DefaultWebSecurityManager

java.lang.Object
- org.apache.shiro.mgt.CachingSecurityManager
- - org.apache.shiro.mgt.RealmSecurityManager
  - - org.apache.shiro.mgt.AuthenticatingSecurityManager
    - - org.apache.shiro.mgt.AuthorizingSecurityManager
      - org.apache.shiro.mgt.SessionsSecurityManager
        
        org.apache.shiro.mgt.DefaultSecurityManager
        
        org.apache.shiro.web.mgt.DefaultWebSecurityManager

All Implemented Interfaces:

Authenticator, Authorizer, CacheManagerAware, SecurityManager, SessionManager, Destroyable, WebSecurityManager
```
public class DefaultWebSecurityManager
extends DefaultSecurityManager
implements WebSecurityManager
```
Default WebSecurityManager implementation used in web-based applications or any application that requires HTTP connectivity (SOAP, http remoting, etc).

Since:

0.2

Field Summary

Fields

Modifier and Type	Field and Description
`static String`	`HTTP_SESSION_MODE` Deprecated.
`static String`	`NATIVE_SESSION_MODE` Deprecated.

Fields inherited from class org.apache.shiro.mgt.DefaultSecurityManager
rememberMeManager, subjectDAO, subjectFactory

Constructor Summary

Constructors

Constructor and Description
`DefaultWebSecurityManager()`
`DefaultWebSecurityManager(Collection<Realm> realms)`
`DefaultWebSecurityManager(Realm singleRealm)`

Method Summary

All Methods

Instance Methods

Concrete Methods

Deprecated Methods
Modifier and Type	Method and Description
`protected void`	`afterSessionManagerSet()`
`protected void`	`beforeLogout(Subject subject)`
`protected SubjectContext`	`copy(SubjectContext subjectContext)`
`protected SessionContext`	`createSessionContext(SubjectContext subjectContext)`
`protected SessionManager`	`createSessionManager(String sessionMode)`
`protected SubjectContext`	`createSubjectContext()`
`protected SessionKey`	`getSessionKey(SubjectContext context)`
`String`	`getSessionMode()` Deprecated.
`boolean`	`isHttpSessionMode()` Security information needs to be retained from request to request, so Shiro makes use of a session for this.
`protected void`	`removeRequestIdentity(Subject subject)`
`void`	`setSessionManager(SessionManager sessionManager)`
`void`	`setSessionMode(String sessionMode)` Deprecated. since 1.2
`void`	`setSubjectDAO(SubjectDAO subjectDAO)`

Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager
bind, createSubject, createSubject, delete, doCreateSubject, ensureSecurityManager, getRememberedIdentity, getRememberMeManager, getSubjectDAO, getSubjectFactory, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, resolveContextSession, resolvePrincipals, resolveSession, save, setRememberMeManager, setSubjectFactory, stopSession, unbind

Methods inherited from class org.apache.shiro.mgt.SessionsSecurityManager
afterCacheManagerSet, applyCacheManagerToSessionManager, destroy, getSession, getSessionManager, start

Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager
afterRealmsSet, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer

Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager
authenticate, getAuthenticator, setAuthenticator

Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager
applyCacheManagerToRealms, getRealms, setRealm, setRealms

Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager
getCacheManager, setCacheManager

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.shiro.mgt.SecurityManager
createSubject, login, logout

Methods inherited from interface org.apache.shiro.authc.Authenticator
authenticate

Methods inherited from interface org.apache.shiro.authz.Authorizer
checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll

Methods inherited from interface org.apache.shiro.session.mgt.SessionManager
getSession, start

- Field Detail
  - HTTP_SESSION_MODE
```
@Deprecated
public static final String HTTP_SESSION_MODE
```
    Deprecated.
    
    See Also:
    
    Constant Field Values
  - NATIVE_SESSION_MODE
```
@Deprecated
public static final String NATIVE_SESSION_MODE
```
    Deprecated.
    
    See Also:
    
    Constant Field Values
- Constructor Detail
  - DefaultWebSecurityManager
```
public DefaultWebSecurityManager()
```
  - DefaultWebSecurityManager
```
public DefaultWebSecurityManager(Realm singleRealm)
```
  - DefaultWebSecurityManager
```
public DefaultWebSecurityManager(Collection<Realm> realms)
```
- Method Detail
  - createSubjectContext
```
protected SubjectContext createSubjectContext()
```
  - setSubjectDAO
```
public void setSubjectDAO(SubjectDAO subjectDAO)
```
  - afterSessionManagerSet
```
protected void afterSessionManagerSet()
```
  - copy
```
protected SubjectContext copy(SubjectContext subjectContext)
```
  - getSessionMode
```
@Deprecated
public String getSessionMode()
```
    Deprecated.
  - setSessionMode
```
@Deprecated
public void setSessionMode(String sessionMode)
```
    Deprecated. since 1.2
    
    Parameters:
    
    sessionMode -
  - setSessionManager
```
public void setSessionManager(SessionManager sessionManager)
```
  - isHttpSessionMode
```
public boolean isHttpSessionMode()
```
    Description copied from interface: WebSecurityManager
    
    Security information needs to be retained from request to request, so Shiro makes use of a session for this. Typically, a security manager will use the servlet container's HTTP session but custom session implementations, for example based on EhCache, may also be used. This method indicates whether the security manager is using the HTTP session or not.
    
    Specified by:
    
    isHttpSessionMode in interface WebSecurityManager
    
    Returns:
    
    true if the security manager is using the HTTP session; otherwise, false.
    
    Since:
    
    1.0
  - createSessionManager
```
protected SessionManager createSessionManager(String sessionMode)
```
  - createSessionContext
```
protected SessionContext createSessionContext(SubjectContext subjectContext)
```
  - getSessionKey
```
protected SessionKey getSessionKey(SubjectContext context)
```
  - beforeLogout
```
protected void beforeLogout(Subject subject)
```
  - removeRequestIdentity
```
protected void removeRequestIdentity(Subject subject)
```

Class DefaultWebSecurityManager

Field Summary

Fields

Fields inherited from class org.apache.shiro.mgt.DefaultSecurityManager

Constructor Summary

Constructors

Method Summary

Methods inherited from class org.apache.shiro.mgt.DefaultSecurityManager

Methods inherited from class org.apache.shiro.mgt.SessionsSecurityManager

Methods inherited from class org.apache.shiro.mgt.AuthorizingSecurityManager

Methods inherited from class org.apache.shiro.mgt.AuthenticatingSecurityManager

Methods inherited from class org.apache.shiro.mgt.RealmSecurityManager

Methods inherited from class org.apache.shiro.mgt.CachingSecurityManager

Methods inherited from class java.lang.Object

Methods inherited from interface org.apache.shiro.mgt.SecurityManager

Methods inherited from interface org.apache.shiro.authc.Authenticator

Methods inherited from interface org.apache.shiro.authz.Authorizer

Methods inherited from interface org.apache.shiro.session.mgt.SessionManager

Field Detail

HTTP_SESSION_MODE

NATIVE_SESSION_MODE

Constructor Detail

DefaultWebSecurityManager

DefaultWebSecurityManager

DefaultWebSecurityManager

Method Detail

createSubjectContext

setSubjectDAO

afterSessionManagerSet

copy

getSessionMode

setSessionMode

setSessionManager

isHttpSessionMode

createSessionManager

createSessionContext

getSessionKey

beforeLogout

removeRequestIdentity