|
JSecurity | |||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||
ModularAuthenticationStrategy
implementations.Authenticator implementations that performs the common work around authentication
attempts.Realm that authenticates with an LDAP
server to build the Subject for a user.RememberMeManager interface that handles
serialization and
encryption of the remembered user identity.ValidatingSessionManager interface.WebAttribute interface.AuthenticationInfo and
AuthorizationInfo and represents authentication and authorization for a single account in a
single Realm.jsecurity-activeSessionCache.
Realm that authenticates with an active directory LDAP
server to determine the roles for a particular user.listener that wishes to be notified during the authentication process.
SessionManager instance
supports session listener registration and then
adds the listener to the
delegate instance.
listener that wishes to be notified during Session lifecycles.
preHandle,
postHandle,
and afterCompletion
hooks.aggregate argument without modification.
aggregate method argument is not null and
aggregate.
- afterAllAttempts(AuthenticationToken, AuthenticationInfo) -
Method in interface org.jsecurity.authc.pam.ModularAuthenticationStrategy
- Method invoked by the ModularAuthenticator signifying that all of its configured Realms have been consulted
for account data, allowing post-proccessing after all realms have completed.
- afterAttempt(Realm, AuthenticationToken, AuthenticationInfo, AuthenticationInfo, Throwable) -
Method in class org.jsecurity.authc.pam.AbstractAuthenticationStrategy
- Base implementation that will aggregate the specified
singleRealmInfo into the
aggregateInfo and then returns the aggregate.
- afterAttempt(Realm, AuthenticationToken, AuthenticationInfo, AuthenticationInfo, Throwable) -
Method in class org.jsecurity.authc.pam.AllSuccessfulModularAuthenticationStrategy
- Merges the specified
info into the aggregate argument and returns it (just as the
parent implementation does), but additionally ensures the following:
if the Throwable argument is not null, re-throws it to immediately cancel the
authentication process, since this strategy requires all realms to authenticate successfully.
- afterAttempt(Realm, AuthenticationToken, AuthenticationInfo, AuthenticationInfo, Throwable) -
Method in interface org.jsecurity.authc.pam.ModularAuthenticationStrategy
- Method invoked by the ModularAuthenticator just after the given realm has been consulted for authentication,
allowing post-authentication-attempt logic for that realm only.
- afterAuthorizationCacheSet() -
Method in class org.jsecurity.realm.AuthorizingRealm
-
- afterAuthorizationCacheSet() -
Method in class org.jsecurity.realm.ldap.AbstractLdapRealm
-
- afterAuthorizationCacheSet() -
Method in class org.jsecurity.realm.SimpleAccountRealm
-
- afterBound(String, Object) -
Method in class org.jsecurity.web.servlet.JSecurityHttpSession
-
- afterCacheManagerSet() -
Method in class org.jsecurity.mgt.CachingSecurityManager
- Template callback to notify subclasses that a
CacheManager has been set and is available for use via the
getCacheManager() method.
- afterCacheManagerSet() -
Method in class org.jsecurity.mgt.RealmSecurityManager
- Simply calls
applyCacheManagerToRealms() to allow the
newly set CacheManager to be propagated to the internal collection of Realm
that would need to use it.
- afterCacheManagerSet() -
Method in class org.jsecurity.mgt.SessionsSecurityManager
- Calls
super.afterCacheManagerSet() and then immediately calls
applyCacheManagerToSessionManager() to ensure the
CacheManager is applied to the SessionManager as necessary.
- afterCacheManagerSet() -
Method in class org.jsecurity.realm.AuthorizingRealm
-
- afterCacheManagerSet() -
Method in class org.jsecurity.realm.CachingRealm
-
- afterCompletion(ServletRequest, ServletResponse, Exception) -
Method in class org.jsecurity.web.servlet.AdviceFilter
- Called in all cases in a
finally block even if preHandle returns
false or if an exception is thrown during filter chain processing.
- afterPropertiesSet() -
Method in class org.jsecurity.spring.security.interceptor.AuthorizationAttributeSourceAdvisor
-
- afterRoleCacheSet() -
Method in class org.jsecurity.realm.SimpleAccountRealm
-
- afterRoleCacheSet() -
Method in class org.jsecurity.realm.text.PropertiesRealm
-
- afterSecurityManagerSet(Map<String, Map<String, String>>) -
Method in class org.jsecurity.config.IniConfiguration
-
- afterSecurityManagerSet(Map<String, Map<String, String>>) -
Method in class org.jsecurity.web.config.IniWebConfiguration
- This implementation:
First builds the filter instances by processing the [filters] section
Builds a collection filter chains according to the definitions in the [urls] section
Initializes the filter instances in the order in which they were defined
- afterSessionValidationEnabled() -
Method in class org.jsecurity.session.mgt.AbstractValidatingSessionManager
-
- afterUnbound(String, Object) -
Method in class org.jsecurity.web.servlet.JSecurityHttpSession
-
- ALGORITHM_NAME -
Static variable in class org.jsecurity.crypto.hash.Md2Hash
-
- ALGORITHM_NAME -
Static variable in class org.jsecurity.crypto.hash.Md5Hash
-
- ALGORITHM_NAME -
Static variable in class org.jsecurity.crypto.hash.Sha1Hash
-
- ALGORITHM_NAME -
Static variable in class org.jsecurity.crypto.hash.Sha256Hash
-
- ALGORITHM_NAME -
Static variable in class org.jsecurity.crypto.hash.Sha384Hash
-
- ALGORITHM_NAME -
Static variable in class org.jsecurity.crypto.hash.Sha512Hash
-
- AllowAllCredentialsMatcher - Class in org.jsecurity.authc.credential
- A credentials matcher that always returns true when matching credentials no matter what arguments
are passed in.
- AllowAllCredentialsMatcher() -
Constructor for class org.jsecurity.authc.credential.AllowAllCredentialsMatcher
-
- AllPermission - Class in org.jsecurity.authz.permission
- An all AllPermission instance is one that always implies any other permission; that is, its
implies method always returns true. - AllPermission() -
Constructor for class org.jsecurity.authz.permission.AllPermission
-
- AllSuccessfulModularAuthenticationStrategy - Class in org.jsecurity.authc.pam
- ModularAuthenticationStrategy implementation that requires all configured realms to
successfully process the submitted AuthenticationToken during the log-in attempt.
- AllSuccessfulModularAuthenticationStrategy() -
Constructor for class org.jsecurity.authc.pam.AllSuccessfulModularAuthenticationStrategy
-
- ALREADY_FILTERED_SUFFIX -
Static variable in class org.jsecurity.web.servlet.OncePerRequestFilter
- Suffix that gets appended to the filter name for the "already filtered" request attribute.
- annotationClass -
Variable in class org.jsecurity.aop.AnnotationHandler
- The type of annotation this handler will process.
- AnnotationHandler - Class in org.jsecurity.aop
- Base support class for implementations that reads and processes JSR-175 annotations.
- AnnotationHandler(Class<? extends Annotation>) -
Constructor for class org.jsecurity.aop.AnnotationHandler
- Constructs an
AnnotationHandler who processes annotations of the
specified type.
- AnnotationMethodInterceptor - Class in org.jsecurity.aop
- MethodInterceptor that inspects a specific annotation on the method invocation before continuing
its execution.
- AnnotationMethodInterceptor(AnnotationHandler) -
Constructor for class org.jsecurity.aop.AnnotationMethodInterceptor
- Constructs an
AnnotationMethodInterceptor with the
AnnotationHandler that will be used to process annotations of a corresponding
type.
- AnnotationsAuthorizingMethodInterceptor - Class in org.jsecurity.authz.aop
- An AnnotationsAuthorizingMethodInterceptor is a MethodInterceptor that asserts a given method is authorized
to execute based on one or more configured AuthorizingAnnotationMethodInterceptors.
- AnnotationsAuthorizingMethodInterceptor() -
Constructor for class org.jsecurity.authz.aop.AnnotationsAuthorizingMethodInterceptor
- Default no-argument constructor that defaults the
methodInterceptors attribute to contain two interceptors by default - the
RoleAnnotationMethodInterceptor and the
PermissionAnnotationMethodInterceptor to
support role and permission annotations.
- AnonymousFilter - Class in org.jsecurity.web.filter.authc
- Filter that allows access to a path immeidately without performing security checks of any kind.
- AnonymousFilter() -
Constructor for class org.jsecurity.web.filter.authc.AnonymousFilter
-
- AntPathMatcher - Class in org.jsecurity.util
- PathMatcher implementation for Ant-style path patterns.
- AntPathMatcher() -
Constructor for class org.jsecurity.util.AntPathMatcher
-
- AopAllianceAnnotationsAuthorizingMethodInterceptor - Class in org.jsecurity.spring.security.interceptor
- Allows JSecurity Annotations to work in any AOP Alliance
specific implementation environment (for example, Spring).
- AopAllianceAnnotationsAuthorizingMethodInterceptor() -
Constructor for class org.jsecurity.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor
-
- appendQueryProperties(StringBuffer, Map, String) -
Method in class org.jsecurity.web.RedirectView
- Append query properties to the redirect URL.
- appliedPaths -
Variable in class org.jsecurity.web.filter.PathMatchingFilter
- A collection of path-to-config entries where the key is a path which this filter should process and
the value is the (possibly null) configuration element specific to this Filter for that specific path.
- applyCacheManagerToRealms() -
Method in class org.jsecurity.mgt.RealmSecurityManager
- Sets the internal
CacheManager on any internal configured
Realms that implement the CacheManagerAware interface.
- applyCacheManagerToSessionManager() -
Method in class org.jsecurity.mgt.SessionsSecurityManager
- Ensures the internal delegate
SessionManager is injected with the newly set
CacheManager so it may use it for its internal caching needs.
- applyEmbeddedConfig(WebConfiguration) -
Method in class org.jsecurity.web.servlet.JSecurityFilter
-
- applyFilterConfig(WebConfiguration) -
Method in class org.jsecurity.web.servlet.JSecurityFilter
-
- applyGlobalProperty(Map, String, String) -
Method in class org.jsecurity.config.ReflectionBuilder
-
- applyInitParams() -
Method in class org.jsecurity.web.servlet.JSecurityFilter
-
- applyProperty(String, String, Map) -
Method in class org.jsecurity.config.ReflectionBuilder
-
- applyProperty(Object, String, String) -
Method in class org.jsecurity.config.ReflectionBuilder
-
- applySingleProperty(Map, String, String, String) -
Method in class org.jsecurity.config.ReflectionBuilder
-
- applyUrlConfig(WebConfiguration) -
Method in class org.jsecurity.web.servlet.JSecurityFilter
-
- asList() -
Method in interface org.jsecurity.subject.PrincipalCollection
- Returns a single Subject's principals retrieved from all configured Realms as a List, or an empty List if
there are not any principals.
- asList() -
Method in class org.jsecurity.subject.SimplePrincipalCollection
-
- asList(E...) -
Static method in class org.jsecurity.util.CollectionUtils
-
- assertAuthorized(MethodInvocation) -
Method in class org.jsecurity.authz.aop.AnnotationsAuthorizingMethodInterceptor
- Iterates over the internal
methodInterceptors collection, and for each one,
ensures that if the interceptor
supports
the invocation, that the interceptor
asserts
that the invocation is authorized to proceed.
- assertAuthorized(Annotation) -
Method in class org.jsecurity.authz.aop.AuthenticatedAnnotationHandler
- Ensures that the calling
Subject is authenticated, and if not, throws an
UnauthenticatedException indicating the method is not allowed to be executed.
- assertAuthorized(Annotation) -
Method in class org.jsecurity.authz.aop.AuthorizingAnnotationHandler
- Ensures the calling Subject is authorized to execute based on the directive(s) found in the given
annotation.
- assertAuthorized(MethodInvocation) -
Method in class org.jsecurity.authz.aop.AuthorizingAnnotationMethodInterceptor
- Ensures the calling Subject is authorized to execute the specified
MethodInvocation.
- assertAuthorized(MethodInvocation) -
Method in class org.jsecurity.authz.aop.AuthorizingMethodInterceptor
- Asserts that the specified MethodInvocation is allowed to continue by performing any necessary authorization
(access control) checks first.
- assertAuthorized(Annotation) -
Method in class org.jsecurity.authz.aop.GuestAnnotationHandler
- Ensures that the calling
Subject is NOT a user, that is, they do not
have an identity before continuing.
- assertAuthorized(Annotation) -
Method in class org.jsecurity.authz.aop.PermissionAnnotationHandler
- Ensures that the calling
Subject has the Annotation's specified permissions, and if not, throws an
AuthorizingException indicating access is denied.
- assertAuthorized(Annotation) -
Method in class org.jsecurity.authz.aop.RoleAnnotationHandler
- Ensures that the calling
Subject has the Annotation's specified roles, and if not, throws an
AuthorizingException indicating that access is denied.
- assertAuthorized(Annotation) -
Method in class org.jsecurity.authz.aop.UserAnnotationHandler
- Ensures that the calling
Subject is a user, that is, they are either
authenticated or remembered via remember
me services before allowing access, and if not, throws an
AuthorizingException indicating access is not allowed.
ModularRealmAuthenticator.doAuthenticate(org.jsecurity.authc.AuthenticationToken) implementation to ensure that the realms property
has been set.
Authorizer implementation methods to ensure that the realms
has been set.
Authenticator interface that functions in the following manner:
Calls template doAuthenticate method for subclass execution of the actual
authentication behavior.
Authenticator for authentication.
WWW-Authenticate
RequiresAuthentication annotations and ensures the calling subject is
authenticated before allowing access.RequiresAuthentication annotations.
RequiresAuthenticated annotation
is declared, and if so, ensures the calling
Subject.RequiresAuthentication annotations in a method
declaration.
AuthenticationFilter that is capable of automatically performing an authentication attempt
based on the incoming request.SecurityManager class hierarchy that delegates all
authentication operations to a wrapped Authenticator instance.authenticator instance to be a ModularRealmAuthenticator.
AuthenticationInfo represents a Subject's (aka user's) stored account information relevant to the
authentication/log-in process only.AuthenticationListener listens for notifications while
Subjects authenticate with the system.AuthenticationListenerRegistrar is a component that is capable of registering interested
AuthenticationListeners that wish to be notified during the authentication
process.Authorization
AuthorizationInfo represents a single Subject's stored authorization data (roles, permissions, etc)
used during authorization (access control) checks only.AuthorizingAnnotationHandler who processes annotations of the
specified type.
handler is set which will be used to perform the
authorization assertion checks when a supported annotation is encountered.
SecurityManager class hierarchy that delegates all
authorization (access control) operations to a wrapped Authorizer instance.authenticated for the
request to continue, and if they're not, forces the user to login via the HTTP Basic protocol-specific challenge.new SimpleAuthenticationInfo();, which supports
aggregating account data across realms.
null immediately, relying on this class's merge implementation to return
only the first info object it encounters, ignoring all subsequent ones.
aggregate method argument, without modification.
Realm supports the given
token argument.
beforeSessionManagerDestroyed() to allow subclass clean up and
then immediatley calls destroySessionManager() to clean up the internal
delegate instance.
beforeRealmsDestroyed() to allow subclasses to clean up
first, then calls destroyRealms() to clean up the internal Realms
collection.
SessionListeners for notification
that the session has been invalidated (stopped or expired).
beforeAuthenticatorDestroyed()
to allow subclass cleanup and then calls destroyAuthenticator() to actually
clean up the internal delegate instance.
key to use during
encryption and decryption.
sessionId.
CacheException.
CacheException.
CacheException.
CacheException.
Cache instances.sessionId.
Realm interface that provides logging and caching support.Permission.implies(Permission) implies} the specified Permission.
implies the specified Permission.
implies all of the
specified permission strings.
implies all of the
specified permission strings.
implies all of the
specified permission strings.
implies all of the
specified permission strings.
AuthorizationException if they do not.
AuthorizationException if they do not.
AuthorizationException if they do not.
checkRole for each role specified.
AuthorizationException if they do not.
classpath:
Classes, such as acquiring them from the
application ClassLoaders and instantiating Objects from them.finally code block in the
doFilterInternal
implementation.
CodecException.
CodecException.
CodecException.
CodecException.
Configuration is responsible for 'wiring' together all the JSecurity components for an
application, such as the SecurityManager, and any of its
dependencies.key is bound to the current thread, false otherwise.
org.aopalliance.intercept.MethodInvocation and then
calls methodInvocation.
- convertJndiName(String) -
Method in class org.jsecurity.jndi.JndiLocator
- Convert the given JNDI name into the actual JNDI name to use.
- COOKIE_SESSION_ID_SOURCE -
Static variable in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- CookieAttribute<T> - Class in org.jsecurity.web.attr
- A CookieAttribute stores an object as a
Cookie for access on later requests. - CookieAttribute() -
Constructor for class org.jsecurity.web.attr.CookieAttribute
-
- CookieAttribute(String) -
Constructor for class org.jsecurity.web.attr.CookieAttribute
- Constructs a CookieAttribute using a
Cookie with the specified name
using the request context's path and with a maxAge of -1, indicating the
Cookie will persist until browser shutdown.
- CookieAttribute(String, String) -
Constructor for class org.jsecurity.web.attr.CookieAttribute
- Constructs a CookieAttribute using a
Cookie with the specified
name and path.
- CookieAttribute(String, int) -
Constructor for class org.jsecurity.web.attr.CookieAttribute
- Constructs a CookieAttribute using a
Cookie with the specified
name and maxAge.
- CookieAttribute(String, String, int) -
Constructor for class org.jsecurity.web.attr.CookieAttribute
- Constructs a CookieAttribute using a
Cookie with the specified
name, path, and
maxAge.
- CookieAttribute(String, String, int, Class<? extends PropertyEditor>) -
Constructor for class org.jsecurity.web.attr.CookieAttribute
- Constructs a CookieAttribute using a
Cookie with the specified
name, path, and
maxAge, utilizing the specified PropertyEditor to perform value/string
conversion on the object stored as a cookie.
- create(Session) -
Method in class org.jsecurity.session.mgt.DefaultSessionManager
-
- create(Session) -
Method in class org.jsecurity.session.mgt.eis.CachingSessionDAO
- Creates the session by delegating EIS creation to subclasses via the
CachingSessionDAO.doCreate(org.jsecurity.session.Session) method, and then
caches the session.
- create(Session) -
Method in interface org.jsecurity.session.mgt.eis.SessionDAO
- Inserts a new Session record into the underling EIS (e.g.
- createActiveSessionsCache() -
Method in class org.jsecurity.session.mgt.eis.CachingSessionDAO
- Creates a cache instance used to store active sessions.
- createAuthorizer() -
Method in class org.jsecurity.mgt.AuthorizingSecurityManager
- Creates a new
Authorizer instance to be used by this AuthorizingSecurityManager instance.
- createCacheManager() -
Method in class org.jsecurity.mgt.CachingSecurityManager
- Creates a
CacheManager instance to be used by this SecurityManager
and potentially any of its children components.
- createChain(List<Filter>, FilterChain) -
Method in class org.jsecurity.web.config.IniWebConfiguration
- Creates a new FilterChain based on the specified configured url filter chain and original chain.
- createChains(Map<String, String>, Map<String, Filter>) -
Method in class org.jsecurity.web.config.IniWebConfiguration
-
- createDefaultFilters() -
Method in class org.jsecurity.web.config.IniWebConfiguration
-
- createDefaultRealm() -
Method in class org.jsecurity.mgt.RealmSecurityManager
- Creates a default Realm implementation to use in lazy-initialization use cases.
- createDefaultSecurityManager() -
Method in class org.jsecurity.config.IniConfiguration
-
- createDefaultSecurityManager() -
Method in class org.jsecurity.spring.SpringIniWebConfiguration
-
- createDefaultSecurityManagerFromRealms(ApplicationContext, Map<String, Map<String, String>>) -
Method in class org.jsecurity.spring.SpringIniWebConfiguration
-
- createInitialContext() -
Method in class org.jsecurity.jndi.JndiTemplate
- Create a new JNDI initial context.
- createMethodInvocation(Object) -
Method in class org.jsecurity.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor
- Creates a
MethodInvocation that wraps an
org.aopalliance.intercept.MethodInvocation instance,
enabling JSecurity Annotations in AOP Alliance environments
(Spring, etc).
- createNewInstance(Map, String, String) -
Method in class org.jsecurity.config.ReflectionBuilder
-
- createPrivateRole(PrincipalCollection) -
Method in class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- createRemoteInvocation(MethodInvocation) -
Method in class org.jsecurity.spring.remoting.SecureRemoteInvocationFactory
- Creates a
RemoteInvocation with the current session ID as an
attribute.
- createSecurityManager(Map<String, Map<String, String>>) -
Method in class org.jsecurity.config.IniConfiguration
-
- createSecurityManager(Map<String, Map<String, String>>) -
Method in class org.jsecurity.spring.SpringIniWebConfiguration
-
- createSecurityManagerForSection(Map<String, String>) -
Method in class org.jsecurity.config.IniConfiguration
-
- createSession(InetAddress) -
Method in class org.jsecurity.session.mgt.AbstractSessionManager
-
- createSession(InetAddress) -
Method in class org.jsecurity.session.mgt.AbstractValidatingSessionManager
-
- createSession(InetAddress) -
Method in class org.jsecurity.web.session.ServletContainerSessionManager
-
- createSession(HttpSession, InetAddress) -
Method in class org.jsecurity.web.session.ServletContainerSessionManager
-
- createSessionManager() -
Method in class org.jsecurity.mgt.SessionsSecurityManager
- Constructs a new
SessionManager instance to be used as the internal delegate for this security
manager.
- createSessionValidationScheduler() -
Method in class org.jsecurity.session.mgt.AbstractValidatingSessionManager
-
- createSubject() -
Method in class org.jsecurity.mgt.DefaultSecurityManager
-
- createSubject(PrincipalCollection) -
Method in class org.jsecurity.mgt.DefaultSecurityManager
-
- createSubject(PrincipalCollection, Session) -
Method in class org.jsecurity.mgt.DefaultSecurityManager
-
- createSubject(PrincipalCollection, Session, boolean) -
Method in class org.jsecurity.mgt.DefaultSecurityManager
-
- createSubject(PrincipalCollection, Session, boolean, InetAddress) -
Method in class org.jsecurity.mgt.DefaultSecurityManager
-
- createSubject(AuthenticationToken, AuthenticationInfo) -
Method in class org.jsecurity.mgt.DefaultSecurityManager
- Creates a Subject instance for the user represented by the given method arguments.
- createSubject() -
Method in class org.jsecurity.web.DefaultWebSecurityManager
-
- createSubject(ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.DefaultWebSecurityManager
-
- createSubject(Session, ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.DefaultWebSecurityManager
-
- createSubject(PrincipalCollection, boolean, Session, ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.DefaultWebSecurityManager
-
- createToken(ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.filter.authc.AuthenticatingFilter
-
- createToken(String, String, ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.filter.authc.AuthenticatingFilter
-
- createToken(String, String, boolean, InetAddress) -
Method in class org.jsecurity.web.filter.authc.AuthenticatingFilter
-
- createToken(ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.filter.authc.BasicHttpAuthenticationFilter
- Creates an AuthenticationToken for use during login attempt with the provided credentials in the http header.
- createToken(ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.filter.authc.FormAuthenticationFilter
-
- credentials -
Variable in class org.jsecurity.authc.SimpleAuthenticationInfo
- The credentials verifying the account principals.
- CredentialsException - Exception in org.jsecurity.authc
- Exception thrown due to a problem with the credential(s) submitted for an
account during the authentication process.
- CredentialsException() -
Constructor for exception org.jsecurity.authc.CredentialsException
- Creates a new CredentialsException.
- CredentialsException(String) -
Constructor for exception org.jsecurity.authc.CredentialsException
- Constructs a new CredentialsException.
- CredentialsException(Throwable) -
Constructor for exception org.jsecurity.authc.CredentialsException
- Constructs a new CredentialsException.
- CredentialsException(String, Throwable) -
Constructor for exception org.jsecurity.authc.CredentialsException
- Constructs a new CredentialsException.
- CredentialsMatcher - Interface in org.jsecurity.authc.credential
- Interface implemented by classes that can determine if an AuthenticationToken's provided
credentials matches a corresponding account's credentials stored in the system.
- crypt(Cipher, byte[]) -
Method in class org.jsecurity.crypto.BlowfishCipher
- Calls the
doFinal(bytes) method, propagating any exception that
might arise in an IllegalStateException
- crypt(byte[], int, byte[]) -
Method in class org.jsecurity.crypto.BlowfishCipher
- Calls the
BlowfishCipher.init(javax.crypto.Cipher, int, java.security.Key) and then
BlowfishCipher.crypt(javax.crypto.Cipher, byte[]).
- currentRequest -
Variable in class org.jsecurity.web.servlet.JSecurityHttpSession
-
20,000.
CachingSessionDAO.ACTIVE_SESSION_CACHE_NAME.
600 (10 minutes).
request.getCharacterEncoding
returns null, according to the Servlet spec.
','
/login.jsp, which can be overridden by calling the
setLoginUrl method.
-1, indicating the cookie should expire when the browser closes.
null, indicating the cookie should be set on the request context root.
rememberMe.
false.
AbstractValidatingSessionManager.setSessionValidationInterval(long)
QuartzSessionValidationScheduler.setSessionValidationInterval(long)
LdapContextFactory that can be configured or extended to
customize the way LdapContext objects are retrieved.SecurityManager interface,
based around a collection of Realms.realms.
ValidatingSessionManager interface.Session.SecurityManager instance for security checks.CachingSessionDAO.doDelete(org.jsecurity.session.Session).
serialized source back into an Object by using a
ByteArrayInputStream to wrap the argument and then decode this
stream via an XMLDecoder, where the
readObject call results in the original Object to return.
beforeCacheManagerDestroyed() to allow subclasses to clean up
first, then calls destroyCacheManager() to clean up the internal
CacheManager.
destroy for each object in the collection.
Authenticator instance.
Authorizer instance.
CacheManager instance during shutdown.
LifecycleUtils.destroy(getRealms()).
SessionManager by calling
LifecycleUtils.destroy(getSessionManager()).
Realms.
true always no matter what the method arguments are.
getCredentials(token))
and then the account's credentials
(via getCredentials(account)) and then passes both of
them to the equals(tokenCredentials, accountCredentials) method for equality
comparison.
doFilter implementation stores a request attribute for
"already filtered", proceeding without filtering again if the
attribute is already there.
pre,
post, and
after
advice hooks.
doFilter, but guaranteed to be
just invoked once per request.
name
path against the given pattern.
ModularAuthenticationStrategy object
as each realm is consulted for AuthenticationInfo for the specified token.
Cache implementation that wraps an Ehcache instance.CacheManager implementation utilizing the Ehcache framework for all cache functionality.Collections.EMPTY_SET.
QuartzSessionValidationJob, and scheduling it with the Quartz scheduler.
Authorizer has been
set, and if not, lazily creates one via the createAuthorizer() method and then
immediately sets it via the setAuthorizer method.
cacheManager has been set, and if not,
attempts to create one and uses that to set the class attribute.
createDefaultRealm() and sets
it on this instance via the setRealm method.
SessionManager exists, and if not, calls
createSessionManager and sets the resulting instance via the
setSessionManager method.
true if the specified object is also a SimpleAccount and its
principals are equal to this object's principals, false otherwise.
true if the Object argument is an instanceof SimpleAuthenticationInfo and
its principals are equal to this instance's principals, false otherwise.
byte array is identical to
this Hash's byte array, false otherwise.
chain.doFilter(request,response);.
ScheduledExecutorService to call ValidatingSessionManager.validateSessions() every
interval milliseconds.file:
ModularAuthenticationStrategy implementation that only accepts the account data from
the first successfully consulted Realm and ignores all subsequent realms.loginUrl you configure.context class loader, then the
current ClassLoader (ClassUtils.class.getClassLoader()), then the system/application
ClassLoader (ClassLoader.getSystemClassLoader(), in that order.
Key suitable for this Cipher by calling
generateNewKey(128) (uses a 128 bit size by default).
Key of the specified size suitable for this Cipher
(based on the ALGORITHM using the JDK KeyGenerator.
key or
null if there is no Cache entry for that key.
key that is bound to
the current thread.
GET.
CachingSessionDAO.createActiveSessionsCache() method and then returns the instance.
CacheManager.
MessageDigest algorithm
to use when performing the hash.
value, from which the Permission will be constructed.
WWW-Authenticate header.
WWW-Authenticate header scheme that this filter will use when sending
the HTTP Basic challenge response.
Authenticator instance that this SecurityManager uses to perform all
authentication operations.
principals,
or null if no account could be found.
AUTHORIZATION_HEADER from the specified ServletRequest.
Authorization header value that this filter will respond to as indicating
a login request.
name.
HashtableCache with the given name.
sessionId or null if there is
no session cached under that id (or if there is no Cache).
CacheManager instance.
ResourceUtils.getInputStreamForPath with the
path returned from getCacheManagerConfigFile().
FilterChain to use for the specified application path, or null if the
original FilterChain should be used.
null if the
original chain should be used.
StringUtils.clean(String).
account identity.
Hash instance representing the already-hashed AuthenticationInfo credentials stored in the system.
this.authcInfo.getCredentials.
password char array.
CredentialsMatcher used during an authentication attempt to verify submitted
credentials with those stored in the system.
-1 if
that number is unknown or cannot be calculated.
null if none should be used.
FilterConfig provided by the Servlet container at webapp startup.
FilterConfig instance provided at
startup.
InetAddress associated with the current request, or null if the
address cannot be resolved/determined.
Key to use for symmetric encryption and decryption if one is not specified during
encryption/decryption.
maxAge setting.
-1 if
that number is unknown or cannot be calculated.
-1 if that
number is unknown or cannot be calculated.
Method to be invoked.
Realm.
Permissions assigned to the corresponding Subject.
path setting.
PatternMatcher used when determining if an incoming request's path
matches a configured filter chain path in the [urls] section.
WebUtils.
- getPathWithinApplication(ServletRequest) -
Method in class org.jsecurity.web.filter.PathMatchingFilter
- Returns the context path within the application based on the specified
request.
- getPathWithinApplication(HttpServletRequest) -
Static method in class org.jsecurity.web.WebUtils
- Return the path within the web application for the given request.
- getPermissionResolver() -
Method in class org.jsecurity.realm.AuthorizingRealm
-
- getPermissions() -
Method in class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- getPermissions() -
Method in class org.jsecurity.authz.SimpleRole
-
- getPermissions(Connection, String, Collection<String>) -
Method in class org.jsecurity.realm.jdbc.JdbcRealm
-
- getPermissionString() -
Method in exception org.jsecurity.authz.permission.InvalidPermissionStringException
- Returns the permission string that was invalid and caused this exception to
be thrown.
- getPrincipal() -
Method in interface org.jsecurity.authc.AuthenticationToken
- Returns the account identity submitted during the authentication process.
- getPrincipal() -
Method in class org.jsecurity.authc.UsernamePasswordToken
- Simply returns
getUsername().
- getPrincipal() -
Method in class org.jsecurity.subject.DelegatingSubject
-
- getPrincipal() -
Method in interface org.jsecurity.subject.Subject
- Returns this Subject's uniquely-identifying principal, or null if this
Subject doesn't yet have account data associated with it (for example, if they haven't logged in).
- getPrincipals() -
Method in interface org.jsecurity.authc.AuthenticationInfo
- Returns all principals associated with the corresponding Subject.
- getPrincipals() -
Method in class org.jsecurity.authc.SimpleAccount
- Returns the principals, aka the identifying attributes (username, user id, first name, last name, etc) of this
Account.
- getPrincipals() -
Method in class org.jsecurity.authc.SimpleAuthenticationInfo
-
- getPrincipals(RemoteInvocation, Object, Session) -
Method in class org.jsecurity.spring.remoting.SecureRemoteInvocationExecutor
-
- getPrincipals() -
Method in class org.jsecurity.subject.DelegatingSubject
-
- getPrincipals() -
Method in interface org.jsecurity.subject.Subject
- Returns all of this Subject's principals (identifying attributes) in the form of a
PrincipalCollection.
- getPrincipals(Session) -
Method in class org.jsecurity.web.DefaultWebSecurityManager
-
- getPrincipals(Session, ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.DefaultWebSecurityManager
-
- getPrincipalsAndCredentials(String, ServletRequest) -
Method in class org.jsecurity.web.filter.authc.BasicHttpAuthenticationFilter
- Returns the username obtained from the
authorizationHeader.
- getPrincipalsAndCredentials(String, String) -
Method in class org.jsecurity.web.filter.authc.BasicHttpAuthenticationFilter
- Returns the username and password pair based on the specified
encoded String obtained from
the request's authorization header.
- getPrincipalsLazy(String) -
Method in class org.jsecurity.subject.SimplePrincipalCollection
-
- getPrivateRoleName(PrincipalCollection) -
Method in class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- getProperty() -
Method in class org.jsecurity.web.tags.PrincipalTag
-
- getQueryString() -
Method in class org.jsecurity.web.SavedRequest
-
- getRealmNames() -
Method in interface org.jsecurity.subject.PrincipalCollection
- Returns the realm names that this collection has principals for.
- getRealmNames() -
Method in class org.jsecurity.subject.SimplePrincipalCollection
-
- getRealms() -
Method in class org.jsecurity.authc.pam.ModularRealmAuthenticator
- Returns the realm(s) used by this
Authenticator during an authentication attempt.
- getRealms() -
Method in class org.jsecurity.authz.ModularRealmAuthorizer
- Returns the realms wrapped by this
Authorizer which are consulted during an authorization check.
- getRealms() -
Method in class org.jsecurity.mgt.RealmSecurityManager
- Returns the
Realms managed by this SecurityManager instance.
- getRealms() -
Method in class org.jsecurity.realm.jndi.JndiRealmFactory
- Performs the JNDI lookups for each specified
JNDI name and returns all
discovered Realms in an ordered collection.
- getRealms() -
Method in interface org.jsecurity.realm.RealmFactory
- Returns a collection of
Realm instances that will be used to construct
the application's SecurityManager instance.
- getReferencedObject(String) -
Method in class org.jsecurity.config.ReflectionBuilder
-
- getRememberedIdentity() -
Method in class org.jsecurity.mgt.DefaultSecurityManager
-
- getRememberedPrincipals() -
Method in class org.jsecurity.subject.AbstractRememberMeManager
-
- getRememberedPrincipals() -
Method in interface org.jsecurity.subject.RememberMeManager
-
- getRememberMeManager() -
Method in class org.jsecurity.mgt.DefaultSecurityManager
-
- getRememberMeParam() -
Method in class org.jsecurity.web.filter.authc.FormAuthenticationFilter
-
- getRemoteUser() -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- getRequest() -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletResponse
-
- getRequestedSessionId() -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- getRequestURI() -
Method in class org.jsecurity.web.SavedRequest
-
- getRequestUri(HttpServletRequest) -
Static method in class org.jsecurity.web.WebUtils
- Return the request URI for the given request, detecting an include request
URL if called within a RequestDispatcher include.
- getRequestUrl() -
Method in class org.jsecurity.web.SavedRequest
-
- getRequiredServletRequest() -
Static method in class org.jsecurity.web.WebUtils
- Convenience method that simplifies retrieval of a required thread-bound ServletRequest.
- getRequiredServletResponse() -
Static method in class org.jsecurity.web.WebUtils
- Convenience method that simplifies retrieval of a required thread-bound ServletResponse.
- getResourceAsStream(String) -
Static method in class org.jsecurity.util.ClassUtils
- Returns the specified resource by checking the current thread's
context class loader, then the
current ClassLoader (ClassUtils.class.getClassLoader()), then the system/application
ClassLoader (ClassLoader.getSystemClassLoader(), in that order, using
getResourceAsStream(name).
- getResources() -
Static method in class org.jsecurity.util.ThreadContext
- Returns the ThreadLocal Map.
- getRole(String) -
Method in class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- getRole(String) -
Method in class org.jsecurity.realm.SimpleAccountRealm
-
- getRoleDefinitions() -
Method in class org.jsecurity.realm.text.TextConfigurationRealm
-
- getRolename(String) -
Method in class org.jsecurity.realm.text.PropertiesRealm
-
- getRolenames() -
Method in class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- getRoleNamesForGroups(Collection<String>) -
Method in class org.jsecurity.realm.activedirectory.ActiveDirectoryRealm
- This method is called by the default implementation to translate Active Directory group names
to role names.
- getRoleNamesForUser(Connection, String) -
Method in class org.jsecurity.realm.jdbc.JdbcRealm
-
- getRoles() -
Method in class org.jsecurity.authc.SimpleAccount
- Returns
this.authzInfo.getRoles();
- getRoles() -
Method in interface org.jsecurity.authz.AuthorizationInfo
- Returns the names of all roles assigned to a corresponding Subject.
- getRoles() -
Method in class org.jsecurity.authz.SimpleAuthorizationInfo
-
- getSalt(AuthenticationToken) -
Method in class org.jsecurity.authc.credential.HashedCredentialsMatcher
- Returns a salt value used to hash the token's credentials.
- getSavedRequest(ServletRequest) -
Static method in class org.jsecurity.web.WebUtils
-
- getScheduler() -
Method in class org.jsecurity.session.mgt.quartz.QuartzSessionValidationScheduler
-
- getSectionName(String) -
Static method in class org.jsecurity.io.IniResource
-
- getSections() -
Method in class org.jsecurity.io.IniResource
-
- getSecurityManager() -
Method in class org.jsecurity.config.ResourceConfiguration
-
- getSecurityManager() -
Method in interface org.jsecurity.mgt.SecurityManagerFactory
- Returns a fully configured and initialized
SecurityManager.
- getSecurityManager() -
Static method in class org.jsecurity.SecurityUtils
- Returns the VM (static) singleton SecurityManager.
- getSecurityManager() -
Method in class org.jsecurity.spring.security.interceptor.AuthorizationAttributeSourceAdvisor
-
- getSecurityManager() -
Method in class org.jsecurity.subject.DelegatingSubject
-
- getSecurityManager() -
Static method in class org.jsecurity.util.ThreadContext
- Convenience method that simplifies retrieval of the application's SecurityManager instance from the current
thread.
- getSecurityManager() -
Method in class org.jsecurity.web.servlet.JSecurityFilter
-
- getSecurityManagerBeanName() -
Method in class org.jsecurity.spring.SpringIniWebConfiguration
-
- getSecurityManagerByType(ApplicationContext) -
Method in class org.jsecurity.spring.SpringIniWebConfiguration
-
- getSerializedRememberedIdentity() -
Method in class org.jsecurity.subject.AbstractRememberMeManager
-
- getSerializedRememberedIdentity() -
Method in class org.jsecurity.web.WebRememberMeManager
-
- getSerializer() -
Method in class org.jsecurity.subject.AbstractRememberMeManager
-
- getServletContext() -
Method in class org.jsecurity.web.servlet.JSecurityHttpSession
-
- getServletContext() -
Method in class org.jsecurity.web.servlet.ServletContextSupport
-
- getSession(Serializable) -
Method in class org.jsecurity.mgt.SessionsSecurityManager
-
- getSession(Serializable) -
Method in class org.jsecurity.session.mgt.AbstractSessionManager
-
- getSession(Serializable) -
Method in interface org.jsecurity.session.SessionFactory
- Acquires a handle to the session identified by the specified sessionId.
- getSession() -
Method in class org.jsecurity.subject.DelegatingSubject
-
- getSession(boolean) -
Method in class org.jsecurity.subject.DelegatingSubject
-
- getSession() -
Method in interface org.jsecurity.subject.Subject
- Returns the application Session associated with this Subject.
- getSession(boolean) -
Method in interface org.jsecurity.subject.Subject
- Returns the application Session associated with this Subject.
- getSession(boolean) -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- getSession() -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- getSession() -
Method in class org.jsecurity.web.servlet.JSecurityHttpSession
-
- getSession(ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.session.DefaultWebSessionManager
- Returns the Session associated with the specified request if it is valid or null if a Session doesn't
exist or it was invalid.
- getSession(ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.session.ServletContainerSessionManager
-
- getSession(ServletRequest, ServletResponse) -
Method in interface org.jsecurity.web.session.WebSessionManager
- Returns the current
Session associated with the specified request pair, or
null if there is no session associated with the request.
- getSessionContext() -
Method in class org.jsecurity.web.servlet.JSecurityHttpSession
-
- getSessionDAO() -
Method in class org.jsecurity.session.mgt.DefaultSessionManager
-
- getSessionId() -
Method in exception org.jsecurity.session.SessionException
- Returns the session id of the associated Session.
- getSessionIdCookieAttribute() -
Method in class org.jsecurity.web.session.DefaultWebSessionManager
-
- getSessionIdRequestParamAttribute() -
Method in class org.jsecurity.web.session.DefaultWebSessionManager
-
- getSessionManager() -
Method in class org.jsecurity.mgt.SessionsSecurityManager
- Returns this security manager's internal delegate
SessionManager.
- getSessionManager() -
Method in class org.jsecurity.session.mgt.DelegatingSession
- Returns the
SessionManager used by this handle to invoke
all session-related methods.
- getSessionManager() -
Method in class org.jsecurity.session.mgt.ExecutorServiceSessionValidationScheduler
-
- getSessionMode() -
Method in class org.jsecurity.web.DefaultWebSecurityManager
-
- getSessionValidationInterval() -
Method in class org.jsecurity.session.mgt.AbstractValidatingSessionManager
-
- getSessionValidationScheduler() -
Method in class org.jsecurity.session.mgt.AbstractValidatingSessionManager
-
- getSimpleRoles() -
Method in class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- getStartTimestamp(Serializable) -
Method in class org.jsecurity.session.mgt.AbstractSessionManager
-
- getStartTimestamp() -
Method in class org.jsecurity.session.mgt.DelegatingSession
-
- getStartTimestamp(Serializable) -
Method in interface org.jsecurity.session.mgt.SessionManager
- Returns the time the Session identified by the specified sessionId was started
in the system.
- getStartTimestamp() -
Method in class org.jsecurity.session.mgt.SimpleSession
-
- getStartTimestamp() -
Method in class org.jsecurity.session.ProxiedSession
- Immediately delegates to the underlying proxied session.
- getStartTimestamp() -
Method in interface org.jsecurity.session.Session
- Returns the time the session was started; that is, the time the system created the instance.
- getStartTimestamp() -
Method in class org.jsecurity.web.session.WebSession
-
- getStopTimestamp() -
Method in class org.jsecurity.session.mgt.SimpleSession
- Returns the time the session was stopped, or null if the session is still active.
- getStringPermissions() -
Method in class org.jsecurity.authc.SimpleAccount
- Returns all String-based permissions assigned to this Account.
- getStringPermissions() -
Method in interface org.jsecurity.authz.AuthorizationInfo
- Returns all string-based permissions assigned to the corresponding Subject.
- getStringPermissions() -
Method in class org.jsecurity.authz.SimpleAuthorizationInfo
-
- getSubject() -
Method in class org.jsecurity.aop.AnnotationHandler
- Returns the
Subject associated with the currently-executing code.
- getSubject() -
Method in class org.jsecurity.aop.MethodInterceptorSupport
- Returns the
Subject associated with the currently-executing code.
- getSubject(boolean) -
Method in class org.jsecurity.mgt.DefaultSecurityManager
-
- getSubject() -
Method in class org.jsecurity.mgt.DefaultSecurityManager
-
- getSubject() -
Method in interface org.jsecurity.mgt.SecurityManager
- Returns the Subject instance representing the currently executing user.
- getSubject() -
Static method in class org.jsecurity.SecurityUtils
- Returns the currently accessible Subject available to the calling code depending on
runtime environment.
- getSubject() -
Static method in class org.jsecurity.util.ThreadContext
- Convenience method that simplifies retrieval of a thread-bound Subject.
- getSubject(ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.filter.AccessControlFilter
- Convenience method that acquires the Subject associated with the request.
- getSubject() -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- getSubject() -
Method in class org.jsecurity.web.tags.SecureTag
-
- getSubjectPrincipal() -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- getSuccessUrl() -
Method in class org.jsecurity.web.filter.authc.AuthenticationFilter
-
- getSystemLdapContext() -
Method in class org.jsecurity.realm.ldap.DefaultLdapContextFactory
-
- getSystemLdapContext() -
Method in interface org.jsecurity.realm.ldap.LdapContextFactory
- Creates (or retrieves from a pool) a LdapContext connection bound using the system account, or anonymously
if no system account is configured.
- getTimeout(Serializable) -
Method in class org.jsecurity.session.mgt.AbstractSessionManager
-
- getTimeout(Session) -
Method in class org.jsecurity.session.mgt.AbstractValidatingSessionManager
- Subclass template hook in case per-session timeout is not based on
Session.getTimeout().
- getTimeout() -
Method in class org.jsecurity.session.mgt.DelegatingSession
-
- getTimeout(Serializable) -
Method in interface org.jsecurity.session.mgt.SessionManager
- Returns the time in milliseconds that the specified session may remain idle before expiring.
- getTimeout() -
Method in class org.jsecurity.session.mgt.SimpleSession
-
- getTimeout() -
Method in class org.jsecurity.session.ProxiedSession
- Immediately delegates to the underlying proxied session.
- getTimeout() -
Method in interface org.jsecurity.session.Session
- Returns the time in milliseconds that the session session may remain idle before expiring.
- getTimeout() -
Method in class org.jsecurity.web.session.WebSession
-
- getType() -
Method in class org.jsecurity.web.tags.PrincipalTag
-
- getUnauthorizedUrl() -
Method in class org.jsecurity.web.filter.authz.AuthorizationFilter
-
- getUrl() -
Method in class org.jsecurity.web.RedirectView
-
- getUser(String) -
Method in class org.jsecurity.realm.SimpleAccountRealm
-
- getUserDefinitions() -
Method in class org.jsecurity.realm.text.TextConfigurationRealm
-
- getUsername() -
Method in class org.jsecurity.authc.UsernamePasswordToken
- Returns the username submitted during an authentication attempt.
- getUsername(String) -
Method in class org.jsecurity.realm.text.PropertiesRealm
-
- getUsername(ServletRequest) -
Method in class org.jsecurity.web.filter.authc.FormAuthenticationFilter
-
- getUsernameParam() -
Method in class org.jsecurity.web.filter.authc.FormAuthenticationFilter
-
- getUserPrincipal() -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- getValue(String) -
Method in class org.jsecurity.web.servlet.JSecurityHttpSession
-
- getValueNames() -
Method in class org.jsecurity.web.servlet.JSecurityHttpSession
-
- getVersion() -
Static method in class org.jsecurity.util.JavaEnvironment
- Return the full Java version string, as returned by
System.getProperty("java.version").
- globalSessionTimeout -
Variable in class org.jsecurity.session.mgt.AbstractValidatingSessionManager
-
- GuestAnnotationHandler - Class in org.jsecurity.authz.aop
- Checks to see if a @
RequiresGuest annotation
is declared, and if so, ensures the calling Subject does not
have an identity before invoking the method. - GuestAnnotationHandler() -
Constructor for class org.jsecurity.authz.aop.GuestAnnotationHandler
- Default no-argument constructor that ensures this interceptor looks for
RequiresGuest annotations in a method
declaration.
- GuestAnnotationMethodInterceptor - Class in org.jsecurity.authz.aop
- Checks to see if a @
RequiresGuest annotation
is declared, and if so, ensures the calling Subject does not
have an identity before invoking the method. - GuestAnnotationMethodInterceptor() -
Constructor for class org.jsecurity.authz.aop.GuestAnnotationMethodInterceptor
- Default no-argument constructor that ensures this interceptor looks for
RequiresGuest annotations in a method
declaration.
- GuestTag - Class in org.jsecurity.web.tags
- JSP tag that renders the tag body if the current user is not known to the system, either because they
haven't logged in yet, or because they have no 'RememberMe' identity.
- GuestTag() -
Constructor for class org.jsecurity.web.tags.GuestTag
-
true iff any of the configured realms'
Authorizer.hasRole(org.jsecurity.subject.PrincipalCollection, String) call returns true for
all roles specified, false otherwise.
principals are not null, returns principals.hashCode(), otherwise
returns 0 (zero).
principals instance.
new Md2Hash(credentials,salt,hashIterations).
new Md5Hash(credentials,salt,hashIterations).
new Sha1Hash(credentials,salt,hashIterations).
new Sha256Hash(credentials,salt,hashIterations).
new Sha384Hash(credentials,salt,hashIterations).
new Sha512Hash(credentials,salt,hashIterations).
Cache interface that uses a
Hashtable to store cached objects.CacheManager that returns HashtableCache caches.null nor of length 0.
true if the resource path is not null and starts with one of the recognized
resource prefixes (CLASSPATH_PREFIX,
URL_PREFIX, or FILE_PREFIX), false otherwise.
true if any of the configured realms'
Authorizer.hasRole(org.jsecurity.subject.PrincipalCollection, String) call returns true,
false otherwise.
ModularRealmAuthorizer.hasRole(org.jsecurity.subject.PrincipalCollection, String) for each role name in the specified
collection and places the return value from each call at the respective location in the returned array.
Session interface that proxies another Session, but does not
allow any 'write' operations to the underlying session.Session.
filterConfig and then immediately calls
onFilterConfigSet() to trigger any processing a subclass might wish to perform.
filter.init( getFilterConfig() );.
WebConfiguration that supports configuration via the
.ini format.PermissionResolver.resolvePermission(String) when the String being parsed is not
valid for that resolver.MethodInvocation, allowing implementations to perform pre/post/finally
surrounding the actual invocation.
methodInvocation is allowed to execute first before proceeding by calling the
assertAuthorized method first.
methodInvocation.
- invoke(RemoteInvocation, Object) -
Method in class org.jsecurity.spring.remoting.SecureRemoteInvocationExecutor
-
- invoke(MethodInvocation) -
Method in class org.jsecurity.spring.security.interceptor.AopAllianceAnnotationsAuthorizingMethodInterceptor
- Creates a JSecurity
MethodInvocation instance and then immediately calls
super.invoke.
- isAccessAllowed(ServletRequest, ServletResponse, Object) -
Method in class org.jsecurity.web.filter.AccessControlFilter
- Returns
true if the request is allowed to proceed through the filter normally, or false
if the request should be handled by the
onAccessDenied(request,response)
method instead.
- isAccessAllowed(ServletRequest, ServletResponse, Object) -
Method in class org.jsecurity.web.filter.authc.AuthenticationFilter
- Determines whether the current subject is authenticated.
- isAccessAllowed(ServletRequest, ServletResponse, Object) -
Method in class org.jsecurity.web.filter.authc.UserFilter
- Returns
true if the request is a
loginRequest or
if the current subject
is not null, false otherwise.
- isAccessAllowed(ServletRequest, ServletResponse, Object) -
Method in class org.jsecurity.web.filter.authz.PermissionsAuthorizationFilter
-
- isAccessAllowed(ServletRequest, ServletResponse, Object) -
Method in class org.jsecurity.web.filter.authz.RolesAuthorizationFilter
-
- isAtLeastVersion14() -
Static method in class org.jsecurity.util.JavaEnvironment
- Convenience method to determine if the current JVM is at least Java 1.4.
- isAtLeastVersion15() -
Static method in class org.jsecurity.util.JavaEnvironment
- Convenience method to determine if the current JVM is at least
Java 1.5 (Java 5).
- isAuthenticated(RemoteInvocation, Object, Session, PrincipalCollection) -
Method in class org.jsecurity.spring.remoting.SecureRemoteInvocationExecutor
-
- isAuthenticated() -
Method in class org.jsecurity.subject.DelegatingSubject
-
- isAuthenticated() -
Method in interface org.jsecurity.subject.Subject
- Returns true if this Subject/user has proven their identity during their current session
by providing valid credentials matching those known to the system, false otherwise.
- isAuthenticated(Session) -
Method in class org.jsecurity.web.DefaultWebSecurityManager
-
- isAuthenticated(Session, ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.DefaultWebSecurityManager
-
- isAvailable(String) -
Static method in class org.jsecurity.util.ClassUtils
-
- isBase64(byte[]) -
Static method in class org.jsecurity.codec.Base64
- Tests a given byte array to see if it contains only valid characters within the Base64 alphabet.
- isCheckRequestParams() -
Method in class org.jsecurity.web.attr.AbstractWebAttribute
-
- isCheckRequestParamsFirst() -
Method in class org.jsecurity.web.attr.AbstractWebAttribute
-
- isCookieSecure() -
Method in class org.jsecurity.web.WebRememberMeManager
- Passthrough JavaBeans property that will get the underyling rememberMe cookie's 'secure' status.
- isCredentialsExpired() -
Method in class org.jsecurity.authc.SimpleAccount
- Returns whether or not the Account's credentials are expired.
- isEmpty() -
Method in interface org.jsecurity.subject.PrincipalCollection
- Returns
true if this collection is empty, false otherwise.
- isEmpty() -
Method in class org.jsecurity.subject.SimplePrincipalCollection
-
- isEnabled() -
Method in class org.jsecurity.session.mgt.ExecutorServiceSessionValidationScheduler
-
- isEnabled() -
Method in class org.jsecurity.session.mgt.quartz.QuartzSessionValidationScheduler
-
- isEnabled() -
Method in interface org.jsecurity.session.mgt.SessionValidationScheduler
- Returns
true if this Scheduler is enabled and ready to begin validation at the appropriate time,
false otherwise.
- isEncodeable(String) -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletResponse
- Return
true if the specified URL should be encoded with
a session identifier.
- isExpired() -
Method in class org.jsecurity.session.mgt.SimpleSession
- Returns true if this session has expired, false otherwise.
- isHashSalted() -
Method in class org.jsecurity.authc.credential.HashedCredentialsMatcher
- Returns true if a submitted AuthenticationToken's credentials should be salted when hashing,
false if it should not be salted.
- isHttpSessionMode() -
Method in class org.jsecurity.web.DefaultWebSecurityManager
-
- isHttpSessions() -
Method in class org.jsecurity.web.servlet.JSecurityFilter
-
- isHttpSessions() -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- isLocked() -
Method in class org.jsecurity.authc.SimpleAccount
- Returns
true if this Account is locked and thus cannot be used to login, false otherwise.
- isLoginAttempt(ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.filter.authc.BasicHttpAuthenticationFilter
- Determines whether the incoming request is an attempt to log in.
- isLoginAttempt(String) -
Method in class org.jsecurity.web.filter.authc.BasicHttpAuthenticationFilter
- Default implementation that returns
true if the specified authzHeader
starts with the same (case-insensitive) characters specified by the
authzScheme, false otherwise.
- isLoginRequest(ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.filter.AccessControlFilter
- Returns
true if the incoming request is a login request, false otherwise.
- isLoginSubmission(ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.filter.authc.FormAuthenticationFilter
- This default implementation merely returns
true if the request is an HTTP POST,
false otherwise.
- isMutable() -
Method in class org.jsecurity.web.attr.AbstractWebAttribute
- Returns true if the value stored can be changed once it has been set, false if it cannot.
- isNew() -
Method in class org.jsecurity.web.servlet.JSecurityHttpSession
-
- isPattern(String) -
Method in class org.jsecurity.util.AntPathMatcher
-
- isPermitted(PrincipalCollection, String) -
Method in interface org.jsecurity.authz.Authorizer
- Returns true if the corresponding subject/user is permitted to perform an action or access a resource
summarized by the specified permission string.
- isPermitted(PrincipalCollection, Permission) -
Method in interface org.jsecurity.authz.Authorizer
- Returns true if the corresponding subject/user is permitted to perform an action or access a resource
summarized by the specified permission.
- isPermitted(PrincipalCollection, String...) -
Method in interface org.jsecurity.authz.Authorizer
- Checks if the corresponding Subject implies the given permission strings and returns a boolean array
indicating which permissions are implied.
- isPermitted(PrincipalCollection, List<Permission>) -
Method in interface org.jsecurity.authz.Authorizer
- Checks if the corresponding Subject/user implies the given Permissions and returns a boolean array indicating
which permissions are implied.
- isPermitted(Permission) -
Method in interface org.jsecurity.authz.AuthorizingAccount
- Deprecated.
- isPermitted(List<Permission>) -
Method in interface org.jsecurity.authz.AuthorizingAccount
- Deprecated.
- isPermitted(PrincipalCollection, String) -
Method in class org.jsecurity.authz.ModularRealmAuthorizer
- Returns
true if any of the configured realms'
Authorizer.isPermitted(org.jsecurity.subject.PrincipalCollection, String) returns true,
false otherwise.
- isPermitted(PrincipalCollection, Permission) -
Method in class org.jsecurity.authz.ModularRealmAuthorizer
- Returns
true if any of the configured realms'
Authorizer.isPermitted(org.jsecurity.subject.PrincipalCollection, Permission) call returns true,
false otherwise.
- isPermitted(PrincipalCollection, String...) -
Method in class org.jsecurity.authz.ModularRealmAuthorizer
- Returns
true if any of the configured realms'
Authorizer.isPermitted(org.jsecurity.subject.PrincipalCollection, String[]) call returns true,
false otherwise.
- isPermitted(PrincipalCollection, List<Permission>) -
Method in class org.jsecurity.authz.ModularRealmAuthorizer
- Returns
true if any of the configured realms'
Authorizer.isPermitted(org.jsecurity.subject.PrincipalCollection, List) call returns true,
false otherwise.
- isPermitted(Permission) -
Method in class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- isPermitted(List<Permission>) -
Method in class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- isPermitted(Permission) -
Method in class org.jsecurity.authz.SimpleRole
-
- isPermitted(PrincipalCollection, String) -
Method in class org.jsecurity.mgt.AuthorizingSecurityManager
-
- isPermitted(PrincipalCollection, Permission) -
Method in class org.jsecurity.mgt.AuthorizingSecurityManager
-
- isPermitted(PrincipalCollection, String...) -
Method in class org.jsecurity.mgt.AuthorizingSecurityManager
-
- isPermitted(PrincipalCollection, List<Permission>) -
Method in class org.jsecurity.mgt.AuthorizingSecurityManager
-
- isPermitted(PrincipalCollection, String) -
Method in class org.jsecurity.realm.AuthorizingRealm
-
- isPermitted(PrincipalCollection, Permission) -
Method in class org.jsecurity.realm.AuthorizingRealm
-
- isPermitted(PrincipalCollection, String...) -
Method in class org.jsecurity.realm.AuthorizingRealm
-
- isPermitted(PrincipalCollection, List<Permission>) -
Method in class org.jsecurity.realm.AuthorizingRealm
-
- isPermitted(List<Permission>, AuthorizationInfo) -
Method in class org.jsecurity.realm.AuthorizingRealm
-
- isPermitted(String) -
Method in class org.jsecurity.subject.DelegatingSubject
-
- isPermitted(Permission) -
Method in class org.jsecurity.subject.DelegatingSubject
-
- isPermitted(String...) -
Method in class org.jsecurity.subject.DelegatingSubject
-
- isPermitted(List<Permission>) -
Method in class org.jsecurity.subject.DelegatingSubject
-
- isPermitted(String) -
Method in interface org.jsecurity.subject.Subject
- Returns true if this Subject is permitted to perform an action or access a resource summarized by the
specified permission string.
- isPermitted(Permission) -
Method in interface org.jsecurity.subject.Subject
- Returns true if this Subject is permitted to perform an action or access a resource summarized by the
specified permission.
- isPermitted(String...) -
Method in interface org.jsecurity.subject.Subject
- Checks if this Subject implies the given permission strings and returns a boolean array indicating which
permissions are implied.
- isPermitted(List<Permission>) -
Method in interface org.jsecurity.subject.Subject
- Checks if this Subject implies the given Permissions and returns a boolean array indicating which permissions
are implied.
- isPermitted(String) -
Method in class org.jsecurity.web.tags.PermissionTag
-
- isPermittedAll(PrincipalCollection, String...) -
Method in interface org.jsecurity.authz.Authorizer
- Returns true if the corresponding Subject/user implies all of the specified permission strings,
false otherwise.
- isPermittedAll(PrincipalCollection, Collection<Permission>) -
Method in interface org.jsecurity.authz.Authorizer
- Returns true if the corresponding Subject/user implies all of the specified permissions, false
otherwise.
- isPermittedAll(Collection<Permission>) -
Method in interface org.jsecurity.authz.AuthorizingAccount
- Deprecated.
- isPermittedAll(PrincipalCollection, String...) -
Method in class org.jsecurity.authz.ModularRealmAuthorizer
- Returns
true if any of the configured realms'
Authorizer.isPermitted(org.jsecurity.subject.PrincipalCollection, String) call returns true
for all of the specified string permissions, false otherwise.
- isPermittedAll(PrincipalCollection, Collection<Permission>) -
Method in class org.jsecurity.authz.ModularRealmAuthorizer
- Returns
true if any of the configured realms'
Authorizer.isPermitted(org.jsecurity.subject.PrincipalCollection, Permission) call returns true
for all of the specified Permissions, false otherwise.
- isPermittedAll(Collection<Permission>) -
Method in class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- isPermittedAll(PrincipalCollection, String...) -
Method in class org.jsecurity.mgt.AuthorizingSecurityManager
-
- isPermittedAll(PrincipalCollection, Collection<Permission>) -
Method in class org.jsecurity.mgt.AuthorizingSecurityManager
-
- isPermittedAll(PrincipalCollection, String...) -
Method in class org.jsecurity.realm.AuthorizingRealm
-
- isPermittedAll(PrincipalCollection, Collection<Permission>) -
Method in class org.jsecurity.realm.AuthorizingRealm
-
- isPermittedAll(Collection<Permission>, AuthorizationInfo) -
Method in class org.jsecurity.realm.AuthorizingRealm
-
- isPermittedAll(String...) -
Method in class org.jsecurity.subject.DelegatingSubject
-
- isPermittedAll(Collection<Permission>) -
Method in class org.jsecurity.subject.DelegatingSubject
-
- isPermittedAll(String...) -
Method in interface org.jsecurity.subject.Subject
- Returns true if this Subject implies all of the specified permission strings, false otherwise.
- isPermittedAll(Collection<Permission>) -
Method in interface org.jsecurity.subject.Subject
- Returns true if this Subject implies all of the specified permissions, false otherwise.
- isReference(String) -
Method in class org.jsecurity.config.ReflectionBuilder
-
- isRememberMe() -
Method in interface org.jsecurity.authc.RememberMeAuthenticationToken
- Returns true if the submitting user wishes their identity (principal(s)) to be remembered
across sessions, false otherwise.
- isRememberMe() -
Method in class org.jsecurity.authc.UsernamePasswordToken
- Returns true if the submitting user wishes their identity (principal(s)) to be remembered
across sessions, false otherwise.
- isRememberMe(AuthenticationToken) -
Method in class org.jsecurity.subject.AbstractRememberMeManager
-
- isRememberMe(ServletRequest) -
Method in class org.jsecurity.web.filter.authc.AuthenticatingFilter
- Returns
true if "rememberMe" should be enabled for the login attempt associated with the
current request, false otherwise.
- isRememberMe(ServletRequest) -
Method in class org.jsecurity.web.filter.authc.FormAuthenticationFilter
-
- isRequestedSessionIdFromCookie() -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- isRequestedSessionIdFromURL() -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- isRequestedSessionIdFromUrl() -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- isRequestedSessionIdValid() -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- isResourceRef() -
Method in class org.jsecurity.jndi.JndiLocator
- Return whether the lookup occurs in a J2EE container.
- isRolename(String) -
Method in class org.jsecurity.realm.text.PropertiesRealm
-
- isSchemeChar(char) -
Static method in class org.jsecurity.web.servlet.JSecurityHttpServletResponse
- Determine if the character is allowed in the scheme of a URI.
- isSectionHeader(String) -
Static method in class org.jsecurity.io.IniResource
-
- isSecure() -
Method in class org.jsecurity.web.attr.CookieAttribute
-
- isSessionValidationSchedulerEnabled() -
Method in class org.jsecurity.session.mgt.AbstractValidatingSessionManager
-
- isStopped() -
Method in class org.jsecurity.session.mgt.SimpleSession
-
- isStoredCredentialsHexEncoded() -
Method in class org.jsecurity.authc.credential.HashedCredentialsMatcher
- Returns true if the system's stored credential hash is Hex encoded, false if it
is Base64 encoded.
- issueRedirect(ServletRequest, ServletResponse, String, Map, boolean, boolean) -
Static method in class org.jsecurity.web.WebUtils
- Redirects the current request to a new URL based on the given parameters.
- issueRedirect(ServletRequest, ServletResponse, String) -
Static method in class org.jsecurity.web.WebUtils
- Redirects the current request to a new URL based on the given parameters and default values
for unspecified parameters.
- issueRedirect(ServletRequest, ServletResponse, String, Map) -
Static method in class org.jsecurity.web.WebUtils
- Redirects the current request to a new URL based on the given parameters and default values
for unspecified parameters.
- issueRedirect(ServletRequest, ServletResponse, String, Map, boolean) -
Static method in class org.jsecurity.web.WebUtils
- Redirects the current request to a new URL based on the given parameters and default values
for unspecified parameters.
- issueSuccessRedirect(ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.filter.authc.AuthenticationFilter
-
- isTimedOut() -
Method in class org.jsecurity.session.mgt.SimpleSession
- Determines if this session is expired.
- isTrue(ServletRequest, String) -
Static method in class org.jsecurity.web.WebUtils
- Checks to see if a request param is considered true using a loose matching strategy for
general values that indicate that something is true or enabled, etc.
- isUserInRole(String) -
Method in class org.jsecurity.web.servlet.JSecurityHttpServletRequest
-
- isUsername(String) -
Method in class org.jsecurity.realm.text.PropertiesRealm
-
- isValid(Serializable) -
Method in class org.jsecurity.session.mgt.AbstractSessionManager
-
- isValid(Serializable) -
Method in interface org.jsecurity.session.mgt.SessionManager
- Returns true if the session is valid (it exists and is not stopped nor expired), false otherwise.
- isValid() -
Method in class org.jsecurity.session.mgt.SimpleSession
-
- isValid() -
Method in interface org.jsecurity.session.mgt.ValidatingSession
-
- isValidateRequestOrigin() -
Method in class org.jsecurity.web.session.DefaultWebSessionManager
- If set to true, this implementation will ensure that any
HttpRequest attempting
to join a session (i.e. via
getSession must have the same
IP Address of the HttpRequest that started the session.
- iterator() -
Method in class org.jsecurity.subject.SimplePrincipalCollection
-
jndiNames.AbstractLdapRealm to query for AuthenticationInfo security data (roles, permissions, etc) of particular
Subjects (users).Initializable
or Destroyable interfaces, respectfully.AuthenticationException if it is not.
Session and authorization data.
true if the given source matches the specified pattern,
false otherwise.
CacheManager for Session caching and in-memory persistence.AuthenticationInfo interface to be implemented by
classes that support merging with other AuthenticationInfo instances.AuthenticationInfo into this instance.
info argument into the aggregate argument and then returns an
aggregate for continued use throughout the login process.
aggregate instance if is non null and valid (that is, has principals and they are
not empty) immediately, or, if it is null or not valid, the info argument is returned instead.
AuthenticationInfo into this Account.
info argument and adds its principals and credentials into this instance.
ModularRealmAuthenticator during the
log-in process in a pluggable realm (PAM) environment.Realms.enables a
AllSuccessfulModularAuthenticationStrategy
by default.
Authenticator with a single realm to use during
an authentiation attempt.
Authenticator with multiple realms that will be
consulted during an authentication attempt, effectively enabling PAM (Pluggable Authentication Module)
behavior according to the configured
ModularAuthenticationStrategy.
Realms during an authorization operation.Realms to consult during an authorization check.
PrincipalCollection that allows modification.Cipher instance to use for encryption/decryption operations, based on
the TRANSFORMATION_STRING constant.
Md2Hash instance, without it's byte array set.
Md5Hash instance, without it's byte array set.
Sha1Hash instance, without it's byte array set.
Sha256Hash instance, without it's byte array set.
Sha384Hash instance, without it's byte array set.
Sha512Hash instance, without it's byte array set.
SecurityManager instance that will be used to build up
the JSecurity environment for the web application.
SessionManager implementation.
AuthenticationListeners that
authentication failed for the
specified token which resulted in the specified ae exception.
AuthenticationListeners that a
Subject has logged-out.
AuthenticationListeners that
authentication was successful for the specified token which resulted in the specified
info.
objectArgument.toString().
isAccessAllowed
method.
saveRequestAndRedirectToLogin
and then immediately returns false, thereby preventing the chain from continuing so the redirect may
execute.
Subject has failed.
notifyLogout to allow any registered listeners
to react to the logout.
Subject logs out of the system.
Subject logs out of the system.
super.onLogout(principals) to ensure a logout notification is issued, and for each
wrapped Realm that implements the LogoutAware interface, calls
((LogoutAware)realm).onLogout(principals) to allow each realm the opportunity to perform
logout/cleanup operations during an user-logout.
true if
isAccessAllowed,
otherwise returns the result of
onAccessDenied.
true allowing unchecked access to the underlying path or resource.
true.
Subject has succeeded.
SecurityUtils and
JSecurityException.CredentialsMatcher
interface and its supporting implementations.Realms).Permission
interface.SecurityManager interface and a default implementation
hierarchy for managing all aspects of JSecurity's functionality in an application.Realm interface.Files or
text streams.SessionManager components supporting enterprise session management.Subject interface, the most important concept in
JSecurity's API.WebAttribute, a
component that can save and recall an object beyond transient requests.org.jsecurity.config components.Filter implementations used to control
access to web pages and URL resources.Filter implementations specific to controlling access based on a
subject's authentication status, or those that can execute authentications (log-ins) directly.Filter implementations that perform authorization (access control)
checks based on the Subject's abilities (for example, role or permission checks).true if an incoming request's path (the path argument)
matches a configured filter chain path in the [urls] section (the pattern argument),
false otherwise.
true if the incoming request matches the specified path pattern,
false otherwise.
true if the path matches the specified pattern string,
false otherwise.
RequiresPermissions annotation is
declared, and if so, performs a permission check to see if the calling Subject is allowed continued
access.RequiresPermissions annotations.
RequiresPermissions annotation is declared, and if so, performs
a permission check to see if the calling Subject is allowed to call the method.RequiresPermissions annotations in a method declaration.
Permission instance.POST.
Destroyable
Initializable
UTF-8.
true if the filter chain should be allowed to continue, false otherwise.
Subject.config argument and sets the resulting
String[] array on the appliedPaths internal Map.
Properties based configuration in addition to the parent class's String configuration.Session implementation that immediately delegates all corresponding calls to an
underlying proxied session instance.target.
key to the current thread.
ValidatingSessionManager.validateSessions()
method on a configured session manager.SessionValidationScheduler that uses Quartz to schedule a
job to call ValidatingSessionManager.validateSessions() on
a regular basis.AuthenticationInfo object by querying the active directory LDAP context for the
specified username.
AuthenticationInfo object by querying the LDAP context for the
specified username.
AuthorizationInfo object by querying the active directory LDAP context for the
groups that a user is a member of.
AuthorizationInfo object by querying the LDAP context for the
specified principal.
Realm instances
in any manner desired.Realms used for all authentication and authorization operations.
SecurityManager class hierarchy based around a collection of
Realms.getLoginUrl and redirects
the request to that url.
listener that no longer wishes to be notified during the authentication process.
SessionManager instance.
listener that no longer wishes to be notified during Session lifecycles.
key from the current
thread.
throws an InvalidSessionException in all
cases because this proxy is immutable.
Subject to have one or more specified roles
in order to execute the annotated method.WildcardPermission instance constructed based on the specified
permissionString.
true if the resource at the specified path exists, false otherwise.
RequiresRoles annotation is declared, and if so, performs
a role check to see if the calling Subject is allowed to proceed.RequiresRoles annotations.
RequiresRoles annotation is declared, and if so, performs
a role check to see if the calling Subject is allowed to invoke the method.RequiresRoles annotations in a method declaration.
Session key used to save a request and later restore it, for example when redirecting to a
requested page after login, equal to jsecuritySavedRequest.
WebUtils.saveRequest(request) to save the request
state for reuse later.
RemoteInvocationExecutor
that binds the correct Session and Subject to the
remote invocation thread during a remote execution.RemoteInvocationFactory that passes the session ID to the server via a
RemoteInvocation attribute.401 (Unauthorized) status as well as the
response's AUTHENTICATE_HEADER.
source into a byte[] array by using the
XMLEncoder to encode the object out to a
ByteArrayOutputStream, where the resulting byte[] array is returned.
Serializer converts objects to raw binary data and vice versa, enabling persistent storage
of objects to files, HTTP cookies, or other mechanism.Session access to an
EIS (Enterprise Information System).Sessions and
acquiring existing Sessions.Session's lifecycle.SessionListenerRegistrar is a component that is capable of registering interested
SessionListeners that wish to be notified during
Session lifecycle events.SessionManager used by this security manager that manages all the
application's Sessions.
Sessions.SecurityManager class hierarchy that delegates all
session operations to a wrapped SessionManager
instance.SessionManager delegate
instance via the ensureSessionManager() method.
CacheManager.
WWW-Authenticate header.
throws an InvalidSessionException in all
cases because this proxy is immutable.
WWW-Authenticate header scheme that this filter will use when sending the
HTTP Basic challenge response.
AuthenticationListener(s) that wish to be notified during the
authentication process.
Authenticator instance that this SecurityManager uses to perform all
authentication operations.
Authorization header value that this filter will respond to as indicating a
login request.
CacheManager instance.
SecurityManager and potentially any of its
children components.
principals, such as a password or private key.
HttpServletRequests, Cookies or
HttpSessions.
FilterConfig provided by the Servlet container at webapp startup.
ServletContext as attributes of this class for use by
subclasses.
SessionManager
method invocations.
Realm.
Key to use for symmetric encryption and decryption if one is not
specified during encryption/decryption.
LdapContextFactory implementation that is used to create LDAP connections for
authentication and authorization.
maxAge setting.
ModularAuthenticationStrategy to use
in multi-realm environments.
path setting.
PatternMatcher used when determining if an incoming request's path
matches a configured filter chain path in the [urls] section.
PermissionResolver on any of the wrapped realms that implement
the PermissionResolverAware interface.
Authorizer.
LdapContextFactory.
RealmSecurityManager.setRealms(java.util.Collection) method.
Authorizer which are consulted during an authorization check.
super.setRealms and then
additionally passes on those realms to the internal delegate Authenticator instance so
that it may use them during authentication attempts.
super.realms and then sets these same Realm objects on this instance's
Authorizer.
LdapContextFactory.
getSubject() implementation.
SessionListener(s) that wish to be notified during Session lifecycles.
SessionManager instance that will be used to support this implementation's
SessionManager method calls.
SessionManager to which this DelegatingSession will
delegate its method calls.
setSessionValidationScheduler method is
never called) , this method allows one to specify how
frequently session should be validated (to check for orphans).
ValidatingSessionManager#validateSessions() method.
AuthenticationFilter.issueSuccessRedirect(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
is called by subclasses of this filter.
LdapContextFactory.
LdapContextFactory.
throws an InvalidSessionException in all
cases because this proxy is immutable.
LdapContextFactory.
username = password, role1, role2,...
- setUsername(String) -
Method in class org.jsecurity.authc.UsernamePasswordToken
- Sets the username for submission during an authentication attempt.
- setUsernameParam(String) -
Method in class org.jsecurity.web.filter.authc.FormAuthenticationFilter
- Sets the request parameter name to look for when acquiring the username.
- setUserRolesQuery(String) -
Method in class org.jsecurity.realm.jdbc.JdbcRealm
- Overrides the default query used to retrieve a user's roles during authorization.
- setUseXmlFormat(boolean) -
Method in class org.jsecurity.realm.text.PropertiesRealm
- Determines whether or not the properties XML format should be used.
- setValidateRequestOrigin(boolean) -
Method in class org.jsecurity.web.session.DefaultWebSessionManager
- Sets whether or not a request's origin will be validated when accessing a session.
- Sha1CredentialsMatcher - Class in org.jsecurity.authc.credential
- HashedCredentialsMatcher implementation that expects the stored AuthenticationInfo credentials to be
SHA hashed.
- Sha1CredentialsMatcher() -
Constructor for class org.jsecurity.authc.credential.Sha1CredentialsMatcher
-
- Sha1Hash - Class in org.jsecurity.crypto.hash
- Generates an SHA-1 Hash (Secure Hash Standard, NIST FIPS 180-1) from a given input source with an
optional salt and hash iterations.
- Sha1Hash() -
Constructor for class org.jsecurity.crypto.hash.Sha1Hash
-
- Sha1Hash(Object) -
Constructor for class org.jsecurity.crypto.hash.Sha1Hash
-
- Sha1Hash(Object, Object) -
Constructor for class org.jsecurity.crypto.hash.Sha1Hash
-
- Sha1Hash(Object, Object, int) -
Constructor for class org.jsecurity.crypto.hash.Sha1Hash
-
- Sha256CredentialsMatcher - Class in org.jsecurity.authc.credential
- HashedCredentialsMatcher implementation that expects the stored AuthenticationInfo credentials to be
SHA-256 hashed.
- Sha256CredentialsMatcher() -
Constructor for class org.jsecurity.authc.credential.Sha256CredentialsMatcher
-
- Sha256Hash - Class in org.jsecurity.crypto.hash
- Generates an SHA-256 Hash from a given input source with an optional salt and hash iterations.
- Sha256Hash() -
Constructor for class org.jsecurity.crypto.hash.Sha256Hash
-
- Sha256Hash(Object) -
Constructor for class org.jsecurity.crypto.hash.Sha256Hash
-
- Sha256Hash(Object, Object) -
Constructor for class org.jsecurity.crypto.hash.Sha256Hash
-
- Sha256Hash(Object, Object, int) -
Constructor for class org.jsecurity.crypto.hash.Sha256Hash
-
- Sha384CredentialsMatcher - Class in org.jsecurity.authc.credential
- HashedCredentialsMatcher implementation that expects the stored AuthenticationInfo credentials to be
SHA-384 hashed.
- Sha384CredentialsMatcher() -
Constructor for class org.jsecurity.authc.credential.Sha384CredentialsMatcher
-
- Sha384Hash - Class in org.jsecurity.crypto.hash
- Generates an SHA-384 Hash from a given input source with an optional salt and hash iterations.
- Sha384Hash() -
Constructor for class org.jsecurity.crypto.hash.Sha384Hash
-
- Sha384Hash(Object) -
Constructor for class org.jsecurity.crypto.hash.Sha384Hash
-
- Sha384Hash(Object, Object) -
Constructor for class org.jsecurity.crypto.hash.Sha384Hash
-
- Sha384Hash(Object, Object, int) -
Constructor for class org.jsecurity.crypto.hash.Sha384Hash
-
- Sha512CredentialsMatcher - Class in org.jsecurity.authc.credential
- HashedCredentialsMatcher implementation that expects the stored AuthenticationInfo credentials to be
SHA-512 hashed.
- Sha512CredentialsMatcher() -
Constructor for class org.jsecurity.authc.credential.Sha512CredentialsMatcher
-
- Sha512Hash - Class in org.jsecurity.crypto.hash
- Generates an SHA-512 Hash from a given input source with an optional salt and hash iterations.
- Sha512Hash() -
Constructor for class org.jsecurity.crypto.hash.Sha512Hash
-
- Sha512Hash(Object) -
Constructor for class org.jsecurity.crypto.hash.Sha512Hash
-
- Sha512Hash(Object, Object) -
Constructor for class org.jsecurity.crypto.hash.Sha512Hash
-
- Sha512Hash(Object, Object, int) -
Constructor for class org.jsecurity.crypto.hash.Sha512Hash
-
- shouldNotFilter(ServletRequest) -
Method in class org.jsecurity.web.servlet.OncePerRequestFilter
- Can be overridden in subclasses for custom filtering control,
returning
true to avoid filtering of the given request.
- showTagBody(String) -
Method in class org.jsecurity.web.tags.HasAnyRolesTag
-
- showTagBody(String) -
Method in class org.jsecurity.web.tags.HasPermissionTag
-
- showTagBody(String) -
Method in class org.jsecurity.web.tags.HasRoleTag
-
- showTagBody(String) -
Method in class org.jsecurity.web.tags.LacksPermissionTag
-
- showTagBody(String) -
Method in class org.jsecurity.web.tags.LacksRoleTag
-
- showTagBody(String) -
Method in class org.jsecurity.web.tags.PermissionTag
-
- showTagBody(String) -
Method in class org.jsecurity.web.tags.RoleTag
-
- SimpleAccount - Class in org.jsecurity.authc
- Simple implementation of the
Account interface that
contains principal and credential and authorization information (roles and permissions) as instance variables and
exposes them via getters and setters using standard JavaBean notation. - SimpleAccount() -
Constructor for class org.jsecurity.authc.SimpleAccount
- Default no-argument constructor.
- SimpleAccount(Object, Object, String) -
Constructor for class org.jsecurity.authc.SimpleAccount
- Constructs a SimpleAccount instance for the specified realm with the given principals and credentials.
- SimpleAccount(Collection, Object, String) -
Constructor for class org.jsecurity.authc.SimpleAccount
- Constructs a SimpleAccount instance for the specified realm with the given principals and credentials.
- SimpleAccount(PrincipalCollection, Object) -
Constructor for class org.jsecurity.authc.SimpleAccount
- Constructs a SimpleAccount instance for the specified principals and credentials.
- SimpleAccount(PrincipalCollection, Object, Set<String>) -
Constructor for class org.jsecurity.authc.SimpleAccount
- Constructs a SimpleAccount instance for the specified principals and credentials, with the assigned roles.
- SimpleAccount(Object, Object, String, Set<String>, Set<Permission>) -
Constructor for class org.jsecurity.authc.SimpleAccount
- Constructs a SimpleAccount instance for the specified realm with the given principal and credentials, with the
the assigned roles and permissions.
- SimpleAccount(Collection, Object, String, Set<String>, Set<Permission>) -
Constructor for class org.jsecurity.authc.SimpleAccount
- Constructs a SimpleAccount instance for the specified realm with the given principals and credentials, with the
the assigned roles and permissions.
- SimpleAccount(PrincipalCollection, Object, Set<String>, Set<Permission>) -
Constructor for class org.jsecurity.authc.SimpleAccount
- Constructs a SimpleAccount instance from the given principals and credentials, with the
the assigned roles and permissions.
- SimpleAccountRealm - Class in org.jsecurity.realm
- A simple implementation of the
Realm interface that
uses a set of configured user accounts and roles to support authentication and authorization. - SimpleAccountRealm() -
Constructor for class org.jsecurity.realm.SimpleAccountRealm
-
- SimpleAccountRealm(String) -
Constructor for class org.jsecurity.realm.SimpleAccountRealm
-
- SimpleAuthenticationInfo - Class in org.jsecurity.authc
- Simple implementation of the
MergableAuthenticationInfo interface that holds the principals and
credentials. - SimpleAuthenticationInfo() -
Constructor for class org.jsecurity.authc.SimpleAuthenticationInfo
- Default no-argument constructor.
- SimpleAuthenticationInfo(Object, Object, String) -
Constructor for class org.jsecurity.authc.SimpleAuthenticationInfo
- Constructor that takes in a single 'primary' principal of the account and its corresponding credentials,
associated with the specified realm.
- SimpleAuthenticationInfo(PrincipalCollection, Object) -
Constructor for class org.jsecurity.authc.SimpleAuthenticationInfo
- Constructor that takes in an account's identifying principal(s) and its corresponding credentials that verify
the principals.
- SimpleAuthorizationInfo - Class in org.jsecurity.authz
- Simple POJO implementation of the
AuthorizationInfo interface that stores roles and permissions as internal
attributes. - SimpleAuthorizationInfo() -
Constructor for class org.jsecurity.authz.SimpleAuthorizationInfo
- Default no-argument constructor.
- SimpleAuthorizationInfo(Set<String>) -
Constructor for class org.jsecurity.authz.SimpleAuthorizationInfo
- Creates a new instance with the specified roles and no permissions.
- SimpleAuthorizingAccount - Class in org.jsecurity.authz
- Deprecated.
- SimpleAuthorizingAccount() -
Constructor for class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- SimpleAuthorizingAccount(Object, Object, String) -
Constructor for class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- SimpleAuthorizingAccount(Collection, Object, String) -
Constructor for class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- SimpleAuthorizingAccount(PrincipalCollection, Object) -
Constructor for class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- SimpleAuthorizingAccount(Object, Object, String, Set<String>, Set<Permission>) -
Constructor for class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- SimpleAuthorizingAccount(Collection, Object, String, Set<String>, Set<Permission>) -
Constructor for class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- SimpleAuthorizingAccount(PrincipalCollection, Object, String, Set<String>, Set<Permission>) -
Constructor for class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- SimpleCredentialsMatcher - Class in org.jsecurity.authc.credential
- Simple CredentialsMatcher implementation.
- SimpleCredentialsMatcher() -
Constructor for class org.jsecurity.authc.credential.SimpleCredentialsMatcher
-
- SimplePrincipalCollection - Class in org.jsecurity.subject
- A simple implementation of the
MutablePrincipalCollection interface that tracks principals internally
by storing them in a LinkedHashMap. - SimplePrincipalCollection() -
Constructor for class org.jsecurity.subject.SimplePrincipalCollection
-
- SimplePrincipalCollection(Object, String) -
Constructor for class org.jsecurity.subject.SimplePrincipalCollection
-
- SimplePrincipalCollection(Collection, String) -
Constructor for class org.jsecurity.subject.SimplePrincipalCollection
-
- SimplePrincipalCollection(PrincipalCollection) -
Constructor for class org.jsecurity.subject.SimplePrincipalCollection
-
- SimpleRole - Class in org.jsecurity.authz
- A simple representation of a security role that has a name and a collection of permissions.
- SimpleRole() -
Constructor for class org.jsecurity.authz.SimpleRole
-
- SimpleRole(String) -
Constructor for class org.jsecurity.authz.SimpleRole
-
- SimpleRole(String, Set<Permission>) -
Constructor for class org.jsecurity.authz.SimpleRole
-
- simpleRoles -
Variable in class org.jsecurity.authz.SimpleAuthorizingAccount
- Deprecated.
- SimpleSession - Class in org.jsecurity.session.mgt
- Simple
Session POJO implementation, intended to be used on the business/server tier. - SimpleSession() -
Constructor for class org.jsecurity.session.mgt.SimpleSession
-
- SimpleSession(InetAddress) -
Constructor for class org.jsecurity.session.mgt.SimpleSession
-
- size() -
Method in interface org.jsecurity.cache.Cache
- Returns the number of entries in the cache.
- size() -
Method in class org.jsecurity.cache.ehcache.EhCache
-
- size() -
Method in class org.jsecurity.cache.HashtableCache
-
- split(String) -
Static method in class org.jsecurity.util.StringUtils
-
- split(String, char) -
Static method in class org.jsecurity.util.StringUtils
-
- split(String, char, char) -
Static method in class org.jsecurity.util.StringUtils
-
- split(String, char, char, char) -
Static method in class org.jsecurity.util.StringUtils
-
- split(String, char, char, char, boolean, boolean) -
Static method in class org.jsecurity.util.StringUtils
- Splits the specified delimited String into tokens, supporting quoted tokens so that quoted strings themselves
won't be tokenized.
- splitKeyValue(String) -
Static method in class org.jsecurity.util.StringUtils
-
- SpringIniWebConfiguration - Class in org.jsecurity.spring
- JSecurity configuration that relies on Spring to define and initialize the JSecurity SecurityManager
instance (and all of its dependencies) and makes it available to the JSecurityFilter by performing a Spring bean
lookup.
- SpringIniWebConfiguration() -
Constructor for class org.jsecurity.spring.SpringIniWebConfiguration
-
- SpringJSecurityFilter - Class in org.jsecurity.spring
- Extension of JSecurityFilter that uses
SpringIniWebConfiguration to configure JSecurity in a Spring web
environment. - SpringJSecurityFilter() -
Constructor for class org.jsecurity.spring.SpringJSecurityFilter
- Default constructor, merely calls
this.configClassName = SpringIniWebConfiguration.class.getName()} - start(InetAddress) -
Method in class org.jsecurity.mgt.SessionsSecurityManager
-
- start(InetAddress) -
Method in class org.jsecurity.session.mgt.AbstractSessionManager
-
- start(InetAddress) -
Method in interface org.jsecurity.session.mgt.SessionManager
- Starts a new session within the system for the host with the specified originating IP
address.
- start(InetAddress) -
Method in interface org.jsecurity.session.SessionFactory
- Starts a new session within the system for the host with the specified
originating IP address.
- start(InetAddress) -
Method in class org.jsecurity.web.session.DefaultWebSessionManager
-
- start(ServletRequest, ServletResponse, InetAddress) -
Method in class org.jsecurity.web.session.DefaultWebSessionManager
-
- startReloadThread() -
Method in class org.jsecurity.realm.text.PropertiesRealm
-
- startsWithIgnoreCase(String, String) -
Static method in class org.jsecurity.util.StringUtils
- Test if the given String starts with the specified prefix,
ignoring upper/lower case.
- stop(Serializable) -
Method in class org.jsecurity.session.mgt.AbstractSessionManager
-
- stop(Session) -
Method in class org.jsecurity.session.mgt.AbstractSessionManager
-
- stop() -
Method in class org.jsecurity.session.mgt.DelegatingSession
-
- stop() -
Method in class org.jsecurity.session.mgt.ImmutableProxiedSession
- Immediately
throws an InvalidSessionException in all
cases because this proxy is immutable.
- stop(Serializable) -
Method in interface org.jsecurity.session.mgt.SessionManager
- Explicitly stops the session identified by sessionId, thereby releasing all
associated resources.
- stop() -
Method in class org.jsecurity.session.mgt.SimpleSession
-
- stop() -
Method in class org.jsecurity.session.ProxiedSession
- Immediately delegates to the underlying proxied session.
- stop() -
Method in interface org.jsecurity.session.Session
- Explicitly stops (invalidates) this session and releases all associated resources.
- stop() -
Method in class org.jsecurity.web.session.WebSession
-
- StoppedSessionException - Exception in org.jsecurity.session
- Exception thrown when attempting to interact with the system under a session that has been
stopped.
- StoppedSessionException() -
Constructor for exception org.jsecurity.session.StoppedSessionException
- Creates a new StoppedSessionException.
- StoppedSessionException(String) -
Constructor for exception org.jsecurity.session.StoppedSessionException
- Constructs a new StoppedSessionException.
- StoppedSessionException(Throwable) -
Constructor for exception org.jsecurity.session.StoppedSessionException
- Constructs a new StoppedSessionException.
- StoppedSessionException(String, Throwable) -
Constructor for exception org.jsecurity.session.StoppedSessionException
- Constructs a new StoppedSessionException.
- StoppedSessionException(Serializable) -
Constructor for exception org.jsecurity.session.StoppedSessionException
- Constructs a new StoppedSessionException.
- StoppedSessionException(String, Serializable) -
Constructor for exception org.jsecurity.session.StoppedSessionException
- Constructs a new StoppedSessionException.
- StoppedSessionException(String, Throwable, Serializable) -
Constructor for exception org.jsecurity.session.StoppedSessionException
- Constructs a new StoppedSessionException.
- stopSession(Subject) -
Method in class org.jsecurity.mgt.DefaultSecurityManager
-
- storeSessionId(Serializable, ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.session.DefaultWebSessionManager
-
- storeValue(T, ServletRequest, ServletResponse) -
Method in class org.jsecurity.web.attr.AbstractWebAttribute
-
- storeValue(T, ServletRequest, ServletResponse) -
Method in interface org.jsecurity.web.attr.WebAttribute
-
- stringPermissions -
Variable in class org.jsecurity.authz.SimpleAuthorizationInfo
- Collection of all string-based permissions associated with the account.
- StringUtils - Class in org.jsecurity.util
- Simple utility class for String operations useful across the framework.
- StringUtils() -
Constructor for class org.jsecurity.util.StringUtils
-
- Subject - Interface in org.jsecurity.subject
- A Subject represents state and security operations for a single application user.
- SUBJECT_KEY -
Static variable in class org.jsecurity.util.ThreadContext
-
- SubjectException - Exception in org.jsecurity.subject
- Throws when there is an error accessing or interacting with a
Subject. - SubjectException() -
Constructor for exception org.jsecurity.subject.SubjectException
- Creates a new SubjectException.
- SubjectException(String) -
Constructor for exception org.jsecurity.subject.SubjectException
- Constructs a new SubjectException.
- SubjectException(Throwable) -
Constructor for exception org.jsecurity.subject.SubjectException
- Constructs a new SubjectException.
- SubjectException(String, Throwable) -
Constructor for exception org.jsecurity.subject.SubjectException
- Constructs a new SubjectException.
- SUBPART_DIVIDER_TOKEN -
Static variable in class org.jsecurity.authz.permission.WildcardPermission
-
- SUN_CONNECTION_POOLING_PROPERTY -
Static variable in class org.jsecurity.realm.ldap.DefaultLdapContextFactory
- The Sun LDAP property used to enable connection pooling.
- supports(MethodInvocation) -
Method in class org.jsecurity.aop.AnnotationMethodInterceptor
- Returns
true if this interceptor supports, that is, should inspect, the specified
MethodInvocation, false otherwise.
- supports(AuthenticationToken) -
Method in class org.jsecurity.realm.AuthenticatingRealm
- Convenience implementation that returns
getAuthenticationTokenClass().isAssignableFrom( token.getClass() );.
- supports(AuthenticationToken) -
Method in interface org.jsecurity.realm.Realm
- Returns true if this realm wishes to authenticate the Subject represented by the given
AuthenticationToken instance, false otherwise.
- systemPassword -
Variable in class org.jsecurity.realm.ldap.AbstractLdapRealm
-
- systemPassword -
Variable in class org.jsecurity.realm.ldap.DefaultLdapContextFactory
-
- systemUsername -
Variable in class org.jsecurity.realm.ldap.AbstractLdapRealm
-
- systemUsername -
Variable in class org.jsecurity.realm.ldap.DefaultLdapContextFactory
-
InvalidSessionException indicating that this proxy is immutable.
byte array.
byte array.
PREFERRED_ENCODING.
CodecException if the encoding fails.
PREFERRED_ENCODING.
byte array.
byte array.
ServletRequest to an
HttpServletRequest:
return (HttpServletRequest)request;
Logic could be changed in the future for logging or throwing an meaningful exception in
non HTTP request environments (e.g.
ServletResponse to an
HttpServletResponse:
return (HttpServletResponse)response;
Logic could be changed in the future for logging or throwing an meaningful exception in
non HTTP request environments (e.g.
principals.toString() if they are not null, otherwise prints out the string
"empty"
principals.toString()PREFERRED_ENCODING.
toHex().
throws an InvalidSessionException in all
cases because this proxy is immutable.
sessionId.
lastAccessTime of this session.
RuntimeException equivalent of the JDK's
ClassNotFoundException, to maintain a RuntimeException paradigm.AuthenticationToken implementation is encountered that is not
supported by one or more configured Realms.session.getId().
url:
RequiresUser annotation
is declared, and if so, ensures the calling Subject is either
authenticated or remembered via remember
me services before allowing access.RequiresUser annotations.
RequiresUser annotation
is declared, and if so, ensures the calling Subject is either
authenticated or remembered via remember
me services before invoking the method.RequiresUser annotations in a method
declaration.
inetAddress and a
rememberMe default of false.
inetAddress and
a rememberMe default of false
This is a convience constructor and maintains the password internally via a character
array, i.e.
ValidatingSession is a Session that is capable of determining it is valid or not and
is able to validate itself if necessary.CachingSessionDAO.doCreate(org.jsecurity.session.Session) is not null and not
already in use.
WebConfiguration configures JSecurity components in a web-enabled application.WebAttribute instance to retain
the identity value between web requests.WebSessionManager is a SessionManager that has the ability to obtain
Sessions based on a ServletRequest/ServletResponse
pair.WildcardPermission is a very flexible permission construct supporting multiple levels of
permission matching.WildcardPermission
based on the input string.XMLEncoder and XMLDecoder to serialize
and deserialize, respectively.
|
JSecurity | |||||||||
| PREV NEXT | FRAMES NO FRAMES | |||||||||