List of usage examples for org.apache.shiro.subject SubjectContext setSessionCreationEnabled
void setSessionCreationEnabled(boolean enabled);
From source file:br.com.criativasoft.opendevice.wsrest.RestWebSecurityManager.java
License:Open Source License
@Override protected Subject createSubject(AuthenticationToken token, AuthenticationInfo info, Subject existing) { SubjectContext context = createSubjectContext(); context.setAuthenticated(true);//w w w.ja v a2 s . c o m context.setAuthenticationToken(token); context.setAuthenticationInfo(info); if (existing != null) { // FIX Avoid session creation if previous Subject is disabled. // org.apache.shiro.subject.SubjectContext.isSessionCreationEnabled() if (existing instanceof WebDelegatingSubject) { context.setSessionCreationEnabled(WebUtils._isSessionCreationEnabled(this)); context.setSecurityManager(((WebDelegatingSubject) existing).getSecurityManager()); } context.setSubject(existing); } return createSubject(context); }
From source file:com.caricah.iotracah.bootstrap.security.IOTSecurityManager.java
License:Apache License
/** * Logs in the specified Subject using the given {@code authenticationToken}, returning an updated Subject * instance reflecting the authenticated state if successful or throwing {@code AuthenticationException} if it is * not.//from w ww . j a v a 2 s . c om * <p> * Note that most application developers should probably not call this method directly unless they have a good * reason for doing so. The preferred way to log in a Subject is to call * <code>subject.{@link Subject#login login(authenticationToken)}</code> (usually after * acquiring the Subject by calling {@link SecurityUtils#getSubject() SecurityUtils.getSubject()}). * <p> * Framework developers on the other hand might find calling this method directly useful in certain cases. * * @param subject the subject against which the authentication attempt will occur * @param authenticationToken the token representing the Subject's principal(s) and credential(s) * @return the subject instance reflecting the authenticated state after a successful attempt * @throws AuthenticationException if the login attempt failed. * @since 1.0 */ @Override public Subject login(Subject subject, AuthenticationToken authenticationToken) throws AuthenticationException { AuthenticationInfo info = authenticate(authenticationToken); SubjectContext context = new DefaultSubjectContext(); context.setAuthenticated(true); context.setAuthenticationToken(authenticationToken); context.setAuthenticationInfo(info); context.setSessionCreationEnabled(true); if (subject != null) { context.setSubject(subject); } return createSubject(context); }
From source file:com.github.ibole.infrastructure.web.security.spring.shiro.config.StatelessSubjectFactory.java
License:Apache License
@Override public Subject createSubject(SubjectContext context) { //disable session creation. context.setSessionCreationEnabled(false); return super.createSubject(context); }
From source file:io.github.howiefh.jeews.modules.sys.security.mgt.StatelessDefaultSubjectFactory.java
License:Apache License
@Override public Subject createSubject(SubjectContext context) { // ?session//from w w w . j a v a 2 s . c o m context.setSessionCreationEnabled(false); return super.createSubject(context); }