org.jsecurity.web
Class DefaultWebSecurityManager
java.lang.Object
org.jsecurity.mgt.CachingSecurityManager
org.jsecurity.mgt.RealmSecurityManager
org.jsecurity.mgt.AuthenticatingSecurityManager
org.jsecurity.mgt.AuthorizingSecurityManager
org.jsecurity.mgt.SessionsSecurityManager
org.jsecurity.mgt.DefaultSecurityManager
org.jsecurity.web.DefaultWebSecurityManager
- All Implemented Interfaces:
- AuthenticationListenerRegistrar, Authenticator, Authorizer, PermissionResolverAware, CacheManagerAware, SecurityManager, SessionFactory, SessionListenerRegistrar, Destroyable
public class DefaultWebSecurityManager
- extends DefaultSecurityManager
SecurityManager implementation that should be used in web-based applications or any application that requires
HTTP connectivity (SOAP, http remoting, etc).
- Since:
- 0.2
- Author:
- Les Hazlewood
|
Method Summary |
protected void |
bind(Subject subject)
Binds a Subject instance created after authentication to the application for later use. |
protected void |
bind(Subject subject,
ServletRequest request,
ServletResponse response)
|
Subject |
createSubject()
|
protected Subject |
createSubject(PrincipalCollection principals,
boolean authenticated,
Session existing,
ServletRequest request,
ServletResponse response)
|
Subject |
createSubject(ServletRequest request,
ServletResponse response)
|
Subject |
createSubject(Session existing,
ServletRequest request,
ServletResponse response)
|
protected PrincipalCollection |
getPrincipals(Session session)
|
protected PrincipalCollection |
getPrincipals(Session existing,
ServletRequest servletRequest,
ServletResponse servletResponse)
|
String |
getSessionMode()
|
protected boolean |
isAuthenticated(Session session)
|
protected boolean |
isAuthenticated(Session existing,
ServletRequest servletRequest,
ServletResponse servletResponse)
|
boolean |
isHttpSessionMode()
|
protected SessionManager |
newSessionManagerInstance()
|
void |
setRememberMeCookieMaxAge(Integer rememberMeMaxAge)
Sets the maximum age allowed for the remember me cookie. |
void |
setRememberMeCookiePath(String rememberMeCookiePath)
Sets the path used to store the remember me cookie. |
void |
setSessionIdCookieMaxAge(int maxAge)
|
void |
setSessionIdCookieName(String name)
|
void |
setSessionIdCookiePath(String path)
|
void |
setSessionIdCookieSecure(boolean secure)
|
void |
setSessionMode(String sessionMode)
|
| Methods inherited from class org.jsecurity.mgt.DefaultSecurityManager |
beforeLogout, createSubject, createSubject, createSubject, createSubject, createSubject, getRememberedIdentity, getRememberMeManager, getSubject, getSubject, login, logout, onFailedLogin, onSuccessfulLogin, rememberMeFailedLogin, rememberMeLogout, rememberMeSuccessfulLogin, setRememberMeCipher, setRememberMeCipherKey, setRememberMeCipherKeyBase64, setRememberMeCipherKeyHex, setRememberMeDecryptionCipherKey, setRememberMeDecryptionCipherKeyBase64, setRememberMeDecryptionCipherKeyHex, setRememberMeEncryptionCipherKey, setRememberMeEncryptionCipherKeyBase64, setRememberMeEncryptionCipherKeyHex, setRememberMeManager, stopSession, unbind |
| Methods inherited from class org.jsecurity.mgt.SessionsSecurityManager |
add, afterCacheManagerSet, applyCacheManagerToSessionManager, beforeAuthorizerDestroyed, beforeSessionManagerDestroyed, createSessionManager, destroySessionManager, ensureSessionManager, getSession, getSessionManager, remove, setSessionListeners, setSessionManager, start |
| Methods inherited from class org.jsecurity.mgt.AuthorizingSecurityManager |
beforeAuthenticatorDestroyed, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, createAuthorizer, destroyAuthorizer, ensureAuthorizer, getAuthorizer, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, setAuthorizer, setPermissionResolver, setRealms |
| Methods inherited from class org.jsecurity.mgt.AuthenticatingSecurityManager |
add, authenticate, beforeRealmsDestroyed, createAuthenticator, destroyAuthenticator, ensureAuthenticator, getAuthenticator, remove, setAuthenticationListeners, setAuthenticator, setModularAuthenticationStrategy |
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
HTTP_SESSION_MODE
public static final String HTTP_SESSION_MODE
- See Also:
- Constant Field Values
JSECURITY_SESSION_MODE
public static final String JSECURITY_SESSION_MODE
- See Also:
- Constant Field Values
PRINCIPALS_SESSION_KEY
public static final String PRINCIPALS_SESSION_KEY
- The key that is used to store subject principals in the session.
AUTHENTICATED_SESSION_KEY
public static final String AUTHENTICATED_SESSION_KEY
- The key that is used to store whether or not the user is authenticated in the session.
DefaultWebSecurityManager
public DefaultWebSecurityManager()
DefaultWebSecurityManager
public DefaultWebSecurityManager(Realm singleRealm)
DefaultWebSecurityManager
public DefaultWebSecurityManager(Collection<Realm> realms)
setRememberMeCookiePath
public void setRememberMeCookiePath(String rememberMeCookiePath)
- Sets the path used to store the remember me cookie. This determines which paths
are able to view the remember me cookie.
- Parameters:
rememberMeCookiePath - the path to use for the remember me cookie.
setRememberMeCookieMaxAge
public void setRememberMeCookieMaxAge(Integer rememberMeMaxAge)
- Sets the maximum age allowed for the remember me cookie. This basically sets how long
a user will be remembered by the "remember me" feature. Used when calling
maxAge. Please see that JavaDoc for the semantics on the
repercussions of negative, zero, and positive values for the maxAge.
- Parameters:
rememberMeMaxAge - the maximum age for the remember me cookie.
setSessionIdCookieName
public void setSessionIdCookieName(String name)
setSessionIdCookiePath
public void setSessionIdCookiePath(String path)
setSessionIdCookieMaxAge
public void setSessionIdCookieMaxAge(int maxAge)
setSessionIdCookieSecure
public void setSessionIdCookieSecure(boolean secure)
getSessionMode
public String getSessionMode()
setSessionMode
public void setSessionMode(String sessionMode)
isHttpSessionMode
public boolean isHttpSessionMode()
newSessionManagerInstance
protected SessionManager newSessionManagerInstance()
- Overrides:
newSessionManagerInstance in class SessionsSecurityManager
getPrincipals
protected PrincipalCollection getPrincipals(Session session)
getPrincipals
protected PrincipalCollection getPrincipals(Session existing,
ServletRequest servletRequest,
ServletResponse servletResponse)
isAuthenticated
protected boolean isAuthenticated(Session session)
isAuthenticated
protected boolean isAuthenticated(Session existing,
ServletRequest servletRequest,
ServletResponse servletResponse)
createSubject
public Subject createSubject()
- Overrides:
createSubject in class DefaultSecurityManager
createSubject
public Subject createSubject(ServletRequest request,
ServletResponse response)
createSubject
public Subject createSubject(Session existing,
ServletRequest request,
ServletResponse response)
createSubject
protected Subject createSubject(PrincipalCollection principals,
boolean authenticated,
Session existing,
ServletRequest request,
ServletResponse response)
bind
protected void bind(Subject subject)
- Description copied from class:
DefaultSecurityManager
- Binds a Subject instance created after authentication to the application for later use.
The default implementation merely binds the argument to the thread local via the ThreadContext.
Should be overridden by subclasses for environment-specific binding (e.g. web environment, etc).
- Overrides:
bind in class DefaultSecurityManager
- Parameters:
subject - the Subject instance created after authentication to be bound to the application
for later use.
bind
protected void bind(Subject subject,
ServletRequest request,
ServletResponse response)
Copyright © 2004-2008 JSecurity.