Interface WebSecurityManager

All Superinterfaces:

org.apache.shiro.authc.Authenticator, org.apache.shiro.authz.Authorizer, org.apache.shiro.mgt.SecurityManager, org.apache.shiro.session.mgt.SessionManager

All Known Implementing Classes:

DefaultWebSecurityManager

public interface WebSecurityManager
extends org.apache.shiro.mgt.SecurityManager

This interface represents a SecurityManager implementation that can used in web-enabled applications.

Since:

1.0

Method Summary

Modifier and Type	Method	Description
boolean	isHttpSessionMode()	Security information needs to be retained from request to request, so Shiro makes use of a session for this.

Methods inherited from interface org.apache.shiro.authc.Authenticator

authenticate

Methods inherited from interface org.apache.shiro.authz.Authorizer

checkPermission, checkPermission, checkPermissions, checkPermissions, checkRole, checkRoles, checkRoles, hasAllRoles, hasRole, hasRoles, isPermitted, isPermitted, isPermitted, isPermitted, isPermittedAll, isPermittedAll

Methods inherited from interface org.apache.shiro.mgt.SecurityManager

createSubject, login, logout

Methods inherited from interface org.apache.shiro.session.mgt.SessionManager

getSession, start

Method Details

isHttpSessionMode

boolean isHttpSessionMode()

Security information needs to be retained from request to request, so Shiro makes use of a session for this. Typically, a security manager will use the servlet container's HTTP session but custom session implementations, for example based on EhCache, may also be used. This method indicates whether the security manager is using the HTTP session or not.

Returns:

true if the security manager is using the HTTP session; otherwise, false.