public class DefaultAuthenticationPolicy extends Object implements AuthenticationPolicy
Constructor and Description |
---|
DefaultAuthenticationPolicy() |
Modifier and Type | Method and Description |
---|---|
protected org.apache.shiro.subject.PrincipalCollection |
createAssumedIdentity(ConnectionReference conn)
Returns a Shiro
PrincipalCollection representing the identity to assume (without true authentication) for
the specified Connection. |
protected boolean |
credentialsAvailable(ConnectionReference conn)
Returns
true if the client connection has supplied credentials to authenticate itself, false
otherwise. |
void |
customizeSubject(org.apache.shiro.subject.Subject.Builder subjectBuilder,
ConnectionReference conn)
Allows customization of the
Subject being built for the specified client
connection. |
String |
getAnonymousAccountRealmName() |
String |
getAnonymousAccountUsername() |
String |
getSystemAccountRealmName() |
String |
getSystemAccountUsername() |
boolean |
isAnonymousAccessAllowed() |
protected boolean |
isAnonymousAccount(org.apache.shiro.subject.Subject subject) |
protected boolean |
isAssumeIdentity(ConnectionReference conn)
Returns
true if an unauthenticated connection should still assume a specific identity, false
otherwise. |
boolean |
isAuthenticationRequired(SubjectConnectionReference conn)
Returns
true if the connection's Subject instance should be authenticated, false otherwise. |
protected boolean |
isSystemAccount(org.apache.shiro.subject.Subject subject) |
protected boolean |
isSystemConnection(ConnectionReference conn) |
boolean |
isVmConnectionAuthenticationRequired() |
protected boolean |
matches(org.apache.shiro.subject.PrincipalCollection principals,
String username,
String realmName) |
void |
setAnonymousAccessAllowed(boolean anonymousAccessAllowed) |
void |
setAnonymousAccountRealmName(String anonymousAccountRealmName) |
void |
setAnonymousAccountUsername(String anonymousAccountUsername) |
void |
setSystemAccountRealmName(String systemAccountRealmName) |
void |
setSystemAccountUsername(String systemAccountUsername) |
void |
setVmConnectionAuthenticationRequired(boolean vmConnectionAuthenticationRequired) |
public DefaultAuthenticationPolicy()
public boolean isVmConnectionAuthenticationRequired()
public void setVmConnectionAuthenticationRequired(boolean vmConnectionAuthenticationRequired)
public String getSystemAccountUsername()
public void setSystemAccountUsername(String systemAccountUsername)
public String getSystemAccountRealmName()
public void setSystemAccountRealmName(String systemAccountRealmName)
public boolean isAnonymousAccessAllowed()
public void setAnonymousAccessAllowed(boolean anonymousAccessAllowed)
public String getAnonymousAccountUsername()
public void setAnonymousAccountUsername(String anonymousAccountUsername)
public String getAnonymousAccountRealmName()
public void setAnonymousAccountRealmName(String anonymousAccountRealmName)
protected boolean credentialsAvailable(ConnectionReference conn)
true
if the client connection has supplied credentials to authenticate itself, false
otherwise.conn
- the client's connection contexttrue
if the client connection has supplied credentials to authenticate itself, false
otherwise.public boolean isAuthenticationRequired(SubjectConnectionReference conn)
AuthenticationPolicy
true
if the connection's Subject
instance should be authenticated, false
otherwise.isAuthenticationRequired
in interface AuthenticationPolicy
conn
- the subject's connectiontrue
if the connection's Subject
instance should be authenticated, false
otherwise.protected boolean isAnonymousAccount(org.apache.shiro.subject.Subject subject)
protected boolean isSystemAccount(org.apache.shiro.subject.Subject subject)
protected boolean matches(org.apache.shiro.subject.PrincipalCollection principals, String username, String realmName)
protected boolean isSystemConnection(ConnectionReference conn)
public void customizeSubject(org.apache.shiro.subject.Subject.Builder subjectBuilder, ConnectionReference conn)
AuthenticationPolicy
Subject
being built for the specified client
connection. This allows for any pre-existing connection-specific identity or state to be applied to the
Subject.Builder
before the Subject
instance is actually created.
NOTE: This method is called by the SubjectFilter
before the filter chain
is executed (and before an authentication attempt occurs). Implementations MUST NOT
attempt to actually build
the subject or perform
an authentication attempt in this method.customizeSubject
in interface AuthenticationPolicy
subjectBuilder
- the builder for the Subject that will be created representing the associated client connectionconn
- a reference to the client's connection metadataSubjectFilter
protected boolean isAssumeIdentity(ConnectionReference conn)
true
if an unauthenticated connection should still assume a specific identity, false
otherwise. This method will only be called if there are no connection
credentialsAvailable
.
If a client supplies connection credentials, they will always be used to authenticate the client with that
identity.
If true
is returned, the assumed identity will be returned by
createAssumedIdentity
.
true
in most other scenarios.conn
- a reference to the client's connectiontrue
if an unauthenticated connection should still assume a specific identity, false
otherwise.protected org.apache.shiro.subject.PrincipalCollection createAssumedIdentity(ConnectionReference conn)
PrincipalCollection
representing the identity to assume (without true authentication) for
the specified Connection.
This method is only called if isAssumeIdentity(ConnectionReference)
is true
.conn
- a reference to the client's connectionPrincipalCollection
representing the identity to assume (without true authentication) for
the specified Connection.Copyright © 2005–2017 The Apache Software Foundation. All rights reserved.