| Package | Description |
|---|---|
| org.apache.shiro |
This package primarily exists as a root classpath distinction, but it does contain two core classes widely used
by applications,
SecurityUtils and
ShiroException. |
| org.apache.shiro.aop |
Components used to support the framework's AOP/interception support classes.
|
| org.apache.shiro.concurrent |
Executor, ExecutorService,
and ScheduledExecutorService implementations for transparent
Subject association with threads in an asynchronous execution environment. |
| org.apache.shiro.mgt |
Provides the master
SecurityManager interface and a default implementation
hierarchy for managing all aspects of Shiro's functionality in an application. |
| org.apache.shiro.subject |
Components supporting the
Subject interface, the most important concept in
Shiro's API. |
| org.apache.shiro.subject.support |
Concrete support implementations of most of the
org.apache.shiro.subject interfaces. |
| org.apache.shiro.util |
Your run-of-the-mill 'util' pacakge for components and logic widely used across the framework that can't
find their home into a proper OO hierarchy (or, most likely for things used across many hierarchies).
|
| Modifier and Type | Method and Description |
|---|---|
static Subject |
SecurityUtils.getSubject()
Returns the currently accessible
Subject available to the calling code depending on
runtime environment. |
| Modifier and Type | Method and Description |
|---|---|
protected Subject |
MethodInterceptorSupport.getSubject()
Returns the
Subject associated with the currently-executing code. |
protected Subject |
AnnotationHandler.getSubject()
Returns the
Subject associated with the currently-executing code. |
| Modifier and Type | Method and Description |
|---|---|
protected Subject |
SubjectAwareExecutor.getSubject()
Returns the currently Subject instance that should be associated with Runnable or Callable instances before
being dispatched to the target
Executor instance. |
| Modifier and Type | Method and Description |
|---|---|
protected Subject |
DefaultSecurityManager.createSubject(AuthenticationToken token,
AuthenticationInfo info,
Subject existing)
Creates a
Subject instance for the user represented by the given method arguments. |
Subject |
SubjectFactory.createSubject(SubjectContext context)
Creates a new Subject instance reflecting the state of the specified contextual data.
|
Subject |
SecurityManager.createSubject(SubjectContext context)
Creates a
Subject instance reflecting the specified contextual data. |
Subject |
DefaultSubjectFactory.createSubject(SubjectContext context) |
Subject |
DefaultSecurityManager.createSubject(SubjectContext subjectContext)
This implementation functions as follows:
Ensures the
SubjectContext is as populated as it can be, using heuristics to acquire
data that may not have already been available to it (such as a referenced session or remembered principals).
Calls DefaultSecurityManager.doCreateSubject(org.apache.shiro.subject.SubjectContext) to actually perform the
Subject instance creation.
calls save(subject) to ensure the constructed
Subject's state is accessible for future requests/invocations if necessary.
returns the constructed Subject instance.
|
protected Subject |
DefaultSecurityManager.doCreateSubject(SubjectContext context)
Actually creates a
Subject instance by delegating to the internal
subjectFactory. |
Subject |
SecurityManager.login(Subject subject,
AuthenticationToken authenticationToken)
Logs in the specified Subject using the given
authenticationToken, returning an updated Subject
instance reflecting the authenticated state if successful or throwing AuthenticationException if it is
not. |
Subject |
DefaultSecurityManager.login(Subject subject,
AuthenticationToken token)
First authenticates the
AuthenticationToken argument, and if successful, constructs a
Subject instance representing the authenticated account's identity. |
protected Subject |
DefaultSubjectFactory.newSubjectInstance(PrincipalCollection principals,
boolean authenticated,
String host,
Session session,
SecurityManager securityManager)
Deprecated.
since 1.2 - override
DefaultSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext) directly if you
need to instantiate a custom Subject class. |
Subject |
SubjectDAO.save(Subject subject)
Persists the specified Subject's state for later access.
|
Subject |
DefaultSubjectDAO.save(Subject subject)
Saves the subject's state to the subject's
session only
if sessionStorageEnabled(subject). |
| Modifier and Type | Method and Description |
|---|---|
protected void |
DefaultSecurityManager.beforeLogout(Subject subject) |
protected void |
DefaultSecurityManager.bind(Subject subject)
Deprecated.
in favor of
save(subject). |
protected Subject |
DefaultSecurityManager.createSubject(AuthenticationToken token,
AuthenticationInfo info,
Subject existing)
Creates a
Subject instance for the user represented by the given method arguments. |
void |
SubjectDAO.delete(Subject subject)
Removes any persisted state for the specified
Subject instance. |
void |
DefaultSubjectDAO.delete(Subject subject)
Removes any existing subject state from the subject's session (if the session exists).
|
protected void |
DefaultSecurityManager.delete(Subject subject)
Removes (or 'unbinds') the Subject's state from the application, typically called during
DefaultSecurityManager.logout(org.apache.shiro.subject.Subject).. |
protected abstract void |
AbstractRememberMeManager.forgetIdentity(Subject subject)
Forgets (removes) any remembered identity data for the specified
Subject instance. |
protected PrincipalCollection |
AbstractRememberMeManager.getIdentityToRemember(Subject subject,
AuthenticationInfo info)
|
boolean |
SessionStorageEvaluator.isSessionStorageEnabled(Subject subject)
Returns
true if the specified Subject's
session may be used to persist that Subject's
state, false otherwise. |
protected boolean |
DefaultSubjectDAO.isSessionStorageEnabled(Subject subject)
Determines if the subject's session will be used to persist subject state or not.
|
boolean |
DefaultSessionStorageEvaluator.isSessionStorageEnabled(Subject subject)
This implementation functions as follows:
If the specified Subject already has an existing
Session (typically because an application developer
has called subject.getSession() already), Shiro will use that existing session to store subject state.
If a Subject does not yet have a Session, this implementation checks the
sessionStorageEnabled property:
If sessionStorageEnabled is true (the default setting), a new session may be created to persist
Subject state if necessary.
If sessionStorageEnabled is false, a new session will not be created to persist
session state.
Most applications use Sessions and are OK with the default true setting for sessionStorageEnabled. |
Subject |
SecurityManager.login(Subject subject,
AuthenticationToken authenticationToken)
Logs in the specified Subject using the given
authenticationToken, returning an updated Subject
instance reflecting the authenticated state if successful or throwing AuthenticationException if it is
not. |
Subject |
DefaultSecurityManager.login(Subject subject,
AuthenticationToken token)
First authenticates the
AuthenticationToken argument, and if successful, constructs a
Subject instance representing the authenticated account's identity. |
void |
SecurityManager.logout(Subject subject)
Logs out the specified Subject from the system.
|
void |
DefaultSecurityManager.logout(Subject subject) |
protected void |
DefaultSubjectDAO.mergeAuthenticationState(Subject subject)
Merges the Subject's current authentication state with whatever may be in
any available session.
|
protected void |
DefaultSubjectDAO.mergePrincipals(Subject subject)
Merges the Subject's current
getPrincipals() with whatever may be in
any available session. |
protected void |
DefaultSecurityManager.onFailedLogin(AuthenticationToken token,
AuthenticationException ae,
Subject subject) |
void |
RememberMeManager.onFailedLogin(Subject subject,
AuthenticationToken token,
AuthenticationException ae)
Reacts to a failed authentication attempt, typically by forgetting any previously remembered principals for the
Subject.
|
void |
AbstractRememberMeManager.onFailedLogin(Subject subject,
AuthenticationToken token,
AuthenticationException ae)
Reacts to a failed login by immediately
forgetting any
previously remembered identity. |
void |
RememberMeManager.onLogout(Subject subject)
Reacts to a Subject logging out of the application, typically by forgetting any previously remembered
principals for the Subject.
|
void |
AbstractRememberMeManager.onLogout(Subject subject)
Reacts to a subject logging out of the application and immediately
forgets any previously stored identity and returns. |
protected void |
DefaultSecurityManager.onSuccessfulLogin(AuthenticationToken token,
AuthenticationInfo info,
Subject subject) |
void |
RememberMeManager.onSuccessfulLogin(Subject subject,
AuthenticationToken token,
AuthenticationInfo info)
Reacts to a successful authentication attempt, typically saving the principals to be retrieved ('remembered')
for future system access.
|
void |
AbstractRememberMeManager.onSuccessfulLogin(Subject subject,
AuthenticationToken token,
AuthenticationInfo info)
Reacts to the successful login attempt by first always
forgetting any previously
stored identity. |
void |
AbstractRememberMeManager.rememberIdentity(Subject subject,
AuthenticationToken token,
AuthenticationInfo authcInfo)
Remembers a subject-unique identity for retrieval later.
|
protected void |
AbstractRememberMeManager.rememberIdentity(Subject subject,
PrincipalCollection accountPrincipals)
Remembers the specified account principals by first
converting them to a byte
array and then remembers that
byte array. |
protected void |
DefaultSecurityManager.rememberMeFailedLogin(AuthenticationToken token,
AuthenticationException ex,
Subject subject) |
protected void |
DefaultSecurityManager.rememberMeLogout(Subject subject) |
protected void |
DefaultSecurityManager.rememberMeSuccessfulLogin(AuthenticationToken token,
AuthenticationInfo info,
Subject subject) |
protected abstract void |
AbstractRememberMeManager.rememberSerializedIdentity(Subject subject,
byte[] serialized)
Persists the identity bytes to a persistent store for retrieval later via the
AbstractRememberMeManager.getRememberedSerializedIdentity(SubjectContext) method. |
protected void |
DefaultSubjectDAO.removeFromSession(Subject subject)
Removes any existing subject state from the Subject's session (if the session exists).
|
Subject |
SubjectDAO.save(Subject subject)
Persists the specified Subject's state for later access.
|
Subject |
DefaultSubjectDAO.save(Subject subject)
Saves the subject's state to the subject's
session only
if sessionStorageEnabled(subject). |
protected void |
DefaultSecurityManager.save(Subject subject)
Saves the subject's state to a persistent location for future reference if necessary.
|
protected void |
DefaultSubjectDAO.saveToSession(Subject subject)
Saves the subject's state (it's principals and authentication state) to its
session. |
protected void |
DefaultSecurityManager.stopSession(Subject subject) |
protected void |
DefaultSecurityManager.unbind(Subject subject)
Deprecated.
in Shiro 1.2 in favor of
DefaultSecurityManager.delete(org.apache.shiro.subject.Subject) |
| Modifier and Type | Method and Description |
|---|---|
Subject |
Subject.Builder.buildSubject()
Creates and returns a new
Subject instance reflecting the cumulative state acquired by the
other methods in this class. |
Subject |
SubjectContext.getSubject()
Returns any existing
Subject that may be in use at the time the new Subject instance is
being created. |
| Modifier and Type | Method and Description |
|---|---|
void |
SubjectContext.setSubject(Subject subject)
Sets the existing
Subject that may be in use at the time the new Subject instance is
being created. |
| Modifier and Type | Class and Description |
|---|---|
class |
DelegatingSubject
Implementation of the
Subject interface that delegates
method calls to an underlying SecurityManager instance for security checks. |
| Modifier and Type | Method and Description |
|---|---|
protected Subject |
SubjectThreadState.getSubject()
Returns the
Subject instance managed by this ThreadState implementation. |
Subject |
DefaultSubjectContext.getSubject() |
| Modifier and Type | Method and Description |
|---|---|
void |
DefaultSubjectContext.setSubject(Subject subject) |
| Constructor and Description |
|---|
SubjectCallable(Subject subject,
Callable<V> delegate) |
SubjectRunnable(Subject subject,
Runnable delegate)
Creates a new
SubjectRunnable that, when executed, will execute the target delegate, but
guarantees that it will run associated with the specified Subject. |
SubjectThreadState(Subject subject)
Creates a new
SubjectThreadState that will bind and unbind the specified Subject to the
thread |
| Modifier and Type | Method and Description |
|---|---|
static Subject |
ThreadContext.getSubject()
Convenience method that simplifies retrieval of a thread-bound Subject.
|
static Subject |
ThreadContext.unbindSubject()
Convenience method that simplifies removal of a thread-local Subject from the thread.
|
| Modifier and Type | Method and Description |
|---|---|
static void |
ThreadContext.bind(Subject subject)
Convenience method that simplifies binding a Subject to the ThreadContext.
|
Copyright © 2004-2016 The Apache Software Foundation. All Rights Reserved.