All Classes and Interfaces
Class
Description
Abstract base implementation for Shiro's concrete
AuthenticationStrategy
implementations.Superclass for almost all
Authenticator implementations that performs the common work around authentication
attempts.AbstractFactory.
A
Realm that authenticates with an LDAP
server to build the Subject for a user.Abstract implementation supporting the
NativeSessionManager interface, supporting
SessionListeners and application of the
globalSessionTimeout.Abstract implementation of the
RememberMeManager interface that handles
serialization and
encryption of the remembered user identity.An abstract
SessionDAO implementation that performs some sanity checks on session creation and reading and
allows for pluggable Session ID generation strategies if desired.Base abstract class of the
SessionManager interface, enabling configuration of an
application-wide globalSessionTimeout.Default business-tier implementation of the
ValidatingSessionManager interface.An Account is a convenience interface that extends both
AuthenticationInfo and
AuthorizationInfo and represents authentication and authorization for a single account in a
single Realm.Exception thrown due to a problem with the account
under which an authentication attempt is being executed.
A
Realm that authenticates with an active directory LDAP
server to determine the roles for a particular user.A credentials matcher that always returns
true when matching credentials no matter what arguments
are passed in.An all AllPermission instance is one that always implies any other permission; that is, its
implies method always returns true.AuthenticationStrategy implementation that requires all configured realms to
successfully process the submitted AuthenticationToken during the log-in attempt.
Base support class for implementations that reads and processes JSR-175 annotations.
MethodInterceptor that inspects a specific annotation on the method invocation before continuing
its execution.
Defines an AOP-framework-independent way of determining if an Annotation exists on a Method.
An AnnotationsAuthorizingMethodInterceptor is a MethodInterceptor that asserts a given method is authorized
to execute based on one or more configured AuthorizingAnnotationMethodInterceptors.
PathMatcher implementation for Ant-style path patterns.
AuthenticationStrategy implementation that requires at least one configured realm to
successfully process the submitted AuthenticationToken during the log-in attempt.
Handles
RequiresAuthentication annotations and ensures the calling subject is
authenticated before allowing access.Checks to see if a @
RequiresAuthenticated annotation
is declared, and if so, ensures the calling
Subject.isAuthenticated() before invoking
the method.A top-level abstract implementation of the Realm interface that only implements authentication support
(log-in) operations and leaves authorization (access control) behavior to subclasses.
Shiro support of a
SecurityManager class hierarchy that delegates all
authentication operations to a wrapped Authenticator instance.General exception thrown due to an error during the Authentication process.
AuthenticationInfo represents a Subject's (aka user's) stored account information relevant to the
authentication/log-in process only.An
AuthenticationListener listens for notifications while Subjects authenticate with the system.A
AuthenticationStrategy implementation assists the ModularRealmAuthenticator during the
log-in process in a pluggable realm (PAM) environment.An AuthenticationToken is a consolidation of an account's principals and supporting
credentials submitted by a user during an authentication attempt.
An Authenticator is responsible for authenticating accounts in an application.
Exception thrown if there is a problem during authorization (access control check).
AuthorizationInfo represents a single Subject's stored authorization data (roles, permissions, etc.)
used during authorization (access control) checks only.An Authorizer performs authorization (access control) operations for any given Subject
(aka 'application user').
An AnnotationHandler that executes authorization (access control) behavior based on directive(s) found in a
JSR-175 Annotation.
An AnnotationMethodInterceptor that asserts the calling code is authorized to execute the method
before allowing the invocation to continue by inspecting code annotations to perform an access control check.
Basic abstract class to support intercepting methods that perform authorization (access control) checks.
An
AuthorizingRealm extends the AuthenticatingRealm's capabilities by adding Authorization
(access control) support.Shiro support of a
SecurityManager class hierarchy that delegates all
authorization (access control) operations to a wrapped Authorizer instance.Basic usage:
A
AuthenticationToken that contains a Bearer token or API key, typically received via an HTTP
Authorization header.A very basic abstract extension point for the
Realm interface that provides caching support for subclasses.A very basic starting point for the SecurityManager interface that merely provides logging and caching
support.
An CachingSessionDAO is a SessionDAO that provides a transparent caching layer between the components that
use it and the underlying EIS (Enterprise Information System) session backing store (for example, filesystem,
database, enterprise grid/cloud, etc.).
Static helper class for use dealing with Collections.
Thrown when an authentication attempt has been received for an account that has already been
authenticated (i.e.
Exception thrown due to a problem with the credential(s) submitted for an
account during the authentication process.
Interface implemented by classes that can determine if an AuthenticationToken's provided
credentials matches a corresponding account's credentials stored in the system.
Generic exception representing a problem when attempting to access data.
Default
AnnotationResolver implementation that merely inspects the
MethodInvocation's target method,
and returns targetMethod.getAnnotation(class).Simple/default
Environment implementation that stores Shiro objects as key-value pairs in a
Map instance.An LDAP
Realm implementation utilizing Sun's/Oracle's
JNDI API as an LDAP API.Default implementation of the
PasswordService interface that relies on an internal
HashService, HashFormat, and HashFormatFactory to function:The Shiro framework's default concrete implementation of the
SecurityManager interface,
based around a collection of Realms.Default implementation of the
SessionContext interface which provides getters and setters that
wrap interaction with the underlying backing context map.Default implementation of the
SessionKey interface, which allows setting and retrieval of a concrete
sessionId that the SessionManager implementation can use to look up a
Session instance.Default business-tier implementation of a
ValidatingSessionManager.A Default
SessionStorageEvaluator that provides reasonable control over if and how Sessions may be used for
storing Subject state.Default implementation of the
SubjectContext interface.Default
SubjectDAO implementation that stores Subject state in the Subject's Session by default (but this
can be disabled - see below).Default
SubjectFactory implementation that creates
DelegatingSubject
instances.A DelegatingSession is a client-tier representation of a server side
Session.Implementation of the
Subject interface that delegates
method calls to an underlying SecurityManager instance for security checks.This
AnnotationHandler denys access from any subject
(anonymous or logged in user).Thrown when attempting to authenticate and the corresponding account has been disabled for
some reason.
Exception thrown if attempting to create a new
Subject
session, but that Subject's sessions are disabled.Provides a base Permission class from which type-safe/domain-specific subclasses may extend.
SessionDAO implementation that relies on an enterprise caching product as the EIS system of record for all sessions.
An
Environment instance encapsulates all of the objects that Shiro requires to function.Exception thrown for errors related to
Environment instances or configuration.Thrown when a system is configured to only allow a certain number of authentication attempts
over a period of time and the current session has failed to authenticate successfully within
that number.
Exception wrapping any potential checked exception thrown when a
Subject executes a
Callable.SessionValidationScheduler implementation that uses a
ScheduledExecutorService to call ValidatingSessionManager.validateSessions() every
sessionValidationInterval milliseconds.Thrown during the authentication process when the system determines the submitted credential(s)
has expired and will not allow login.
A special case of a StoppedSessionException.
AuthenticationStrategy implementation that only accepts the account data from
the first successfully consulted Realm and ignores all subsequent realms.Checks to see if a @
RequiresGuest annotation
is declared, and if so, ensures the calling Subject does not
have an identity before invoking the method.Checks to see if a @
RequiresGuest annotation
is declared, and if so, ensures the calling Subject does not
have an identity before invoking the method.A
HashedCredentialMatcher provides support for hashing of supplied AuthenticationToken credentials
before being compared to those in the AuthenticationInfo from the data store.A
HashingPasswordService is a PasswordService that performs password encryption and comparisons
based on cryptographic Hashes.A
HostAuthenticationToken retains the host information from where
an authentication attempt originates.Thrown when a particular client (that is, host address) has not been enabled to access the system
or if the client has been enabled access but is not permitted to perform a particular operation
or access a particular resource.
Implementation of the
Session interface that proxies another Session, but does not
allow any 'write' operations to the underlying session.Thrown when attempting to authenticate with credential(s) that do not match the actual
credentials associated with the account principal.
Deprecated.
Deprecated.
use Shiro's
Environment mechanisms instead.Thrown by
PermissionResolver.resolvePermission(String) when the String being parsed is not
valid for that resolver.Root exception indicating invalid or incorrect usage of a data access resource.
Exception thrown when attempting to interact with the system under an established session
when that session is considered invalid.
Deprecated.
This class is no longer used in Shiro and will be removed in the next major version.
SessionIdGenerator that generates String values of JDK UUID's as the session IDs.Realm that allows authentication and authorization via JDBC calls.
Password hash salt configuration.
A set of static helper methods for managing JDBC API objects.
Callback interface to be implemented by classes that need to perform an
operation (such as a lookup) in a JNDI context.
LdapContextFactory implementation using the default Sun/Oracle JNDI Ldap API, utilizing JNDI
environment properties and an InitialContext.Deprecated.
Renamed to
DefaultLdapRealm, this class will be removed prior to 2.0Convenient superclass for JNDI accessors, providing "jndiTemplate"
and "jndiEnvironment" bean properties.
A factory implementation intended to be used to look up objects in jndi.
Looks up one or more Realm instances from JNDI using specified
jndiNames.Helper class that simplifies JNDI operations.
Interface that encapsulates the creation of
LdapContext objects that are used by DefaultLdapRealms to
perform authentication attempts and query for authorization data.Utility class providing static methods to make working with LDAP
easier.
A special kind of DisabledAccountException, this exception is thrown when attempting
to authenticate and the corresponding account has been disabled explicitly due to being locked.
An enum for specifying a logical operation that can be used for
interpreting authorization annotations
An SPI interface allowing cleanup logic to be executed during logout of a previously authenticated Subject/user.
A
MapContext provides a common base for context-based data storage in a Map.Simple memory-based implementation of the SessionDAO that stores all of its sessions in an in-memory
ConcurrentMap.An extension of the
AuthenticationInfo interface to be implemented by
classes that support merging with other AuthenticationInfo instances.A MethodInterceptor intercepts a MethodInvocation to perform before or after logic (aka 'advice').
This class is an abstraction of AOP method interceptor behavior specific to Shiro that
leaves AOP implementation specifics to be handled by subclass implementations.
3rd-party API independent representation of a method invocation.
A
ModularRealmAuthenticator delegates account lookups to a pluggable (modular) collection of
Realms.A ModularRealmAuthorizer is an Authorizer implementation that consults one or more configured
Realms during an authorization operation.A
PrincipalCollection that allows modification.An environment that supports object lookup by name.
A
Native session manager is one that manages sessions natively - that is, it is directly responsible
for the creation, persistence and removal of Session instances and their
lifecycles.A
CredentialsMatcher that employs best-practices comparisons for hashed text passwords.A
PasswordService supports common use cases when using passwords as a credentials mechanism.Interface for components that can match source strings against a specified pattern string.
A Permission represents the ability to perform an action or access a resource.
Checks to see if a @
RequiresPermissions annotation is
declared, and if so, performs a permission check to see if the calling Subject is allowed continued
access.Checks to see if a @
RequiresPermissions annotation is declared,
and if so, performs a permission check to see if the calling Subject is allowed to call the method.A
PermissionResolver resolves a String value and converts it into a
Permission instance.Interface implemented by a component that wishes to use any application-configured PermissionResolver that
might already exist instead of potentially creating one itself.
Utility class to help with String-to-Permission object resolution.
This
AnnotationHandler allows access from any subject
(anonymous or logged in user).A collection of all principals associated with a corresponding
Subject.EXPERIMENTAL - DO NOT USE YET
A
TextConfigurationRealm that defers all logic to the parent class, but just enables
Properties based configuration in addition to the parent class's String configuration.Simple
Session implementation that immediately delegates all corresponding calls to an
underlying proxied session instance.Generates session IDs by using a
Random instance to generate random IDs.A Realm is a security component that can access application-specific security entities
such as users, roles, and permissions to determine authentication and authorization operations.
Enables Shiro end-users to configure and initialize one or more
Realm instances
in any manner desired.Shiro support of a
SecurityManager class hierarchy based around a collection of
Realms.PatternMatcher implementation that uses standard java.util.regex objects.An
AuthenticationToken that indicates if the user wishes their identity to be remembered across sessions.A RememberMeManager is responsible for remembering a Subject's identity across that Subject's sessions with
the application.
Exception thrown when attempting to acquire an object of a required type and that object does not equal, extend, or
implement a specified
Class.Requires the current Subject to have been authenticated during their current session for the annotated
class/instance/method to be accessed or invoked.
Requires the current Subject to be a "guest", that is, they are not authenticated or remembered
from a previous session for the annotated class/instance/method to be accessed or invoked.
Requires the current executor's Subject to imply a particular permission in
order to execute the annotated method.
Requires the currently executing
Subject to have all of the
specified roles.Requires the current Subject to be an application user for the annotated class/instance/method to be
accessed or invoked.
Checks to see if a @
RequiresRoles annotation is declared,
and if so, performs a role check to see if the calling Subject is allowed to proceed.Checks to see if a @
RequiresRoles annotation is declared, and if so, performs
a role check to see if the calling Subject is allowed to invoke the method.A RolePermissionResolver resolves a String value and converts it into a Collection of
Permission instances.Interface implemented by a component that wishes to use any application-configured RolePermissionResolver that
might already exist instead of potentially creating one itself.
Checks to see if a @
RolesAllowed annotation is declared, and if so, performs
a role check to see if the calling Subject is allowed to proceed.Interface representing account information that may use a salt when hashing credentials.
A
SecurityManager executes all security operations for all Subjects (aka users) across a
single application.Accesses the currently accessible
Subject for the calling code depending on runtime environment.A
Session is a stateful data context associated with a single Subject (user, daemon process,
etc.) who interacts with a software system over a period of time.A
SessionContext is a 'bucket' of data presented to a SessionFactory which interprets
this data to construct Session instances.Data Access Object design pattern specification to enable
Session access to an
EIS (Enterprise Information System).General security exception attributed to problems during interaction with the system during
a session.
A simple factory class that instantiates concrete
Session instances.Interface allowing pluggable session ID generation strategies to be used with various
SessionDAO
implementations.A
SessionKey is a key that allows look-up of any particular Session
instance.Interface to be implemented by components that wish to be notified of events that occur during a
Session's life cycle.Simple adapter implementation of the
SessionListener interface, effectively providing
no-op implementations of all methods.A SessionManager manages the creation, maintenance, and clean-up of all application
Sessions.Shiro support of a
SecurityManager class hierarchy that delegates all
session operations to a wrapped
SessionManager instance.Evaluates whether or not Shiro may use a
Subject's Session
to persist that Subject's internal state.Interface that should be implemented by classes that can control validating sessions on a regular
basis.
Deprecated.
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property.Deprecated.
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property.Deprecated.
since 1.1 - use the HashedCredentialsMatcher directly and set its
hashAlgorithmName property.Exception thrown during the authentication process using
FirstSuccessfulStrategy, with
stopAfterFirstSuccess set.Simple implementation of the
Account interface that
contains principal and credential and authorization information (roles and permissions) as instance variables and
exposes them via getters and setters using standard JavaBean notation.A simple implementation of the
Realm interface that
uses a set of configured user accounts and roles to support authentication and authorization.Simple implementation of the
MergableAuthenticationInfo interface that holds the principals and
credentials.Simple POJO implementation of the
AuthorizationInfo interface that stores roles and permissions as internal
attributes.Simple CredentialsMatcher implementation.
A simple implementation of the
MutablePrincipalCollection interface that tracks principals internally
by storing them in a LinkedHashMap.Default implementation of the
PrincipalMap interface.A simple representation of a security role that has a name and a collection of permissions.
Simple
Session JavaBeans-compatible POJO implementation, intended to be used on the
business/server tier.SessionFactory implementation that generates SimpleSession instances.Exception thrown when attempting to interact with the system under a session that has been
stopped.
A
Subject represents state and security operations for a single application user.Builder design pattern implementation for creating
Subject instances in a simplified way without
requiring knowledge of Shiro's construction techniques.ExecutorService implementation that will automatically first associate any argument
Runnable or Callable instances with the currently available subject and then
dispatch the Subject-enabled runnable or callable to an underlying delegate
ExecutorService instance.Same concept as the
SubjectAwareExecutorService but additionally supports the
ScheduledExecutorService interface.A
SubjectContext is a 'bucket' of data presented to a SecurityManager which interprets
this data to construct Subject instances.A
SubjectDAO is responsible for persisting a Subject instance's internal state such that the Subject instance
can be recreated at a later time if necessary.A
SubjectFactory is responsible for constructing Subject instances as needed.A
SubjectRunnable ensures that a target/delegate Runnable will execute such that any
call to SecurityUtils.getSubject() during the
Runnable's execution will return the associated Subject instance.Manages thread-state for
Subject access (supporting
SecurityUtils.getSubject() calls)
during a thread's execution.A SimpleAccountRealm that enables text-based configuration of the initial User, Role, and Permission objects
created at startup.
A ThreadContext provides a means of binding and unbinding objects to the
current thread based on key/value pairs.
A
ThreadState instance manages any state that might need to be bound and/or restored during a thread's
execution.Exception thrown when attempting to execute an authorization action when a successful
authentication hasn't yet occurred.
Thrown to indicate a requested operation or access to a requested resource is not allowed.
Exception thrown when attempting to acquire the application's
SecurityManager instance, but Shiro's
lookup heuristics cannot find one.Thrown when attempting to authenticate with a principal that doesn't exist in the system (e.g.
Exception thrown when attempting to interact with the system under the pretense of a
particular session (e.g.
Exception thrown when a configured LDAP
Authentication Mechanism is unsupported by the target LDAP server.
Exception thrown during the authentication process when an
AuthenticationToken implementation is encountered that is not
supported by one or more configured Realms.Checks to see if a @
RequiresUser annotation
is declared, and if so, ensures the calling Subject is either
authenticated or remembered via remember
me services before allowing access.Checks to see if a @
RequiresUser annotation
is declared, and if so, ensures the calling Subject is either
authenticated or remembered via remember
me services before invoking the method.A simple username/password authentication token to support the most widely-used authentication mechanism.
A
ValidatingSession is a Session that is capable of determining it is valid or not and
is able to validate itself if necessary.A ValidatingSessionManager is a SessionManager that can proactively validate any or all sessions
that may be expired.
A
WildcardPermission is a very flexible permission construct supporting multiple levels of
permission matching.PermissionResolver implementation that returns a new
WildcardPermission
based on the input string.Interface implemented by
SecurityManager implementations that wrap another SecurityManager instance.
Environmentmechanisms instead.