org.apache.shiro.web.subject.support

Class WebDelegatingSubject

java.lang.Object

org.apache.shiro.subject.support.DelegatingSubject

org.apache.shiro.web.subject.support.WebDelegatingSubject

All Implemented Interfaces:

Subject, WebSubject, RequestPairSource

public class WebDelegatingSubject
extends DelegatingSubject
implements WebSubject

Default WebSubject implementation that additional ensures the ability to retain a servlet request/response pair to be used by internal shiro components as necessary during the request execution.

Since:

1.0

Nested Class Summary

Nested classes/interfaces inherited from interface org.apache.shiro.web.subject.WebSubject

WebSubject.Builder

Field Summary

Fields inherited from class org.apache.shiro.subject.support.DelegatingSubject

authenticated, host, principals, securityManager, session, sessionCreationEnabled

Constructor Summary

Constructors

Constructor and Description
WebDelegatingSubject(PrincipalCollection principals, boolean authenticated, String host, Session session, boolean sessionEnabled, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, SecurityManager securityManager)
WebDelegatingSubject(PrincipalCollection principals, boolean authenticated, String host, Session session, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, SecurityManager securityManager)

Method Summary

Modifier and Type	Method and Description
protected SessionContext	createSessionContext()
javax.servlet.ServletRequest	getServletRequest() Returns the ServletRequest accessible when the Subject instance was created.
javax.servlet.ServletResponse	getServletResponse() Returns the ServletResponse accessible when the Subject instance was created.
protected boolean	isSessionCreationEnabled() Returns true if session creation is allowed (as determined by the super class's super#isSessionCreationEnabled() value and no request-specific override has disabled sessions for this subject, false otherwise.

Methods inherited from class org.apache.shiro.subject.support.DelegatingSubject

assertAuthzCheckPossible, associateWith, associateWith, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, decorate, execute, execute, getHost, getPreviousPrincipals, getPrincipal, getPrincipals, getSecurityManager, getSession, getSession, hasAllRoles, hasPrincipals, hasRole, hasRoles, isAuthenticated, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isRemembered, isRunAs, login, logout, releaseRunAs, runAs

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.apache.shiro.subject.Subject

associateWith, associateWith, checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, execute, execute, getPreviousPrincipals, getPrincipal, getPrincipals, getSession, getSession, hasAllRoles, hasRole, hasRoles, isAuthenticated, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll, isRemembered, isRunAs, login, logout, releaseRunAs, runAs

Constructor Detail

WebDelegatingSubject

public WebDelegatingSubject(PrincipalCollection principals,
                            boolean authenticated,
                            String host,
                            Session session,
                            javax.servlet.ServletRequest request,
                            javax.servlet.ServletResponse response,
                            SecurityManager securityManager)

WebDelegatingSubject

public WebDelegatingSubject(PrincipalCollection principals,
                            boolean authenticated,
                            String host,
                            Session session,
                            boolean sessionEnabled,
                            javax.servlet.ServletRequest request,
                            javax.servlet.ServletResponse response,
                            SecurityManager securityManager)

Method Detail

getServletRequest

public javax.servlet.ServletRequest getServletRequest()

Description copied from interface: WebSubject

Returns the ServletRequest accessible when the Subject instance was created.

Specified by:

getServletRequest in interface WebSubject

Specified by:

getServletRequest in interface RequestPairSource

Returns:

the ServletRequest accessible when the Subject instance was created.

getServletResponse

public javax.servlet.ServletResponse getServletResponse()

Description copied from interface: WebSubject

Returns the ServletResponse accessible when the Subject instance was created.

Specified by:

getServletResponse in interface WebSubject

Specified by:

getServletResponse in interface RequestPairSource

Returns:

the ServletResponse accessible when the Subject instance was created.

isSessionCreationEnabled

protected boolean isSessionCreationEnabled()

Returns true if session creation is allowed (as determined by the super class's super#isSessionCreationEnabled() value and no request-specific override has disabled sessions for this subject, false otherwise.

This means session creation is disabled if the super super#isSessionCreationEnabled() property is false or if a request attribute is discovered that turns off sessions for the current request.

Overrides:

isSessionCreationEnabled in class DelegatingSubject

Returns:

true if session creation is allowed (as determined by the super class's super#isSessionCreationEnabled() value and no request-specific override has disabled sessions for this subject, false otherwise.

Since:

1.2

createSessionContext

protected SessionContext createSessionContext()

Overrides:

createSessionContext in class DelegatingSubject