|
||||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||
AuthenticationStrategy
implementations.Authenticator implementations that performs the common work around authentication
attempts.CacheManager implementation that retains all created Cache instances in
an in-memory ConcurrentMap.ConcurrentMap.
source with no salt using a single hash iteration.
source using the given salt using a single hash iteration.
source using the given salt a total of
hashIterations times.
Realm that authenticates with an LDAP
server to build the Subject for a user.NativeSessionManager interface, supporting
SessionListeners and application of the
globalSessionTimeout.RememberMeManager interface that handles
serialization and
encryption of the remembered user identity.DefaultSerializer as the serializer and
an AesCipherService as the cipherService.
SessionDAO implementation that performs some sanity checks on session creation and reading and
allows for pluggable Session ID generation strategies if desired.sessionIdGenerator to be a
JavaUuidSessionIdGenerator.
SessionManager interface, enabling configuration of an
application-wide globalSessionTimeout.ValidatingSessionManager interface.AuthenticationInfo and
AuthorizationInfo and represents authentication and authorization for a single account in a
single Realm.shiro-activeSessionCache.
Realm that authenticates with an active directory LDAP
server to determine the roles for a particular user.CipherService using the AES cipher algorithm for all encryption, decryption, and key operations.CipherService instance using the AES cipher algorithm with the following
important cipher default attributes:
Attribute
Value
keySize
128 bits
blockSize
128 bits (required for AES
mode
CFB*
paddingScheme
PKCS5
initializationVectorSize
128 bits
generateInitializationVectors
true**
* The CFB operation mode is used instead of the JDK default ECB to
ensure strong encryption.
aggregate argument without modification.
aggregate method argument is not null and
aggregate.getPrincipals()
is not null, and if either is null, throws an AuthenticationException to indicate
that none of the realms authenticated successfully.
singleRealmInfo into the
aggregateInfo and then returns the aggregate.
info into the aggregate argument and returns it (just as the
parent implementation does), but additionally ensures the following:
if the Throwable argument is not null, re-throws it to immediately cancel the
authentication process, since this strategy requires all realms to authenticate successfully.
neither the info or aggregate argument is null to ensure that each
realm did in fact authenticate successfully
CacheManager has been set and is available for use via the
getCacheManager() method.
applyCacheManagerToRealms() to allow the
newly set CacheManager to be propagated to the internal collection of Realm
that would need to use it.
super.afterCacheManagerSet() and then immediately calls
applyCacheManagerToSessionManager() to ensure the
CacheManager is applied to the SessionManager as necessary.
realms to the internal delegate Authenticator instance so
that it may use them during authentication attempts.
super.afterRealmsSet() and then sets these same Realm objects on this
instance's wrapped Authorizer.
implies method always returns true.AnnotationHandler who processes annotations of the
specified type.
AnnotationMethodInterceptor with the
AnnotationHandler that will be used to process annotations of a corresponding
type.
methodInterceptors attribute to contain two interceptors by default - the
RoleAnnotationMethodInterceptor and the
PermissionAnnotationMethodInterceptor to
support role and permission annotations.
CacheManager on any internal configured
Realms that implement the CacheManagerAware interface.
SessionManager is injected with the newly set
CacheManager so it may use it for its internal caching needs.
ModularRealmAuthorizer.getPermissionResolver() on any internal configured
Realms that implement the PermissionResolverAware interface.
ModularRealmAuthorizer.getRolePermissionResolver() on any internal configured
Realms that implement the RolePermissionResolverAware interface.
methodInterceptors collection, and for each one,
ensures that if the interceptor
supports
the invocation, that the interceptor
asserts
that the invocation is authorized to proceed.
Subject is authenticated, and if not, throws an
UnauthenticatedException indicating the method is not allowed to be executed.
MethodInvocation.
Subject is NOT a user, that is, they do not
have an identity before continuing.
Subject has the Annotation's specified permissions, and if not, throws an
AuthorizingException indicating access is denied.
Subject has the Annotation's specified roles, and if not, throws an
AuthorizingException indicating that access is denied.
Subject is a user, that is, they are either
authenticated or remembered via remember
me services before allowing access, and if not, throws an
AuthorizingException indicating access is not allowed.
Authorizer implementation methods to ensure that the realms
has been set.
Callable instance matching the given argument while additionally ensuring that it will
retain and execute under this Subject's identity.
Runnable instance matching the given argument while additionally ensuring that it will
retain and execute under this Subject's identity.
Runnable with the currently executing subject
and then return the associated Runnable.
Authenticator interface that functions in the following manner:
Calls template doAuthenticate method for subclass execution of the actual
authentication behavior.
If an AuthenticationException is thrown during doAuthenticate,
notify any registered
AuthenticationListeners of the exception and then propogate the exception
for the caller to handle.
If no exception is thrown (indicating a successful login),
notify any registered
AuthenticationListeners of the successful attempt.
Return the AuthenticationInfo
AuthenticationToken.
Authenticator for authentication.
Subject being built will be considered
authenticated.
RequiresAuthentication annotations and ensures the calling subject is
authenticated before allowing access.RequiresAuthentication annotations.
RequiresAuthenticated annotation
is declared, and if so, ensures the calling
Subject.isAuthenticated() before invoking
the method.RequiresAuthentication annotations in a method
declaration.
SecurityManager class hierarchy that delegates all
authentication operations to a wrapped Authenticator instance.authenticator instance to a
ModularRealmAuthenticator.
AuthenticationInfo represents a Subject's (aka user's) stored account information relevant to the
authentication/log-in process only.AuthenticationListener listens for notifications while Subjects authenticate with the system.AuthenticationStrategy implementation assists the ModularRealmAuthenticator during the
log-in process in a pluggable realm (PAM) environment.AuthorizationInfo represents a single Subject's stored authorization data (roles, permissions, etc)
used during authorization (access control) checks only.AuthorizingAnnotationHandler who processes annotations of the
specified type.
handler is set which will be used to perform the
authorization assertion checks when a supported annotation is encountered.
AuthorizingRealm extends the AuthenticatingRealm's capabilities by adding Authorization
(access control) support.SecurityManager class hierarchy that delegates all
authorization (access control) operations to a wrapped Authorizer instance.ModularRealmAuthorizer.
new SimpleAuthenticationInfo();, which supports
aggregating account data across realms.
token - called before any Realm is actually invoked.
null immediately, relying on this class's merge implementation to return
only the first info object it encounters, ignoring all subsequent ones.
aggregate method argument, without modification.
Realm supports the given
token argument.
SessionListeners for notification
that the session has been invalidated (stopped or expired).
Subject instance created after authentication to the application for later use.
Subject and SecurityManager to the
ThreadContext so they can be retrieved later by any
SecurityUtils.getSubject() calls that might occur
during the thread's execution.
CipherService using the Blowfish cipher algorithm for all encryption, decryption, and key operations.CipherService instance using the Blowfish cipher algorithm with the following
important cipher default attributes:
Attribute
Value
keySize
128 bits
blockSize
64 bits (required for Blowfish)
mode
CFB*
paddingScheme
PKCS5
initializationVectorSize
64 bits
generateInitializationVectors
true**
* The CFB operation mode is used instead of the JDK default ECB to
ensure strong encryption.
Subject instance reflecting the cumulative state acquired by the
other methods in this class.
ByteSource wraps a byte array and provides additional encoding operations.sessionId.
sessionId.
CacheException.
CacheException.
CacheException.
CacheException.
Cache instances.Realm interface that provides caching support.Permission.implies(Permission) implies} the specified Permission.
isPermitted(permission), throws
an UnauthorizedException otherwise returns quietly.
isPermitted(permission), throws
an UnauthorizedException otherwise returns quietly.
implies the specified Permission.
implies all of the
specified permission strings.
implies all of the
specified permission strings.
isPermitted(permission),
throws an UnauthorizedException otherwise returns quietly.
isPermitted(permission) for
all the given Permissions, throws
an UnauthorizedException otherwise returns quietly.
implies all of the
specified permission strings.
implies all of the
specified permission strings.
AuthorizationException if they do not.
hasRole(role), throws
an UnauthorizedException otherwise returns quietly.
AuthorizationException if they do not.
AuthorizationException if they do not.
checkRole for each role specified.
AuthorizationException if they do not.
InvalidSessionException indicating that the session id is invalid.
CipherService uses a cryptographic algorithm called a
Cipher to convert an original input source using a key to
an uninterpretable format.classpath:
Classes, such as acquiring them from the
application ClassLoaders and instantiating Objects from them.removes the ThreadContext state.
ThreadContext state.
InputStream, logging any
IOException that might occur.
CodecException.
CodecException.
CodecException.
CodecException.
Map used to construct the
Subject instance.
cipherService is available, it will be used to first decrypt the byte array.
AbstractSessionDAO.doCreate(org.apache.shiro.session.Session) method, and then
asserting that the returned sessionId is not null.
super.create(session), then caches the session keyed by the returned sessionId, and then
returns this sessionId.
Cache instance associated with the specified name.
MapCache instance backed by a SoftHashMap.
Realm from the Ini instance containing account data.
Session Session instance based on the specified (possibly null)
initialization data.
Session instance based on the specified contextual initialization data.
SimpleSession instance retaining the context's
host if one can be found.
Subject instance for the user represented by the given method arguments.
DefaultSecurityManager.resolveSession(SubjectContext) method.
Subject instance reflecting the specified contextual data.
InputStream, decrypts it, and sends the resulting decrypted data
to the given OutputStream.
cipherService.
','
30 minutes.
AbstractValidatingSessionManager.setSessionValidationInterval(long)
DefaultBlockCipherService using the specified block cipher algorithmName.
LdapContextFactory that can be configured or extended to
customize the way LdapContext objects are retrieved.SecurityManager interface,
based around a collection of Realms.realms.
SessionContext interface which provides getters and setters that
wrap interaction with the underlying backing context map.SessionKey interface, which allows setting and retrieval of a concrete
sessionId that the SessionManager implementation can use to look up a
Session instance.ValidatingSessionManager.SubjectContext interface.SubjectFactory implementation that creates DelegatingSubject
instances.Session.Subject interface that delegates
method calls to an underlying SecurityManager instance for security checks.CachingSessionDAO.doDelete(org.apache.shiro.session.Session).
session.
ObjectInputStream using a source
ByteArrayInputStream constructed with the argument byte array.
serialized source back into an Object by using a
ByteArrayInputStream to wrap the argument and then decode this
stream via an XMLDecoder, where the
readObject call results in the original Object to return.
serializer's
deserialize method.
destroys all of it's managed caches and then
clears out the internally referenced cache map.
cacheManager via LifecycleUtils.destroy.
destroy for each object in the collection.
Realms.
true always no matter what the method arguments are.
getCredentials(token))
and then the account's credentials
(via getCredentials(account)) and then passes both of
them to the equals(tokenCredentials, accountCredentials) method for equality
comparison.
name
path against the given pattern.
AuthenticationStrategy object
as each realm is consulted for AuthenticationInfo for the specified token.
null if a
session with that ID could not be found.
Runnable's run() method.
Session's state to the underlying EIS.
ScheduledExecutorService to validate sessions at fixed intervals
and enables this scheduler.
InputStream, encrypts it, and sends the resulting encrypted data to the
given OutputStream.
cipherService.
SecurityManager instance in the context, and if not, adds 'this' to the
context.
true if the specified object is also a SimpleAccount and its
principals are equal to this object's principals, false otherwise.
true if the Object argument is an instanceof SimpleAuthenticationInfo and
its principals are equal to this instance's principals, false otherwise.
true if the specified object is a Hash and its byte array is identical to
this Hash's byte array, false otherwise.
true if the specified argument is an instanceof SimpleSession and both
ids are equal.
Subject and then
dispatches the associated Runnable to the underlying target Executor instance.
Callable with this Subject instance and then executes it on the
currently running thread.
Runnable with this Subject instance and then executes it on the
currently running thread.
Subject executes a
Callable.ScheduledExecutorService to call ValidatingSessionManager.validateSessions() every
interval milliseconds.file:
AuthenticationStrategy implementation that only accepts the account data from
the first successfully consulted Realm and ignores all subsequent realms.Subject instance.
context class loader, then the
current ClassLoader (ClassUtils.class.getClassLoader()), then the system/application
ClassLoader (ClassLoader.getSystemClassLoader(), in that order.
Ini instance loaded with the INI-formatted data in the resource at the given path.
UUID.randomUUID().toString().
Random's nextLong() invocation.
Session instance.
Key suitable for this CipherService's algorithm
by calling generateNewKey(128) (uses a 128 bit size by default).
Key of the specified size suitable for this CipherService
(based on the algorithmName using the JDK KeyGenerator.
session instance.
key or
null if there is no Cache entry for that key.
key that is bound to
the current thread.
CacheManager.
MessageDigest algorithm
to use when performing the hash.
value, from which the Permission will be constructed.
AuthenticationListeners that should be notified during authentication
attempts.
AuthenticationStrategy utilized by this modular authenticator during a multi-realm
log-in attempt.
Authenticator instance that this SecurityManager uses to perform all
authentication operations.
principals,
or null if no account could be found.
Cipher transformation string or 0 if the JCA Provider default block size
for the specified algorithm should be used.
name.
name.
sessionId or null if there is
no session cached under that id (or if there is no Cache).
activeSessionsCache if
one is not configured.
CipherService to use for encrypting and decrypting serialized identity data to prevent easy
inspection of Subject identity data.
account identity.
Hash instance representing the already-hashed AuthenticationInfo credentials stored in the system.
this.authcInfo.getCredentials.
password char array.
CredentialsMatcher used during an authentication attempt to verify submitted
credentials with those stored in the system.
null if none should be used.
AuthenticationToken's credentials will be hashed before
comparing to the credentials stored in the system.
Subject is initiating the
Session.
null
if the host is unknown.
Subject's originating location.
info.getPrincipals() and
ignores the Subject argument.
CLASSPATH_PREFIX,
URL_PREFIX, or FILE_PREFIX).
Session last interacted with the system.
Method to be invoked.
Cipher transformation string or null if the JCA Provider default mode for
the specified algorithm should be used.
Realm.
Permissions assigned to the corresponding Subject.
Cipher transformation string or null if the JCA Provider default mode for
the specified algorithm should be used.
nullgetPermissionResolver() -
Method in class org.apache.shiro.realm.AuthorizingRealm
Subject before assuming the current
runAs identity, or null if this Subject is not operating under an assumed
identity (normal state).
Realm principals, or null if there are
no principals yet.
getUsername().
null if this
Subject is anonymous because it doesn't yet have any associated account data (for example,
if they haven't logged in).
PrincipalCollection or
null if this Subject is anonymous because it doesn't yet have any associated account data (for example,
if they haven't logged in).
Subject should reflect.
Authenticator during an authentication attempt.
Authorizer which are consulted during an authorization check.
Realms managed by this SecurityManager instance.
JNDI name and returns all
discovered Realms in an ordered collection.
Realm instances that will be used to construct
the application's SecurityManager instance.
acquiring
the remembered serialized byte array.
null if there is no available data.
context class loader, then the
current ClassLoader (ClassUtils.class.getClassLoader()), then the system/application
ClassLoader (ClassLoader.getSystemClassLoader(), in that order, using
getResourceAsStream(name).
nullgetRolePermissionResolver() -
Method in class org.apache.shiro.realm.AuthorizingRealm
this.authzInfo.getRoles();
Ini.Section with the given name or null if no section with that name exists.
Ini instance or an empty collection if there are
no sections.
null if the section or property do not exist.
defaultValue if the section or
property do not exist.
Ini instance or an empty collection if there are
no sections.
Subject instance or
null if one has not yet been provided to this context.
Serializer used to serialize and deserialize PrincipalCollection instances for
persistent remember me storage.
null if no Session could be found.
Session associated with this Subject.
Session associated with this Subject.
Session to use when building the Subject instance.
SessionFactory used to generate new Session instances.
Subject instance.
SessionIdGenerator used by the AbstractSessionDAO.generateSessionId(org.apache.shiro.session.Session)
method.
SessionManager.
Session started (was created).
JcaCipherService.encrypt(java.io.InputStream, java.io.OutputStream, byte[]) and
JcaCipherService.decrypt(java.io.InputStream, java.io.OutputStream, byte[])).
modeName attribute, but is used instead only for for streaming
operations (JcaCipherService.encrypt(java.io.InputStream, java.io.OutputStream, byte[]) and
JcaCipherService.decrypt(java.io.InputStream, java.io.OutputStream, byte[])).
Subject associated with the currently-executing code.
Subject associated with the currently-executing code.
Executor instance.
Subject available to the calling code depending on
runtime environment.
Subject that may be in use at the time the new Subject instance is
being created.
Subject instance managed by this ThreadState implementation.
Subject instance, available to subclasses
since the context class attribute is marked as private.
Session.getTimeout().
Cipher
transformation string.
Cipher.getInstance(java.lang.String) call.
Cipher.getInstance(java.lang.String) invocation when
creating a new Cipher instance.
get operation but additionally ensures that the value returned is of the specified
type.
System.getProperty("java.version").
RequiresGuest annotation
is declared, and if so, ensures the calling Subject does not
have an identity before invoking the method.RequiresGuest annotations in a method
declaration.
RequiresGuest annotation
is declared, and if so, ensures the calling Subject does not
have an identity before invoking the method.RequiresGuest annotations in a method
declaration.
true iff any of the configured realms'
Authorizer.hasRole(org.apache.shiro.subject.PrincipalCollection , String) call returns true for
all roles specified, false otherwise.
true if this Subject has all of the specified roles, false otherwise.
salt for a single iteration.
salt for the specified number of iterations.
Hash represents a one-way conversion algorithm that transforms an input source to an
underlying byte array.principals are not null, returns principals.hashCode(), otherwise
returns 0 (zero).
principals instance.
HashedCredentialMatcher provides support for hashing of supplied AuthenticationToken credentials
before being compared to those in the AuthenticationInfo from the data store.hashIterations times, using the given salt.
new Md2Hash(credentials,salt,hashIterations).
new Md5Hash(credentials,salt,hashIterations).
new Sha1Hash(credentials,salt,hashIterations).
new Sha256Hash(credentials,salt,hashIterations).
new Sha384Hash(credentials,salt,hashIterations).
new Sha512Hash(credentials,salt,hashIterations).
null nor of length 0.
true if the resource path is not null and starts with one of the recognized
resource prefixes (CLASSPATH_PREFIX,
URL_PREFIX, or FILE_PREFIX), false otherwise.
true if any of the configured realms'
Authorizer.hasRole(org.apache.shiro.subject.PrincipalCollection , String) call returns true,
false otherwise.
true if this Subject has the specified role, false otherwise.
ModularRealmAuthorizer.hasRole(org.apache.shiro.subject.PrincipalCollection , String) for each role name in the specified
collection and places the return value from each call at the respective location in the returned array.
Subject being built will reflect the specified host name or IP as its originating
location.
HostAuthenticationToken retains the host information from where
an authentication attempt originates.Session interface that proxies another Session, but does not
allow any 'write' operations to the underlying session.Session.
true if this current instance implies all the functionality and/or resource access
described by the specified Permission argument, false otherwise.
Ini instance.
Ini instance with the specified defaults.
Ini.Section is String-key-to-String-value Map, identifiable by a
name unique within an Ini instance.Factory implementations that generate their instance(s) based on
Ini configuration.Realm implementation that creates
SimpleAccount instances based on
Ini configuration.Factory that creates SecurityManager instances based on Ini configuration.init for each object in the collection.
PermissionResolver.resolvePermission(String) when the String being parsed is not
valid for that resolver.MethodInvocation, allowing implementations to perform pre/post/finally
surrounding the actual invocation.
methodInvocation is allowed to execute first before proceeding by calling the
assertAuthorized method first.
methodInvocation.proceed()
if authorization is allowed by first
calling assertAuthorized.
true if this Subject/user proved their identity during their current session
by providing valid credentials matching those known to the system, false otherwise.
true if the constructed Subject should be considered authenticated, false
otherwise.
true if authorization caching should be utilized if a CacheManager has been
configured, false otherwise.
true if the specified object can be easily converted to bytes by instances of this class,
false otherwise.
true if caching should be used if a CacheManager has been
configured, false otherwise.
true if sessions should be automatically deleted after they are discovered to be invalid,
false if invalid sessions will be manually deleted by some process external to Shiro's control.
true if no sections have been configured, or if there are sections, but the sections themselves
are all empty, false otherwise.
true if this collection is empty, false otherwise.
true if the specified Collection is null or empty,
false otherwise.
true if the specified Map is null or empty,
false otherwise.
true if the specified PrincipalCollection is null or
empty, false otherwise.
true if this Scheduler is enabled and ready to begin validation at the appropriate time,
false otherwise.
true if a submitted AuthenticationToken's credentials should be salted when hashing,
false if it should not be salted.
true if this Account is locked and thus cannot be used to login, false otherwise.
true if any of the configured realms'
Authorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection , String) returns true,
false otherwise.
true if any of the configured realms'
Authorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection , Permission) call returns true,
false otherwise.
true if any of the configured realms'
Authorizer.isPermittedAll(org.apache.shiro.subject.PrincipalCollection, String...) call returns
true, false otherwise.
true if any of the configured realms'
Authorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection , List) call returns true,
false otherwise.
true if this Subject is permitted to perform an action or access a resource summarized by the
specified permission string.
true if this Subject is permitted to perform an action or access a resource summarized by the
specified permission.
true if any of the configured realms'
Authorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection , String) call returns true
for all of the specified string permissions, false otherwise.
true if any of the configured realms'
Authorizer.isPermitted(org.apache.shiro.subject.PrincipalCollection , Permission) call returns true
for all of the specified Permissions, false otherwise.
true if this Subject implies all of the specified permission strings, false otherwise.
true if this Subject implies all of the specified permissions, false otherwise.
true if this Subject has an identity (it is not anonymous) and the identity
(aka principals) is remembered from a successful authentication during a previous
session.
true if the submitting user wishes their identity (principal(s)) to be remembered
across sessions, false otherwise.
true if this Subject is 'running as' another identity other than its original one or
false otherwise (normal Subject state).
true if the system's stored credential hash is Hex encoded, false if it
is Base64 encoded.
true if the associated session is valid (it exists and is not stopped nor expired),
false otherwise.
SessionIdGenerator that generates String values of JDK UUID's as the session IDs.CipherService implementation utilizing Java's JCA APIs.JcaCipherService instance which will use the specified cipher algorithmName
for all encryption, decryption, and key operations.
jndiNames.AbstractLdapRealm to query for AuthenticationInfo security data (roles, permissions, etc) of particular
Subjects (users).Initializable.init() and
Destroyable.destroy() methods cleanly on any object.classpath:shiro.ini file, or null if
the file does not exist.
Ini instance.
AuthenticationToken argument, and if successful, constructs a
Subject instance representing the authenticated account's identity.
authenticationToken, returning an updated Subject
instance reflecting the authenticated state if successful or throwing AuthenticationException if it is
not.
Session and authorization data.
MapCache is a Cache implementation that uses a backing Map instance to store
and retrieve cached data.MapContext provides a common base for context-based data storage in a Map.true if the given source matches the specified pattern,
false otherwise.
CacheManager implementation usable in production
environments.ConcurrentMap.AuthenticationInfo interface to be implemented by
classes that support merging with other AuthenticationInfo instances.AuthenticationInfo into this instance.
info argument into the aggregate argument and then returns an
aggregate for continued use throughout the login process.
aggregate instance if is non null and valid (that is, has principals and they are
not empty) immediately, or, if it is null or not valid, the info argument is returned instead.
AuthenticationInfo into this Account.
info argument and adds its principals and credentials into this instance.
ModularRealmAuthenticator delgates account lookups to a pluggable (modular) collection of
Realms.enables an
AtLeastOneSuccessfulStrategy by default.
Realms during an authorization operation.Realms to consult during an authorization check.
PrincipalCollection that allows modification.Native session manager is one that manages sessions natively - that is, it is directly responsible
for the creation, persistence and removal of Session instances and their
lifecycles.Md2Hash instance, without it's byte array set.
Md5Hash instance, without it's byte array set.
Sha1Hash instance, without it's byte array set.
Sha256Hash instance, without it's byte array set.
Sha384Hash instance, without it's byte array set.
Sha512Hash instance, without it's byte array set.
SubjectContext instance to be used to populate with subject contextual data that
will then be sent to the SecurityManager to create a new Subject instance.
AuthenticationListeners that
authentication failed for the
specified token which resulted in the specified ae exception.
AuthenticationListeners that a
Subject has logged-out.
SessionListeners that a Session has started.
AuthenticationListeners that
authentication was successful for the specified token which resulted in the specified
info.
value argument is not null.
objectArgument.toString().
null if there are none
of the specified type.
forgetting any
previously remembered identity.
Subject has failed.
notifyLogout to allow any registered listeners
to react to the logout.
Subject logs-out of the system.
Subject logs out of the system.
super.onLogout(principals) to ensure a logout notification is issued, and for each
wrapped Realm that implements the LogoutAware interface, calls
((LogoutAware)realm).onLogout(principals) to allow each realm the opportunity to perform
logout/cleanup operations during an user-logout.
forgets any previously stored identity and returns.
Session.stop() or automatically upon a subject logging out.
Subject has succeeded.
forgetting any previously
stored identity.
SecurityUtils and
ShiroException.CredentialsMatcher
interface and its supporting implementations.Realms).Permission
interface.Executor, ExecutorService,
and ScheduledExecutorService implementations for transparent
Subject association with threads in an asynchronous execution environment.SecurityManager interface and a default implementation
hierarchy for managing all aspects of Shiro's functionality in an application.Realm interface.Files or
text streams.SessionManager components supporting enterprise session management.Subject interface, the most important concept in
Shiro's API.org.apache.shiro.subject interfaces.CipherPaddingScheme represents well-known
padding schemes supported by JPA providers in a
type-safe manner.RequiresPermissions annotation is
declared, and if so, performs a permission check to see if the calling Subject is allowed continued
access.RequiresPermissions annotations.
RequiresPermissions annotation is declared, and if so, performs
a permission check to see if the calling Subject is allowed to call the method.RequiresPermissions annotations in a method declaration.
PermisisonResolver resolves a String value and converts it into a
Permission instance.UTF-8.
Subject.Subject being built will reflect the specified principals (aka identity).
TextConfigurationRealm that defers all logic to the parent class, but just enables
Properties based configuration in addition to the parent class's String configuration.Session implementation that immediately delegates all corresponding calls to an
underlying proxied session instance.target.
key to the current thread.
AuthenticationInfo object by querying the active directory LDAP context for the
specified username.
AuthenticationInfo object by querying the LDAP context for the
specified username.
AuthorizationInfo object by querying the active directory LDAP context for the
groups that a user is a member of.
AuthorizationInfo object by querying the LDAP context for the
specified principal.
Random instance to generate random IDs.AbstractSessionDAO.doReadSession(java.io.Serializable) method.
sessionId.
Realm instances
in any manner desired.SecurityManager class hierarchy based around a collection of
Realms.PatternMatcher implementation that uses standard java.util.regex objects.#runAs runAs was called.
converting them to a byte
array and then remembers that
byte array.
AuthenticationToken that indicates if the user wishes their identity to be remembered across sessions.AbstractRememberMeManager.getRememberedSerializedIdentity(SubjectContext) method.
key from the current
thread.
Removes the underlying ThreadLocal from the thread.
throws an InvalidSessionException in all
cases because this proxy is immutable.
Session under the given attributeKey.
key name.
null if the section did not exist.
Subject to have one or more specified roles
in order to execute the annotated method.WildcardPermission instance constructed based on the specified
permissionString.
PrincipalCollection) for the context using heuristics.
SecurityManager instance that should be used to back the constructed Subject
instance (typically used to support DelegatingSubject implementations).
Session to ensure it may be referenced if necessary by the
invoked SubjectFactory that performs actual Subject construction.
true if the resource at the specified path exists, false otherwise.
Stream-backed resources.Removes all thread-state that was bound by this instance.
bind was invoked.
RequiresRoles annotation is declared, and if so, performs
a role check to see if the calling Subject is allowed to proceed.RequiresRoles annotations.
RequiresRoles annotation is declared, and if so, performs
a role check to see if the calling Subject is allowed to invoke the method.RequiresRoles annotations in a method declaration.
Permission instances.Binds the Subject thread state, executes the target Runnable and then guarantees
the previous thread state's restoration:
SecurityManager executes all security operations for all Subjects (aka users) across a
single application.Subject for the calling code depending on runtime environment.ObjectOutputStream backed by a
ByteArrayOutputStream.
source into a byte[] array by using the
XMLEncoder to encode the object out to a
ByteArrayOutputStream, where the resulting byte[] array is returned.
principals by serializing them to a byte array by using the
serializer's serialize method.
Serializer converts objects to raw binary data and vice versa, enabling persistent storage
of objects to files, HTTP cookies, or other mechanism.Session is a stateful data context associated with a single Subject (user, daemon process,
etc) who interacts with a software system over a period of time.Subject being built will use the specified Session instance.
SessionContext is a 'bucket' of data presented to a SessionFactory which interprets
this data to construct Session instances.Session access to an
EIS (Enterprise Information System).Session instances.Subject instance that owns the Session with the
specified sessionId.
SessionDAO
implementations.SessionKey is a key that allows look-up of any particular Session
instance.Session's life cycle.SessionListener interface, effectively providing
no-op implementations of all methods.Sessions.SecurityManager class hierarchy that delegates all
session operations to a wrapped
SessionManager instance.SessionManager delegate
instance.
CacheManager.
throws an InvalidSessionException in all
cases because this proxy is immutable.
value to the associated session uniquely identified by the attributeKey.
value to this session, uniquely identified by the specifed
key name.
Subject instance should be considered as authenticated.
AuthenticationListeners that should be notified during authentication
attempts.
AuthenticationStrategy utilized during multi-realm log-in attempts.
Authenticator instance that this SecurityManager uses to perform all
authentication operations.
CacheManager has been
configured, false otherwise.
Cipher transformation string.
SecurityManager and potentially any of its
children components.
activeSessionsCache if
one is not configured.
CacheManager has been
configured.
CipherService to use for encrypting and decrypting serialized identity data to prevent easy
inspection of Subject identity data.
principals, such as a password or private key.
AuthenticationToken's credentials will be hashed before comparing
to the credentials stored in the system.
AuthenticationToken's credentials when hashing.
Subject is initiating the
Session.
Subject's originating location.
Realm.
LdapContextFactory implementation that is used to create LDAP connections for
authentication and authorization.
Cipher transformation string.
Cipher transformation string.
Cipher transformation string.
Cipher transformation string, or null if the JCA Provider default mode for
the specified algorithm should be used.
PermissionResolver on all of the wrapped realms that
implement the PermissionResolverAware interface.
Subject should reflect.
LdapContextFactory.
RealmSecurityManager.setRealms(java.util.Collection) method.
Authorizer which are consulted during an authorization check.
RolePermissionResolver on all of the wrapped realms that
implement the PermissionResolverAware interface.
LdapContextFactory.
sectionName.
getSubject() implementation.
Subject instance
(typically used to support DelegatingSubject implementations).
Serializer used to serialize and deserialize PrincipalCollection instances for
persistent remember me storage.
Session to use when building the Subject instance.
SessionFactory used to generate new Session instances.
Subject instance.
SessionIdGenerator used by the AbstractSessionDAO.generateSessionId(org.apache.shiro.session.Session)
method.
SessionManager instance that will be used to support this implementation's
SessionManager method calls.
setSessionValidationScheduler method is
never called) , this method allows one to specify how
frequently session should be validated (to check for orphans).
JcaCipherService.encrypt(java.io.InputStream, java.io.OutputStream, byte[]) and
JcaCipherService.decrypt(java.io.InputStream, java.io.OutputStream, byte[])).
Subject that may be in use at the time the new Subject instance is
being created.
LdapContextFactory.
LdapContextFactory.
throws an InvalidSessionException in all
cases because this proxy is immutable.
LdapContextFactory.
true if the Ini contains account data and a Realm should be implicitly
created to reflect the account data, false if no realm should be implicitly
created.
Account interface that
contains principal and credential and authorization information (roles and permissions) as instance variables and
exposes them via getters and setters using standard JavaBean notation.Realm interface that
uses a set of configured user accounts and roles to support authentication and authorization.MergableAuthenticationInfo interface that holds the principals and
credentials.AuthorizationInfo interface that stores roles and permissions as internal
attributes.ByteSource implementation that maintains an internal byte[] array and uses the
Hex and Base64 codec classes to support the
toHex() and toBase64() implementations.MutablePrincipalCollection interface that tracks principals internally
by storing them in a LinkedHashMap.Session JavaBeans-compatible POJO implementation, intended to be used on the
business/server tier.SessionFactory implementation that generates SimpleSession instances.SoftHashMap is a memory-constrained map that stores its values in
SoftReferences.DEFAULT_RETENTION_SIZE (100 entries).
SoftHashMap backed by the specified source, with a default retention
size of DEFAULT_RETENTION_SIZE (100 entries).
SoftHashMap backed by the specified source, with the specified retention size.
throws an InvalidSessionException in all
cases because this proxy is immutable.
Subject represents state and security operations for a single application user.Subject instances in a simplified way without
requiring knowledge of Shiro's construction techniques.Subject.Builder instance, using the SecurityManager instance available
to the calling code as determined by a call to SecurityUtils.getSecurityManager()
to build the Subject instance.
Subject.Builder instance which will use the specified SecurityManager when
building the Subject instance.
Executor implementation that will automatically first associate any argument
Runnable instances with the currently available Subject and then
dispatch the Subject-enabled runnable to an underlying delegate Executor
instance.ExecutorService implementation that will automatically first associate any argument
Runnable or Callable instances with the currently available subject and then
dispatch the Subject-enabled runnable or callable to an underlying delegate
ExecutorService instance.SubjectAwareExecutorService but additionally supports the
ScheduledExecutorService interface.SubjectCallable associates a Subject with a target/delegate
Callable to ensure proper Subject thread-state management when the Callable executes.SubjectContext is a 'bucket' of data presented to a SecurityManager which interprets
this data to construct Subject instances.SubjectFactory is responsible for returning Subject instances as needed.SubjectRunnable ensures that a target/delegate Runnable will execute such that any
call to SecurityUtils.getSubject() during the
Runnable's execution will return the associated Subject instance.SubjectRunnable that, when executed, will execute the target delegate, but
guarantees that it will run associated with the specified Subject.
SubjectRunnable that, when executed, will perform thread state
binding and guaranteed restoration before and after the
Runnable's execution, respectively.
Subject access (supporting
SecurityUtils.getSubject() calls)
during a thread's execution.SubjectThreadState that will bind and unbind the specified Subject to the
thread
true if this interceptor supports, that is, should inspect, the specified
MethodInvocation, false otherwise.
AuthenticationToken instance, false otherwise.
ThreadState instance manages any state that might need to be bound and/or restored during a thread's
execution.InvalidSessionException indicating that this proxy is immutable.
byte array.
byte array.
PREFERRED_ENCODING.
CodecException if the encoding fails.
InputStream into a byte array.
PREFERRED_ENCODING.
delimiter argument.
byte array.
byte array.
principals.toString() if they are not null, otherwise prints out the string
"empty"
principals.toString()PREFERRED_ENCODING.
toHex().
getClass().getName() + ",id=" + getId().
throws an InvalidSessionException in all
cases because this proxy is immutable.
sessionId.
lastAccessTime of this session to the current time when
this method is invoked.
SecurityManager instance, but Shiro's
lookup heuristics cannot find one.DefaultSecurityManager.logout(org.apache.shiro.subject.Subject).
RuntimeException equivalent of the JDK's
ClassNotFoundException, to maintain a RuntimeException paradigm.AuthenticationToken implementation is encountered that is not
supported by one or more configured Realms.CachingSessionDAO.doUpdate(org.apache.shiro.session.Session).
{@link Session#getId() session.getId()}.
url:
RequiresUser annotation
is declared, and if so, ensures the calling Subject is either
authenticated or remembered via remember
me services before allowing access.RequiresUser annotations.
RequiresUser annotation
is declared, and if so, ensures the calling Subject is either
authenticated or remembered via remember
me services before invoking the method.RequiresUser annotations in a method
declaration.
host and a
rememberMe default of false.
host and
a rememberMe default of false
ValidatingSession is a Session that is capable of determining it is valid or not and
is able to validate itself if necessary.WildcardPermission is a very flexible permission construct supporting multiple levels of
permission matching.WildcardPermission
based on the input string.XMLEncoder and XMLDecoder to serialize
and deserialize, respectively.
|
||||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||