/** * Simply returns <code>new {@link DefaultWebSecurityManager}();</code> to ensure a web-capable * {@code SecurityManager} is available by default. * * @return a new web-capable {@code SecurityManager} instance. */ @Override protected SecurityManager createDefaultInstance() { return new DefaultWebSecurityManager(); }
@SuppressWarnings({"UnusedDeclaration"}) public DefaultWebSecurityManager(Realm singleRealm) { this(); setRealm(singleRealm); }
@SuppressWarnings({"UnusedDeclaration"}) public DefaultWebSecurityManager(Collection<Realm> realms) { this(); setRealms(realms); }
@Bean public DefaultWebSecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(realm()); securityManager.setSessionManager(sessionManager()); return securityManager; }
@Bean public SecurityManager securityManager(){ DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(myShiroRealm()); return securityManager; }
public DefaultWebSecurityManager() { super(); DefaultWebSessionStorageEvaluator webEvalutator = new DefaultWebSessionStorageEvaluator(); ((DefaultSubjectDAO) this.subjectDAO).setSessionStorageEvaluator(webEvalutator); this.sessionMode = HTTP_SESSION_MODE; setSubjectFactory(new DefaultWebSubjectFactory()); setRememberMeManager(new CookieRememberMeManager()); setSessionManager(new ServletContainerSessionManager()); webEvalutator.setSessionManager(getSessionManager()); }
protected SessionsSecurityManager createSecurityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setSubjectDAO(subjectDAO()); securityManager.setSubjectFactory(subjectFactory()); securityManager.setRememberMeManager(rememberMeManager()); return securityManager; }
protected RememberMeManager rememberMeManager() { CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager(); cookieRememberMeManager.setCookie(rememberMeCookieTemplate()); return cookieRememberMeManager; }
private void applySessionManagerToSessionStorageEvaluatorIfPossible() { SubjectDAO subjectDAO = getSubjectDAO(); if (subjectDAO instanceof DefaultSubjectDAO) { SessionStorageEvaluator evaluator = ((DefaultSubjectDAO)subjectDAO).getSessionStorageEvaluator(); if (evaluator instanceof DefaultWebSessionStorageEvaluator) { ((DefaultWebSessionStorageEvaluator)evaluator).setSessionManager(getSessionManager()); } } }
@Override protected SessionStorageEvaluator sessionStorageEvaluator() { return new DefaultWebSessionStorageEvaluator(); }
/** * @since 1.0 */ public boolean isHttpSessionMode() { SessionManager sessionManager = getSessionManager(); return sessionManager instanceof WebSessionManager && ((WebSessionManager)sessionManager).isServletContainerSessions(); }
@Override protected SubjectFactory subjectFactory() { return new DefaultWebSubjectFactory(); }
/** * Removes the rememberMe cookie from the given request/response pair. * * @param request the incoming HTTP servlet request * @param response the outgoing HTTP servlet response */ private void forgetIdentity(HttpServletRequest request, HttpServletResponse response) { getCookie().removeFrom(request, response); } }
/** * Removes the 'rememberMe' cookie from the associated {@link WebSubject}'s request/response pair. * <p/> * The {@code subject} instance is expected to be a {@link WebSubject} instance with an HTTP Request/Response pair. * If it is not a {@code WebSubject} or that {@code WebSubject} does not have an HTTP Request/Response pair, this * implementation does nothing. * * @param subject the subject instance for which identity data should be forgotten from the underlying persistence */ protected void forgetIdentity(Subject subject) { if (WebUtils.isHttp(subject)) { HttpServletRequest request = WebUtils.getHttpRequest(subject); HttpServletResponse response = WebUtils.getHttpResponse(subject); forgetIdentity(request, response); } }
@Override protected void afterSessionManagerSet() { super.afterSessionManagerSet(); applySessionManagerToSessionStorageEvaluatorIfPossible(); }
@Override protected void beforeLogout(Subject subject) { super.beforeLogout(subject); removeRequestIdentity(subject); }
protected boolean isHttpSessions() { return getSecurityManager().isHttpSessionMode(); }
/** * SecurityManager,权限管理,这个类组合了登陆,登出,权限,session的处理,是个比较重要的类。 * // */ @Bean(name = "securityManager") public DefaultWebSecurityManager securityManager() { DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager(); securityManager.setRealm(shiroRealm()); // securityManager.setCacheManager(ehCacheManager()); return securityManager; }
protected WebSecurityManager createDefaultSecurityManager() { return new DefaultWebSecurityManager(); }
@Override //since 1.2.1 for fixing SHIRO-350 public void setSubjectDAO(SubjectDAO subjectDAO) { super.setSubjectDAO(subjectDAO); applySessionManagerToSessionStorageEvaluatorIfPossible(); }