooling should be used when acquiring a connection based on the specified
account principal, false otherwise.
true if this Subject has an identity (it is not anonymous) and the identity
(aka principals) is remembered from a successful authentication during a previous
session.
true if the submitting user wishes their identity (principal(s)) to be remembered
across sessions, false otherwise.
true if this Subject is 'running as' another identity other than its original one or
false otherwise (normal Subject state).
true if the constructed Subject should be allowed to create a session, false
otherwise.
true if this Subject is allowed to create sessions, false otherwise.
Session (typically because an application developer
has called subject.getSession() already), Shiro will use that existing session to store subject state.
If a Subject does not yet have a Session, this implementation checks the
sessionStorageEnabled property:
If sessionStorageEnabled is true (the default setting), a new session may be created to persist
Subject state if necessary.
If sessionStorageEnabled is false, a new session will not be created to persist
session state.
Most applications use Sessions and are OK with the default true setting for sessionStorageEnabled.
true if any Subject's Session may be used to persist that Subject's state,
false otherwise.
true if the specified Subject's
session may be used to persist that Subject's
state, false otherwise.
true if the system's stored credential hash is Hex encoded, false if it
is Base64 encoded.
true if the associated session is valid (it exists and is not stopped nor expired),
false otherwise.
SessionIdGenerator that generates String values of JDK UUID's as the session IDs.CipherService implementation utilizing Java's JCA APIs.JcaCipherService instance which will use the specified cipher algorithmName
for all encryption, decryption, and key operations.
LdapContextFactory implementation using the default Sun/Oracle JNDI Ldap API, utilizing JNDI
environment properties and an InitialContext.environment template with
the contextFactoryClassName equal to
com.sun.jndi.ldap.LdapCtxFactory (the Sun/Oracle default) and the default
referral behavior to follow.
Realm implementation utilizing Sun's/Oracle's
JNDI API as an LDAP API.LdapContextFactory instance to a
JndiLdapContextFactory.
jndiNames.Iterator into
a single String containing the provided elements.
LdapContext objects that are used by JndiLdapRealms to
perform authentication attempts and query for authorization data.Initializable.init() and
Destroyable.destroy() methods cleanly on any object.classpath:shiro.ini file, or null if
the file does not exist.
Ini instance.
AuthenticationToken argument, and if successful, constructs a
Subject instance representing the authenticated account's identity.
authenticationToken, returning an updated Subject
instance reflecting the authenticated state if successful or throwing AuthenticationException if it is
not.
Session and authorization data.
SecurityManager instance in the backing map without performing any non-null guarantees.
MapCache is a Cache implementation that uses a backing Map instance to store
and retrieve cached data.MapContext provides a common base for context-based data storage in a Map.true if the given source matches the specified pattern,
false otherwise.
hashAlgorithmName property.hashAlgorithmName property.CacheManager implementation usable in production
environments.ConcurrentMap.AuthenticationInfo interface to be implemented by
classes that support merging with other AuthenticationInfo instances.AuthenticationInfo into this instance.
info argument into the aggregate argument and then returns an
aggregate for continued use throughout the login process.
aggregate instance if is non null and valid (that is, has principals and they are
not empty) immediately, or, if it is null or not valid, the info argument is returned instead.
AuthenticationInfo into this Account.
info argument and adds its principals and credentials into this instance.
Subject.getPrincipals() with whatever may be in
any available session.
HashFormat that supports
Modular Crypt Format token rules.ModularRealmAuthenticator delgates account lookups to a pluggable (modular) collection of
Realms.enables an
AtLeastOneSuccessfulStrategy by default.
Realms during an authorization operation.Realms to consult during an authorization check.
PrincipalCollection that allows modification.Native session manager is one that manages sessions natively - that is, it is directly responsible
for the creation, persistence and removal of Session instances and their
lifecycles.SubjectContext instance to be used to populate with subject contextual data that
will then be sent to the SecurityManager to create a new Subject instance.
DefaultSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext) directly if you
need to instantiate a custom Subject class.
AuthenticationListeners that
authentication failed for the
specified token which resulted in the specified ae exception.
AuthenticationListeners that a
Subject has logged-out.
SessionListeners that a Session has started.
AuthenticationListeners that
authentication was successful for the specified token which resulted in the specified
info.
value argument is not null.
objectArgument.toString().
null if there are none
of the specified type.
forgetting any
previously remembered identity.
Subject has failed.
notifyLogout to allow any registered listeners
to react to the logout.
Subject logs-out of the system.
Subject logs out of the system.
super.onLogout(principals) to ensure a logout notification is issued, and for each
wrapped Realm that implements the LogoutAware interface, calls
((LogoutAware)realm).onLogout(principals) to allow each realm the opportunity to perform
logout/cleanup operations during an user-logout.
forgets any previously stored identity and returns.
Session.stop() or automatically upon a subject logging out.
Subject has succeeded.
forgetting any previously
stored identity.
SecurityUtils and
ShiroException.CredentialsMatcher
interface and its supporting implementations.Realms).Permission
interface.Executor, ExecutorService,
and ScheduledExecutorService implementations for transparent
Subject association with threads in an asynchronous execution environment.SecurityManager interface and a default implementation
hierarchy for managing all aspects of Shiro's functionality in an application.Realm interface.Files or
text streams.SessionManager components supporting enterprise session management.Subject interface, the most important concept in
Shiro's API.org.apache.shiro.subject interfaces.CipherPaddingScheme represents well-known
padding schemes supported by JPA providers in a
type-safe manner.ParsableHashFormat is able to parse a formatted string and convert it into a Hash instance.CredentialsMatcher that employs best-practices comparisons for hashed text passwords.PasswordService supports common use cases when using passwords as a credentials mechanism.true if the submittedPlaintext password matches the existing savedPasswordHash,
false otherwise.
true if the submittedPlaintext password matches the existing saved password,
false otherwise.
RequiresPermissions annotation is
declared, and if so, performs a permission check to see if the calling Subject is allowed continued
access.RequiresPermissions annotations.
RequiresPermissions annotation is declared, and if so, performs
a permission check to see if the calling Subject is allowed to call the method.RequiresPermissions annotations in a method declaration.
PermisisonResolver resolves a String value and converts it into a
Permission instance.UTF-8.
Subject.PrincipalMap is map of all of a subject's principals - its identifying attributes like username, userId,
etc.Subject being built will reflect the specified principals (aka identity).
TextConfigurationRealm that defers all logic to the parent class, but just enables
Properties based configuration in addition to the parent class's String configuration.HashFormat implementations.Session implementation that immediately delegates all corresponding calls to an
underlying proxied session instance.target.
key to the current thread.
AuthenticationInfo object by querying the active directory LDAP context for the
specified username.
AuthenticationInfo object by querying the LDAP context for the
specified username.
discovered principal and provided
credentials.
AuthorizationInfo object by querying the active directory LDAP context for the
groups that a user is a member of.
AuthorizationInfo object by querying the LDAP context for the
specified principal.
AuthorizationInfo object by querying the LDAP context for the
specified principal.
Random instance to generate random IDs.AbstractSessionDAO.doReadSession(java.io.Serializable) method.
sessionId.
Realm instances
in any manner desired.SecurityManager class hierarchy based around a collection of
Realms.PatternMatcher implementation that uses standard java.util.regex objects.#runAs runAs was called.
converting them to a byte
array and then remembers that
byte array.
AuthenticationToken that indicates if the user wishes their identity to be remembered across sessions.AbstractRememberMeManager.getRememberedSerializedIdentity(SubjectContext) method.
key from the current
thread.
Removes the underlying ThreadLocal from the thread.
throws an InvalidSessionException in all
cases because this proxy is immutable.
Session under the given attributeKey.
key name.
null if the section did not exist.
Class.Subject to have all of the
specified roles.ObjectStreamClass by delegating to Shiro's
ClassUtils.forName(String) utility method, which is known to work in all ClassLoader environments.
WildcardPermission instance constructed based on the specified
permissionString.
PrincipalCollection) for the context using heuristics.
SecurityManager instance that should be used to back the constructed Subject
instance (typically used to support DelegatingSubject implementations).
Session to ensure it may be referenced if necessary by the
invoked SubjectFactory that performs actual Subject construction.
true if the resource at the specified path exists, false otherwise.
Stream-backed resources.Removes all thread-state that was bound by this instance.
bind was invoked.
RequiresRoles annotation is declared, and if so, performs
a role check to see if the calling Subject is allowed to proceed.RequiresRoles annotations.
RequiresRoles annotation is declared, and if so, performs
a role check to see if the calling Subject is allowed to invoke the method.RequiresRoles annotations in a method declaration.
Permission instances.Binds the Subject thread state, executes the target Runnable and then guarantees
the previous thread state's restoration:
session only
if sessionStorageEnabled(subject).
session.
RandomNumberGenerator interface, backed by a
SecureRandom instance.SecureRandom and a
defaultNextBytesSize of 16, which equals 128 bits, a size commonly
used in cryptographic algorithms.
SecurityManager executes all security operations for all Subjects (aka users) across a
single application.Subject for the calling code depending on runtime environment.ObjectOutputStream backed by a
ByteArrayOutputStream.
source into a byte[] array by using the
XMLEncoder to encode the object out to a
ByteArrayOutputStream, where the resulting byte[] array is returned.
principals by serializing them to a byte array by using the
serializer's serialize method.
Serializer converts objects to raw binary data and vice versa, enabling persistent storage
of objects to files, HTTP cookies, or other mechanism.Session is a stateful data context associated with a single Subject (user, daemon process,
etc) who interacts with a software system over a period of time.Subject being built will use the specified Session instance.
SessionContext is a 'bucket' of data presented to a SessionFactory which interprets
this data to construct Session instances.Session if one does not
already exist.
Session access to an
EIS (Enterprise Information System).Session instances.Subject instance that owns the Session with the
specified sessionId.
SessionDAO
implementations.SessionKey is a key that allows look-up of any particular Session
instance.Session's life cycle.SessionListener interface, effectively providing
no-op implementations of all methods.Sessions.SecurityManager class hierarchy that delegates all
session operations to a wrapped
SessionManager instance.SessionManager delegate
instance.
Subject's Session
to persist that Subject's internal state.CacheManager.
HashService should use when computing the Hash.
throws an InvalidSessionException in all
cases because this proxy is immutable.
value to the associated session uniquely identified by the attributeKey.
value to this session, uniquely identified by the specifed
key name.
Subject instance should be considered as authenticated.
Cache instance to use for authentication caching.
Cache to lookup from any available cacheManager if
a cache is not explicitly configured via AuthenticatingRealm.setAuthenticationCache(org.apache.shiro.cache.Cache).
CacheManager has been
configured, false otherwise.
AuthenticationListeners that should be notified during authentication
attempts.
AuthenticationStrategy utilized during multi-realm log-in attempts.
Authenticator instance that this SecurityManager uses to perform all
authentication operations.
CacheManager has been
configured, false otherwise.
Cipher transformation string.
SecurityManager and potentially any of its
children components.
activeSessionsCache if
one is not configured.
CacheManager has been
configured.
CipherService to use for encrypting and decrypting serialized identity data to prevent easy
inspection of Subject identity data.
principals, such as a password or private key.
null if no salt
is used or credentials are not hashed at all.
null if no salt was used or credentials were not
hashed at all.
nextBytes().
hash-format-alias-to-fullyQualifiedHashFormatClassNameImplementation map to be used in
the DefaultHashFormatFactory.getInstance(String) implementation.
HashRequest does not specify a salt.
AnnotationHandler used to perform authorization behavior based on
an annotation discovered at runtime.
Hash algorithmName to use
when performing hashes for credentials matching.
MessageDigest algorithm that will be used to compute
hashes.
AuthenticationToken's credentials will be hashed before comparing
to the credentials stored in the system.
AuthenticationInfo
returned from the Realm is a SaltedAuthenticationInfo instance and its
getCredentialsSalt() method returns a non-null value.
This method and the 1.0 behavior still exists for backwards compatibility if the Realm does not return
SaltedAuthenticationInfo instances, but it is highly recommended that Realm implementations
that support hashed credentials start returning SaltedAuthenticationInfo
instances as soon as possible.
This is because salts should always be obtained from the stored account information and
never be interpreted based on user/Subject-entered data. User-entered data is easier to compromise for
attackers, whereas account-unique (and secure randomly-generated) salts never disseminated to the end-user
are almost impossible to break. This method will be removed in Shiro 2.0.
Subject is initiating the
Session.
Subject's originating location.
Hash result.
Realm.
LdapContextFactory implementation that is used to create LDAP connections for
authentication and authorization.
Cipher transformation string.
Cipher transformation string.
Cipher transformation string.
Cipher transformation string, or null if the JCA Provider default mode for
the specified algorithm should be used.
PermissionResolver on all of the wrapped realms that
implement the PermissionResolverAware interface.
Subject should reflect.
LdapContextFactory.
RealmSecurityManager.setRealms(java.util.Collection) method.
Authorizer which are consulted during an authorization check.
AnnotationResolver to use to acquire annotations from intercepted
methods at runtime.
RolePermissionResolver on all of the wrapped realms that
implement the PermissionResolverAware interface.
HashService during hash computation.
HashService during hash computation.
LdapContextFactory.
HashFormat implementations according to
heuristics defined in the getHashFormat(packageName, token) JavaDoc.
sectionName.
SecureRandom to back this instance.
getSubject() implementation.
Subject instance
(typically used to support DelegatingSubject implementations).
SecurityManager instance in the backing map.
SecureRandom instance with additional seed data.
Serializer used to serialize and deserialize PrincipalCollection instances for
persistent remember me storage.
Session to use when building the Subject instance.
Subject instance should be allowed to create a session,
false otherwise.
SessionFactory used to generate new Session instances.
Subject instance.
SessionIdGenerator used by the AbstractSessionDAO.generateSessionId(org.apache.shiro.session.Session)
method.
SessionManager instance that will be used to support this implementation's
SessionManager method calls.
Session may be used to persist that Subject's state.
SessionStorageEvaluator that will determine if a Subject's state may be persisted in
the Subject's session.
setSessionValidationScheduler method is
never called) , this method allows one to specify how
frequently session should be validated (to check for orphans).
HashService.
HashService.
JcaCipherService.encrypt(java.io.InputStream, java.io.OutputStream, byte[]) and
JcaCipherService.decrypt(java.io.InputStream, java.io.OutputStream, byte[])).
Subject that may be in use at the time the new Subject instance is
being created.
SubjectDAO responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services).
SubjectFactory responsible for creating Subject instances exposed to the application.
LdapContextFactory.
systemUsername that will be used when creating an
LDAP connection used for authorization queries.
LdapContextFactory.
throws an InvalidSessionException in all
cases because this proxy is immutable.
LdapContextFactory.
hashAlgorithmName property.hashAlgorithmName property.hashAlgorithmName property.hashAlgorithmName property.Shiro1CryptFormat is a fully reversible
Modular Crypt Format (MCF).true if the Ini contains account data and a Realm should be implicitly
created to reflect the account data, false if no realm should be implicitly
created.
Account interface that
contains principal and credential and authorization information (roles and permissions) as instance variables and
exposes them via getters and setters using standard JavaBean notation.Realm interface that
uses a set of configured user accounts and roles to support authentication and authorization.MergableAuthenticationInfo interface that holds the principals and
credentials.AuthorizationInfo interface that stores roles and permissions as internal
attributes.ByteSource implementation that maintains an internal byte[] array and uses the
Hex and Base64 codec classes to support the
toHex() and toBase64() implementations.Hash implementation that allows any MessageDigest algorithm name to
be used.algorithmName set - no hashing is performed.
algorithmName-specific hash of the specified source with no salt using a
single hash iteration.
algorithmName-specific hash of the specified source using the given salt
using a single hash iteration.
algorithmName-specific hash of the specified source using the given
salt a total of hashIterations times.
HashRequest that can be used when interacting with a HashService.MutablePrincipalCollection interface that tracks principals internally
by storing them in a LinkedHashMap.PrincipalMap interface.Session JavaBeans-compatible POJO implementation, intended to be used on the
business/server tier.SessionFactory implementation that generates SimpleSession instances.0 if the collection is null.
0 if the map is null.
SoftHashMap is a memory-constrained map that stores its values in
SoftReferences.DEFAULT_RETENTION_SIZE (100 entries).
SoftHashMap backed by the specified source, with a default retention
size of DEFAULT_RETENTION_SIZE (100 entries).
SoftHashMap backed by the specified source, with the specified retention size.
delimited string (delimited by the specified separator character) and returns the
delimited values as a Set.
throws an InvalidSessionException in all
cases because this proxy is immutable.
Subject represents state and security operations for a single application user.Subject instances in a simplified way without
requiring knowledge of Shiro's construction techniques.Subject.Builder instance, using the SecurityManager instance available
to the calling code as determined by a call to SecurityUtils.getSecurityManager()
to build the Subject instance.
Subject.Builder instance which will use the specified SecurityManager when
building the Subject instance.
Executor implementation that will automatically first associate any argument
Runnable instances with the currently available Subject and then
dispatch the Subject-enabled runnable to an underlying delegate Executor
instance.ExecutorService implementation that will automatically first associate any argument
Runnable or Callable instances with the currently available subject and then
dispatch the Subject-enabled runnable or callable to an underlying delegate
ExecutorService instance.SubjectAwareExecutorService but additionally supports the
ScheduledExecutorService interface.SubjectCallable associates a Subject with a target/delegate
Callable to ensure proper Subject thread-state management when the Callable executes.SubjectContext is a 'bucket' of data presented to a SecurityManager which interprets
this data to construct Subject instances.SubjectDAO is responsible for persisting a Subject instance's internal state such that the Subject instance
can be recreated at a later time if necessary.SubjectFactory is responsible for constructing Subject instances as needed.SubjectRunnable ensures that a target/delegate Runnable will execute such that any
call to SecurityUtils.getSubject() during the
Runnable's execution will return the associated Subject instance.SubjectRunnable that, when executed, will execute the target delegate, but
guarantees that it will run associated with the specified Subject.
SubjectRunnable that, when executed, will perform thread state
binding and guaranteed restoration before and after the
Runnable's execution, respectively.
Subject access (supporting
SecurityUtils.getSubject() calls)
during a thread's execution.SubjectThreadState that will bind and unbind the specified Subject to the
thread
true if this interceptor supports, that is, should inspect, the specified
MethodInvocation, false otherwise.
AuthenticationToken instance, false otherwise.
ThreadState instance manages any state that might need to be bound and/or restored during a thread's
execution.InvalidSessionException indicating that this proxy is immutable.
byte array.
byte array.
PREFERRED_ENCODING.
CodecException if the encoding fails.
InputStream into a byte array.
ByteSource instance.
PREFERRED_ENCODING.
delimiter argument.
delimiter argument.
byte array.
byte array.
principals.toString() if they are not null, otherwise prints out the string
"empty"
principals.toString()PREFERRED_ENCODING.
toHex().
toHex().
getClass().getName() + ",id=" + getId().
throws an InvalidSessionException in all
cases because this proxy is immutable.
sessionId.
lastAccessTime of this session to the current time when
this method is invoked.
SecurityManager instance, but Shiro's
lookup heuristics cannot find one.DefaultSecurityManager.delete(org.apache.shiro.subject.Subject)
RuntimeException equivalent of the JDK's
ClassNotFoundException, to maintain a RuntimeException paradigm.AuthenticationToken implementation is encountered that is not
supported by one or more configured Realms.CachingSessionDAO.doUpdate(org.apache.shiro.session.Session).
{@link Session#getId() session.getId()}.
url:
RequiresUser annotation
is declared, and if so, ensures the calling Subject is either
authenticated or remembered via remember
me services before allowing access.RequiresUser annotations.
RequiresUser annotation
is declared, and if so, ensures the calling Subject is either
authenticated or remembered via remember
me services before invoking the method.RequiresUser annotations in a method
declaration.
host and a
rememberMe default of false.
host and
a rememberMe default of false
ValidatingSession is a Session that is capable of determining it is valid or not and
is able to validate itself if necessary.WildcardPermission is a very flexible permission construct supporting multiple levels of
permission matching.WildcardPermission
based on the input string.XMLEncoder and XMLDecoder to serialize
and deserialize, respectively.
|
||||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||