Package org.apache.shiro.guice.web

Class ShiroWebModule

  • All Implemented Interfaces:
    com.google.inject.Module, org.apache.shiro.util.Destroyable
    public abstract class ShiroWebModule
extends ShiroModule
    Sets up Shiro lifecycles within Guice, enables the injecting of Shiro objects, and binds a default WebSecurityManager, SecurityManager and SessionManager. At least one realm must be added by using bindRealm.

    Also provides for the configuring of filter chains and binds a FilterChainResolver with that information.

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  ShiroWebModule.FilterConfig<T extends javax.servlet.Filter>
      Filter configuration which pairs a Filter class with its configuration used on a path.

    • Field Summary

      Fields 
      Modifier and Type Field Description
      static com.google.inject.Key<org.apache.shiro.web.filter.authc.AnonymousFilter> ANON  
      static com.google.inject.Key<org.apache.shiro.web.filter.authc.FormAuthenticationFilter> AUTHC  
      static com.google.inject.Key<org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter> AUTHC_BASIC  
      static com.google.inject.Key<org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter> AUTHC_BEARER  
      static com.google.inject.Key<org.apache.shiro.web.filter.InvalidRequestFilter> INVALID_REQUEST  
      static com.google.inject.Key<org.apache.shiro.web.filter.authc.LogoutFilter> LOGOUT  
      static com.google.inject.Key<org.apache.shiro.web.filter.session.NoSessionCreationFilter> NO_SESSION_CREATION  
      static com.google.inject.Key<org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter> PERMS  
      static com.google.inject.Key<org.apache.shiro.web.filter.authz.PortFilter> PORT  
      static com.google.inject.Key<org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter> REST  
      static com.google.inject.Key<org.apache.shiro.web.filter.authz.RolesAuthorizationFilter> ROLES  
      static com.google.inject.Key<org.apache.shiro.web.filter.authz.SslFilter> SSL  
      static com.google.inject.Key<org.apache.shiro.web.filter.authc.UserFilter> USER  

    • Constructor Summary

      Constructors 
      Constructor Description
      ShiroWebModule​(javax.servlet.ServletContext servletContext)  

    • Method Summary

      All Methods Static Methods Instance Methods Abstract Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      protected void addFilterChain​(String pattern, com.google.inject.Key<? extends javax.servlet.Filter> key)  
      protected void addFilterChain​(String pattern, com.google.inject.Key<? extends javax.servlet.Filter>... keys)
      Deprecated.
      protected void addFilterChain​(String pattern, ShiroWebModule.FilterConfig<? extends javax.servlet.Filter>... filterConfigs)
      Maps 'n' number of filterConfigs to a specific path pattern.
      For example, a path of '/my_private_resource/**' to 'filterConfig(AUTHC)' would require any resource under the path '/my_private_resource' would be processed through the FormAuthenticationFilter.
      protected void bindEnvironment​(com.google.inject.binder.AnnotatedBindingBuilder<org.apache.shiro.env.Environment> bind)
      Binds the environment.
      static void bindGuiceFilter​(com.google.inject.Binder binder)  
      static void bindGuiceFilter​(String pattern, com.google.inject.Binder binder)  
      protected void bindSecurityManager​(com.google.inject.binder.AnnotatedBindingBuilder<? super org.apache.shiro.mgt.SecurityManager> bind)
      Binds the security manager.
      protected void bindSessionManager​(com.google.inject.binder.AnnotatedBindingBuilder<org.apache.shiro.session.mgt.SessionManager> bind)
      Binds the session manager.
      protected void bindWebEnvironment​(com.google.inject.binder.AnnotatedBindingBuilder<? super org.apache.shiro.web.env.WebEnvironment> bind)  
      protected void bindWebSecurityManager​(com.google.inject.binder.AnnotatedBindingBuilder<? super org.apache.shiro.web.mgt.WebSecurityManager> bind)
      Binds the security manager.
      protected static <T extends org.apache.shiro.web.filter.PathMatchingFilter>
      com.google.inject.Key<T>      		 config​(com.google.inject.Key<T> baseKey, String configValue)
      Deprecated.
      protected static <T extends org.apache.shiro.web.filter.PathMatchingFilter>
      com.google.inject.Key<T>      		 config​(com.google.inject.TypeLiteral<T> typeLiteral, String configValue)
      Deprecated.
      protected static <T extends org.apache.shiro.web.filter.PathMatchingFilter>
      com.google.inject.Key<T>      		 config​(Class<T> type, String configValue)
      Deprecated.
      protected void configureShiro()
      Implement this method in order to configure your realms and any other Shiro customization you may need.
      protected abstract void configureShiroWeb()  
      protected static <T extends javax.servlet.Filter>
      ShiroWebModule.FilterConfig<T>      		 filterConfig​(com.google.inject.Key<T> baseKey)
      Builds a FilterConfig from a Filer and configuration String
      protected static <T extends javax.servlet.Filter>
      ShiroWebModule.FilterConfig<T>      		 filterConfig​(com.google.inject.Key<T> baseKey, String configValue)
      Builds a FilterConfig from a Filer and configuration String
      protected static <T extends javax.servlet.Filter>
      ShiroWebModule.FilterConfig<T>      		 filterConfig​(com.google.inject.TypeLiteral<T> typeLiteral, String configValue)
      Builds a FilterConfig from a Filer and configuration String
      protected static <T extends javax.servlet.Filter>
      ShiroWebModule.FilterConfig<T>      		 filterConfig​(Class<T> type, String configValue)
      Builds a FilterConfig from a Filer and configuration String
      List<ShiroWebModule.FilterConfig<? extends javax.servlet.Filter>> globalFilters()  
      static com.google.inject.servlet.ServletModule guiceFilterModule()  
      static com.google.inject.servlet.ServletModule guiceFilterModule​(String pattern)  

      • Methods inherited from class com.google.inject.PrivateModule

        addError, addError, addError, bind, bind, bind, bindConstant, binder, bindInterceptor, bindListener, bindListener, bindScope, configure, convertToTypes, currentStage, expose, expose, expose, getMembersInjector, getMembersInjector, getProvider, getProvider, install, requestInjection, requestStaticInjection, requireBinding, requireBinding

    • Field Detail

      • ANON

        public static final com.google.inject.Key<org.apache.shiro.web.filter.authc.AnonymousFilter> ANON

      • AUTHC

        public static final com.google.inject.Key<org.apache.shiro.web.filter.authc.FormAuthenticationFilter> AUTHC

      • AUTHC_BASIC

        public static final com.google.inject.Key<org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter> AUTHC_BASIC

      • AUTHC_BEARER

        public static final com.google.inject.Key<org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter> AUTHC_BEARER

      • NO_SESSION_CREATION

        public static final com.google.inject.Key<org.apache.shiro.web.filter.session.NoSessionCreationFilter> NO_SESSION_CREATION

      • LOGOUT

        public static final com.google.inject.Key<org.apache.shiro.web.filter.authc.LogoutFilter> LOGOUT

      • PERMS

        public static final com.google.inject.Key<org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter> PERMS

      • PORT

        public static final com.google.inject.Key<org.apache.shiro.web.filter.authz.PortFilter> PORT

      • REST

        public static final com.google.inject.Key<org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter> REST

      • ROLES

        public static final com.google.inject.Key<org.apache.shiro.web.filter.authz.RolesAuthorizationFilter> ROLES

      • SSL

        public static final com.google.inject.Key<org.apache.shiro.web.filter.authz.SslFilter> SSL

      • USER

        public static final com.google.inject.Key<org.apache.shiro.web.filter.authc.UserFilter> USER

      • INVALID_REQUEST

        public static final com.google.inject.Key<org.apache.shiro.web.filter.InvalidRequestFilter> INVALID_REQUEST

    • Constructor Detail

      • ShiroWebModule

        public ShiroWebModule​(javax.servlet.ServletContext servletContext)

    • Method Detail

      • bindGuiceFilter

        public static void bindGuiceFilter​(com.google.inject.Binder binder)

      • bindGuiceFilter

        public static void bindGuiceFilter​(String pattern,
                                   com.google.inject.Binder binder)

      • guiceFilterModule

        public static com.google.inject.servlet.ServletModule guiceFilterModule()

      • guiceFilterModule

        public static com.google.inject.servlet.ServletModule guiceFilterModule​(String pattern)

      • configureShiro

        protected final void configureShiro()
        Description copied from class: ShiroModule
        Implement this method in order to configure your realms and any other Shiro customization you may need.
        Specified by:
        configureShiro in class ShiroModule

      • configureShiroWeb

        protected abstract void configureShiroWeb()

      • bindSecurityManager

        protected final void bindSecurityManager​(com.google.inject.binder.AnnotatedBindingBuilder<? super org.apache.shiro.mgt.SecurityManager> bind)
        Description copied from class: ShiroModule
        Binds the security manager. Override this method in order to provide your own security manager binding.

        By default, a DefaultSecurityManager is bound as an eager singleton.

        Overrides:
        bindSecurityManager in class ShiroModule

      • bindWebSecurityManager

        protected void bindWebSecurityManager​(com.google.inject.binder.AnnotatedBindingBuilder<? super org.apache.shiro.web.mgt.WebSecurityManager> bind)
        Binds the security manager. Override this method in order to provide your own security manager binding.

        By default, a DefaultWebSecurityManager is bound as an eager singleton.

        Parameters:
        bind -

      • bindSessionManager

        protected void bindSessionManager​(com.google.inject.binder.AnnotatedBindingBuilder<org.apache.shiro.session.mgt.SessionManager> bind)
        Binds the session manager. Override this method in order to provide your own session manager binding.

        By default, a DefaultWebSessionManager is bound as an eager singleton.

        Overrides:
        bindSessionManager in class ShiroModule
        Parameters:
        bind -

      • bindEnvironment

        protected final void bindEnvironment​(com.google.inject.binder.AnnotatedBindingBuilder<org.apache.shiro.env.Environment> bind)
        Description copied from class: ShiroModule
        Binds the environment. Override this method in order to provide your own environment binding.

        By default, a GuiceEnvironment is bound as an eager singleton.

        Overrides:
        bindEnvironment in class ShiroModule

      • bindWebEnvironment

        protected void bindWebEnvironment​(com.google.inject.binder.AnnotatedBindingBuilder<? super org.apache.shiro.web.env.WebEnvironment> bind)

      • addFilterChain

        protected final void addFilterChain​(String pattern,
                                    com.google.inject.Key<? extends javax.servlet.Filter> key)

      • addFilterChain

        protected final void addFilterChain​(String pattern,
                                    ShiroWebModule.FilterConfig<? extends javax.servlet.Filter>... filterConfigs)
        Maps 'n' number of filterConfigs to a specific path pattern.
        For example, a path of '/my_private_resource/**' to 'filterConfig(AUTHC)' would require any resource under the path '/my_private_resource' would be processed through the FormAuthenticationFilter.
        Parameters:
        pattern - URL patter to be mapped to a FilterConfig, e.g. '/my_private-path/**'
        filterConfigs - FilterConfiguration representing the Filter and config to be used when processing resources on pattern.
        Since:
        1.4

      • filterConfig

        protected static <T extends javax.servlet.Filter> ShiroWebModule.FilterConfig<T> filterConfig​(com.google.inject.Key<T> baseKey,
                                                                                              String configValue)
        Builds a FilterConfig from a Filer and configuration String
        Type Parameters:
        T - A Servlet Filter class.
        Parameters:
        baseKey - The Key of the Filter class to be used.
        Returns:
        A FilterConfig used to map a String path to this configuration.
        Since:
        1.4

      • filterConfig

        protected static <T extends javax.servlet.Filter> ShiroWebModule.FilterConfig<T> filterConfig​(com.google.inject.Key<T> baseKey)
        Builds a FilterConfig from a Filer and configuration String
        Type Parameters:
        T - A Servlet Filter class.
        Parameters:
        baseKey - The Key of the Filter class to be used.
        Returns:
        A FilterConfig used to map a String path to this configuration.
        Since:
        1.4

      • filterConfig

        protected static <T extends javax.servlet.Filter> ShiroWebModule.FilterConfig<T> filterConfig​(com.google.inject.TypeLiteral<T> typeLiteral,
                                                                                              String configValue)
        Builds a FilterConfig from a Filer and configuration String
        Type Parameters:
        T - A Servlet Filter class.
        Parameters:
        typeLiteral - The TyleLiteral of the filter key to be used.
        configValue - the configuration used.
        Returns:
        A FilterConfig used to map a String path to this configuration.
        Since:
        1.4

      • filterConfig

        protected static <T extends javax.servlet.Filter> ShiroWebModule.FilterConfig<T> filterConfig​(Class<T> type,
                                                                                              String configValue)
        Builds a FilterConfig from a Filer and configuration String
        Type Parameters:
        T - A Servlet Filter class.
        Parameters:
        type - The filter to be used.
        configValue - the configuration used.
        Returns:
        A FilterConfig used to map a String path to this configuration.
        Since:
        1.4

      • addFilterChain

        @Deprecated
protected final void addFilterChain​(String pattern,
                                    com.google.inject.Key<? extends javax.servlet.Filter>... keys)
        Deprecated.
        Adds a filter chain to the shiro configuration.

        NOTE: If the provided key is for a subclass of PathMatchingFilter, it will be registered with a proper provider.

        Parameters:
        pattern -
        keys -

      • config

        @Deprecated
protected static <T extends org.apache.shiro.web.filter.PathMatchingFilter> com.google.inject.Key<T> config​(com.google.inject.Key<T> baseKey,
                                                                                                            String configValue)
        Deprecated.

      • config

        @Deprecated
protected static <T extends org.apache.shiro.web.filter.PathMatchingFilter> com.google.inject.Key<T> config​(com.google.inject.TypeLiteral<T> typeLiteral,
                                                                                                            String configValue)
        Deprecated.

      • config

        @Deprecated
protected static <T extends org.apache.shiro.web.filter.PathMatchingFilter> com.google.inject.Key<T> config​(Class<T> type,
                                                                                                            String configValue)
        Deprecated.