|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.shiro.mgt.CachingSecurityManager org.apache.shiro.mgt.RealmSecurityManager org.apache.shiro.mgt.AuthenticatingSecurityManager org.apache.shiro.mgt.AuthorizingSecurityManager org.apache.shiro.mgt.SessionsSecurityManager org.apache.shiro.mgt.DefaultSecurityManager
public class DefaultSecurityManager
The Shiro framework's default concrete implementation of the SecurityManager
interface,
based around a collection of Realm
s. This implementation delegates its
authentication, authorization, and session operations to wrapped Authenticator
, Authorizer
, and
SessionManager
instances respectively via superclass
implementation.
Realm
s. Because Realm
implementations usually interact with an application's data model,
they are almost always application specific; you will want to specify at least one custom
Realm
implementation that 'knows' about your application's data/security model
(via RealmSecurityManager.setRealm(org.apache.shiro.realm.Realm)
or one of the overloaded constructors). All other attributes in this class hierarchy
will have suitable defaults for most enterprise applications.
RememberMe notice: This class supports the ability to configure a
RememberMeManager
for RememberMe
identity services for login/logout, BUT, a default instance will not be created
for this attribute at startup.
Because RememberMe services are inherently client tier-specific and
therefore aplication-dependent, if you want RememberMe
services enabled, you will have to specify an
instance yourself via the setRememberMeManager
mutator. However if you're reading this JavaDoc with the
expectation of operating in a Web environment, take a look at the
org.apache.shiro.web.DefaultWebSecurityManager
implementation, which
does support RememberMe
services by default at startup.
Field Summary | |
---|---|
protected RememberMeManager |
rememberMeManager
|
protected SubjectDAO |
subjectDAO
|
protected SubjectFactory |
subjectFactory
|
Constructor Summary | |
---|---|
DefaultSecurityManager()
Default no-arg constructor. |
|
DefaultSecurityManager(Collection<Realm> realms)
Supporting constructor for multiple realms . |
|
DefaultSecurityManager(Realm singleRealm)
Supporting constructor for a single-realm application. |
Method Summary | |
---|---|
protected void |
beforeLogout(Subject subject)
|
protected void |
bind(Subject subject)
Deprecated. in favor of save(subject) . |
protected SubjectContext |
copy(SubjectContext subjectContext)
|
protected SessionContext |
createSessionContext(SubjectContext subjectContext)
|
protected Subject |
createSubject(AuthenticationToken token,
AuthenticationInfo info,
Subject existing)
Creates a Subject instance for the user represented by the given method arguments. |
Subject |
createSubject(SubjectContext subjectContext)
This implementation functions as follows: Ensures the SubjectContext is as populated as it can be, using heuristics to acquire
data that may not have already been available to it (such as a referenced session or remembered principals).
Calls doCreateSubject(org.apache.shiro.subject.SubjectContext) to actually perform the
Subject instance creation.
calls save(subject) to ensure the constructed
Subject 's state is accessible for future requests/invocations if necessary.
returns the constructed Subject instance.
|
protected SubjectContext |
createSubjectContext()
|
protected void |
delete(Subject subject)
Removes (or 'unbinds') the Subject's state from the application, typically called during logout(org.apache.shiro.subject.Subject) .. |
protected Subject |
doCreateSubject(SubjectContext context)
Actually creates a Subject instance by delegating to the internal
subjectFactory . |
protected SubjectContext |
ensureSecurityManager(SubjectContext context)
Determines if there is a SecurityManager instance in the context, and if not, adds 'this' to the
context. |
protected PrincipalCollection |
getRememberedIdentity(SubjectContext subjectContext)
|
RememberMeManager |
getRememberMeManager()
|
protected SessionKey |
getSessionKey(SubjectContext context)
|
SubjectDAO |
getSubjectDAO()
Returns the SubjectDAO responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services). |
SubjectFactory |
getSubjectFactory()
Returns the SubjectFactory responsible for creating Subject instances exposed to the application. |
Subject |
login(Subject subject,
AuthenticationToken token)
First authenticates the AuthenticationToken argument, and if successful, constructs a
Subject instance representing the authenticated account's identity. |
void |
logout(Subject subject)
Logs out the specified Subject from the system. |
protected void |
onFailedLogin(AuthenticationToken token,
AuthenticationException ae,
Subject subject)
|
protected void |
onSuccessfulLogin(AuthenticationToken token,
AuthenticationInfo info,
Subject subject)
|
protected void |
rememberMeFailedLogin(AuthenticationToken token,
AuthenticationException ex,
Subject subject)
|
protected void |
rememberMeLogout(Subject subject)
|
protected void |
rememberMeSuccessfulLogin(AuthenticationToken token,
AuthenticationInfo info,
Subject subject)
|
protected Session |
resolveContextSession(SubjectContext context)
|
protected SubjectContext |
resolvePrincipals(SubjectContext context)
Attempts to resolve an identity (a PrincipalCollection ) for the context using heuristics. |
protected SubjectContext |
resolveSession(SubjectContext context)
Attempts to resolve any associated session based on the context and returns a context that represents this resolved Session to ensure it may be referenced if necessary by the
invoked SubjectFactory that performs actual Subject construction. |
protected void |
save(Subject subject)
Saves the subject's state to a persistent location for future reference if necessary. |
void |
setRememberMeManager(RememberMeManager rememberMeManager)
|
void |
setSubjectDAO(SubjectDAO subjectDAO)
Sets the SubjectDAO responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services). |
void |
setSubjectFactory(SubjectFactory subjectFactory)
Sets the SubjectFactory responsible for creating Subject instances exposed to the application. |
protected void |
stopSession(Subject subject)
|
protected void |
unbind(Subject subject)
Deprecated. in Shiro 1.2 in favor of delete(org.apache.shiro.subject.Subject) |
Methods inherited from class org.apache.shiro.mgt.SessionsSecurityManager |
---|
afterCacheManagerSet, afterSessionManagerSet, applyCacheManagerToSessionManager, destroy, getSession, getSessionManager, setSessionManager, start |
Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager |
---|
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer |
Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager |
---|
authenticate, getAuthenticator, setAuthenticator |
Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager |
---|
applyCacheManagerToRealms, getRealms, setRealm, setRealms |
Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager |
---|
getCacheManager, setCacheManager |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
protected RememberMeManager rememberMeManager
protected SubjectDAO subjectDAO
protected SubjectFactory subjectFactory
Constructor Detail |
---|
public DefaultSecurityManager()
public DefaultSecurityManager(Realm singleRealm)
singleRealm
- the single realm used by this SecurityManager.public DefaultSecurityManager(Collection<Realm> realms)
realms
.
realms
- the realm instances backing this SecurityManager.Method Detail |
---|
public SubjectFactory getSubjectFactory()
SubjectFactory
responsible for creating Subject
instances exposed to the application.
SubjectFactory
responsible for creating Subject
instances exposed to the application.public void setSubjectFactory(SubjectFactory subjectFactory)
SubjectFactory
responsible for creating Subject
instances exposed to the application.
subjectFactory
- the SubjectFactory
responsible for creating Subject
instances exposed to the application.public SubjectDAO getSubjectDAO()
SubjectDAO
responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services). Unless configured otherwise, the default
implementation is a DefaultSubjectDAO
.
SubjectDAO
responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services).DefaultSubjectDAO
public void setSubjectDAO(SubjectDAO subjectDAO)
SubjectDAO
responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services). Unless configured otherwise, the default
implementation is a DefaultSubjectDAO
.
subjectDAO
- the SubjectDAO
responsible for persisting Subject state, typically used after login or when an
Subject identity is discovered (eg after RememberMe services).DefaultSubjectDAO
public RememberMeManager getRememberMeManager()
public void setRememberMeManager(RememberMeManager rememberMeManager)
protected SubjectContext createSubjectContext()
protected Subject createSubject(AuthenticationToken token, AuthenticationInfo info, Subject existing)
Subject
instance for the user represented by the given method arguments.
token
- the AuthenticationToken
submitted for the successful authentication.info
- the AuthenticationInfo
of a newly authenticated user.existing
- the existing Subject
instance that initiated the authentication attempt
Subject
instance that represents the context and session data for the newly
authenticated subject.@Deprecated protected void bind(Subject subject)
save(subject)
.
Subject
instance created after authentication to the application for later use.
As of Shiro 1.2, this method has been deprecated in favor of save(org.apache.shiro.subject.Subject)
,
which this implementation now calls.
subject
- the Subject
instance created after authentication to be bound to the application
for later use.save(org.apache.shiro.subject.Subject)
protected void rememberMeSuccessfulLogin(AuthenticationToken token, AuthenticationInfo info, Subject subject)
protected void rememberMeFailedLogin(AuthenticationToken token, AuthenticationException ex, Subject subject)
protected void rememberMeLogout(Subject subject)
public Subject login(Subject subject, AuthenticationToken token) throws AuthenticationException
AuthenticationToken
argument, and if successful, constructs a
Subject
instance representing the authenticated account's identity.
Once constructed, the Subject
instance is then bound
to the application for
subsequent access before being returned to the caller.
token
- the authenticationToken to process for the login attempt.subject
- the subject against which the authentication attempt will occur
AuthenticationException
- if there is a problem authenticating the specified token
.protected void onSuccessfulLogin(AuthenticationToken token, AuthenticationInfo info, Subject subject)
protected void onFailedLogin(AuthenticationToken token, AuthenticationException ae, Subject subject)
protected void beforeLogout(Subject subject)
protected SubjectContext copy(SubjectContext subjectContext)
public Subject createSubject(SubjectContext subjectContext)
SubjectContext
is as populated as it can be, using heuristics to acquire
data that may not have already been available to it (such as a referenced session or remembered principals).doCreateSubject(org.apache.shiro.subject.SubjectContext)
to actually perform the
Subject
instance creation.save(subject)
to ensure the constructed
Subject
's state is accessible for future requests/invocations if necessary.Subject
instance.
subjectContext
- any data needed to direct how the Subject should be constructed.
Subject
instance reflecting the specified contextual data.ensureSecurityManager(org.apache.shiro.subject.SubjectContext)
,
resolveSession(org.apache.shiro.subject.SubjectContext)
,
resolvePrincipals(org.apache.shiro.subject.SubjectContext)
,
doCreateSubject(org.apache.shiro.subject.SubjectContext)
,
save(org.apache.shiro.subject.Subject)
protected Subject doCreateSubject(SubjectContext context)
Subject
instance by delegating to the internal
subjectFactory
. By the time this method is invoked, all possible
SubjectContext
data (session, principals, et. al.) has been made accessible using all known heuristics
and will be accessible to the subjectFactory
via the subjectContext.resolve*
methods.
context
- the populated context (data map) to be used by the SubjectFactory
when creating a
Subject
instance.
Subject
instance reflecting the data in the specified SubjectContext
data map.getSubjectFactory()
,
SubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext)
protected void save(Subject subject)
subjectDAO
and calls
subjectDAO.save(subject)
.
subject
- the subject for which state will potentially be persistedSubjectDAO.save(org.apache.shiro.subject.Subject)
protected void delete(Subject subject)
logout(org.apache.shiro.subject.Subject)
..
This implementation merely delegates to the internal subjectDAO
and calls
delete(subject)
.
subject
- the subject for which state will be removedSubjectDAO.delete(org.apache.shiro.subject.Subject)
protected SubjectContext ensureSecurityManager(SubjectContext context)
SecurityManager
instance in the context, and if not, adds 'this' to the
context. This ensures the SubjectFactory instance will have access to a SecurityManager during Subject
construction if necessary.
context
- the subject context data that may contain a SecurityManager instance.
SubjectFactory
for subject creation.protected SubjectContext resolveSession(SubjectContext context)
Session
to ensure it may be referenced if necessary by the
invoked SubjectFactory
that performs actual Subject
construction.
If there is a Session
already in the context because that is what the caller wants to be used for
Subject
construction, or if no session is resolved, this method effectively does nothing
returns the context method argument unaltered.
context
- the subject context data that may resolve a Session instance.
SubjectFactory
for subject creation.protected Session resolveContextSession(SubjectContext context) throws InvalidSessionException
InvalidSessionException
protected SessionKey getSessionKey(SubjectContext context)
protected SubjectContext resolvePrincipals(SubjectContext context)
PrincipalCollection
) for the context using heuristics. This
implementation functions as follows:
resolve an identity
. If
so, this method does nothing and returns the method argument unaltered.getRememberedIdentity(org.apache.shiro.subject.SubjectContext)
. If that method returns a
non-null value, place the remembered PrincipalCollection
in the context.
context
- the subject context data that may provide (directly or indirectly through one of its values) a
PrincipalCollection
identity.
SubjectFactory
for subject creation.protected SessionContext createSessionContext(SubjectContext subjectContext)
public void logout(Subject subject)
SecurityManager
Subject.logout()
, not the
SecurityManager
directly.
Framework developers on the other hand might find calling this method directly useful in certain cases.
subject
- the subject to log out.protected void stopSession(Subject subject)
@Deprecated protected void unbind(Subject subject)
delete(org.apache.shiro.subject.Subject)
logout(org.apache.shiro.subject.Subject)
.
This has been deprecated in Shiro 1.2 in favor of the delete
method. The implementation has been updated to invoke that method.
subject
- the subject to unbind from the application as it will no longer be used.protected PrincipalCollection getRememberedIdentity(SubjectContext subjectContext)
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |