Index (Apache Shiro :: Web 1.9.1 API)

A B C D E F G H I L M N O P Q R S T U V W _
All Classes All Packages

A

AbstractFilter - Class in org.apache.shiro.web.servlet: Base abstract Filter simplifying Filter initialization and access to init parameters.
AbstractFilter() - Constructor for class org.apache.shiro.web.servlet.AbstractFilter
AbstractShiroFilter - Class in org.apache.shiro.web.servlet: Abstract base class that provides all standard Shiro request filtering behavior and expects subclasses to implement configuration-specific logic (INI, XML, .properties, etc).
AbstractShiroFilter() - Constructor for class org.apache.shiro.web.servlet.AbstractShiroFilter
AccessControlFilter - Class in org.apache.shiro.web.filter: Superclass for any filter that controls access to a resource and may redirect the user to the login page if they are not authenticated.
AccessControlFilter() - Constructor for class org.apache.shiro.web.filter.AccessControlFilter
add(int, Filter) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
add(Filter) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
addAll(int, Collection<? extends Filter>) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
addAll(Collection<? extends Filter>) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
addDefaultFilters(boolean) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
addFilter(String, Filter) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
addFilter(String, Filter) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager: Adds a filter to the 'pool' of available filters that can be used when creating filter chains.
addFilter(String, Filter, boolean) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
addFilter(String, Filter, boolean) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager: Adds a filter to the 'pool' of available filters that can be used when creating filter chains.
addFilter(String, Filter, boolean, boolean) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
addToChain(String, String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
addToChain(String, String) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager: Adds (appends) a filter to the filter chain identified by the given chainName.
addToChain(String, String, String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
addToChain(String, String, String) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager: Adds (appends) a filter to the filter chain identified by the given chainName.
AdviceFilter - Class in org.apache.shiro.web.servlet: A Servlet Filter that enables AOP-style "around" advice for a ServletRequest via preHandle, postHandle, and afterCompletion hooks.
AdviceFilter() - Constructor for class org.apache.shiro.web.servlet.AdviceFilter
afterBound(String, Object) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
afterCompletion(ServletRequest, ServletResponse, Exception) - Method in class org.apache.shiro.web.servlet.AdviceFilter: Called in all cases in a finally block even if preHandle returns false or if an exception is thrown during filter chain processing.
afterSessionManagerSet() - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
afterUnbound(String, Object) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
ALLOW_BACKSLASH - Static variable in class org.apache.shiro.web.util.WebUtils
ALREADY_FILTERED_SUFFIX - Static variable in class org.apache.shiro.web.servlet.OncePerRequestFilter: Suffix that gets appended to the filter name for the "already filtered" request attribute.
anon - org.apache.shiro.web.filter.mgt.DefaultFilter
AnonymousFilter - Class in org.apache.shiro.web.filter.authc: Filter that allows access to a path immeidately without performing security checks of any kind.
AnonymousFilter() - Constructor for class org.apache.shiro.web.filter.authc.AnonymousFilter
appendQueryProperties(StringBuilder, Map, String) - Method in class org.apache.shiro.web.util.RedirectView: Append query properties to the redirect URL.
appliedPaths - Variable in class org.apache.shiro.web.filter.PathMatchingFilter: A collection of path-to-config entries where the key is a path which this filter should process and the value is the (possibly null) configuration element specific to this Filter for that specific path.
applyChainConfig(String, Filter, String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
applyFilterChainResolver(Ini, Map<String, ?>) - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.
applyInitParams() - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.
applySecurityManager(Ini) - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.
ATTRIBUTE_DELIMITER - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
authc - org.apache.shiro.web.filter.mgt.DefaultFilter
authcBasic - org.apache.shiro.web.filter.mgt.DefaultFilter
authcBearer - org.apache.shiro.web.filter.mgt.DefaultFilter
AuthenticatedTag - Class in org.apache.shiro.web.tags: JSP tag that renders the tag body only if the current user has executed a successful authentication attempt during their current session.
AuthenticatedTag() - Constructor for class org.apache.shiro.web.tags.AuthenticatedTag
AuthenticatingFilter - Class in org.apache.shiro.web.filter.authc: An AuthenticationFilter that is capable of automatically performing an authentication attempt based on the incoming request.
AuthenticatingFilter() - Constructor for class org.apache.shiro.web.filter.authc.AuthenticatingFilter
AuthenticationFilter - Class in org.apache.shiro.web.filter.authc: Base class for all Filters that require the current user to be authenticated.
AuthenticationFilter() - Constructor for class org.apache.shiro.web.filter.authc.AuthenticationFilter
AuthorizationFilter - Class in org.apache.shiro.web.filter.authz: Superclass for authorization-related filters.
AuthorizationFilter() - Constructor for class org.apache.shiro.web.filter.authz.AuthorizationFilter

B

BasicHttpAuthenticationFilter - Class in org.apache.shiro.web.filter.authc: Requires the requesting user to be authenticated for the request to continue, and if they're not, requires the user to login via the HTTP Basic protocol-specific challenge.
BasicHttpAuthenticationFilter() - Constructor for class org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter
BearerHttpAuthenticationFilter - Class in org.apache.shiro.web.filter.authc: Requires the requesting user to be authenticated for the request to continue, and if they're not, requires the user to login via the HTTP Bearer protocol-specific challenge.
BearerHttpAuthenticationFilter() - Constructor for class org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter
beforeLogout(Subject) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
buildChains(FilterChainManager, Ini) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
Builder(ServletRequest, ServletResponse) - Constructor for class org.apache.shiro.web.subject.WebSubject.Builder: Constructs a new Web.Builder instance using the SecurityManager obtained by calling SecurityUtils.getSecurityManager().
Builder(SecurityManager, ServletRequest, ServletResponse) - Constructor for class org.apache.shiro.web.subject.WebSubject.Builder: Constructs a new Web.Builder instance using the specified SecurityManager instance to create the WebSubject instance.
buildHeaderValue(String, String, String, String, String, int, int, boolean, boolean) - Method in class org.apache.shiro.web.servlet.SimpleCookie
buildHeaderValue(String, String, String, String, String, int, int, boolean, boolean, Cookie.SameSiteOptions) - Method in class org.apache.shiro.web.servlet.SimpleCookie
buildPermissions(String[], String) - Method in class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter: Builds a new array of permission strings based on the original argument, appending the specified action verb to each one per WildcardPermission conventions.
buildPermissions(HttpServletRequest, String[], String) - Method in class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter: Returns a collection of String permissions with which to perform a permission check to determine if the filter will allow the request to continue.
buildWebSubject() - Method in class org.apache.shiro.web.subject.WebSubject.Builder: Returns super.buildSubject(), but additionally ensures that the returned instance is an instanceof WebSubject and to support a type-safe method so a caller does not have to cast.

C

cleanup(ServletRequest, ServletResponse, Exception) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter: Overrides the default behavior to call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object) and swallow the exception if the exception is UnauthenticatedException.
cleanup(ServletRequest, ServletResponse, Exception) - Method in class org.apache.shiro.web.servlet.AdviceFilter: Executes cleanup logic in the finally code block in the doFilterInternal implementation.
clear() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
COMMENT_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
CONFIG_INIT_PARAM_NAME - Static variable in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.
CONFIG_LOCATIONS_PARAM - Static variable in class org.apache.shiro.web.env.EnvironmentLoader: Servlet Context config param for the resource path to use for configuring the WebEnvironment instance: shiroConfigLocations
CONFIG_PATH_INIT_PARAM_NAME - Static variable in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.
configure() - Method in class org.apache.shiro.web.env.IniWebEnvironment
configure() - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.
contains(Object) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
containsAll(Collection<?>) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
contextDestroyed(ServletContextEvent) - Method in class org.apache.shiro.web.env.EnvironmentLoaderListener: Destroys any previously created/bound WebEnvironment instance created by the EnvironmentLoaderListener.contextInitialized(javax.servlet.ServletContextEvent) method.
contextInitialized(ServletContextEvent) - Method in class org.apache.shiro.web.env.EnvironmentLoaderListener: Initializes the Shiro WebEnvironment and binds it to the ServletContext at application startup for future reference.
convertConfigToIni(String) - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.
convertPathToIni(String) - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.

Converts the specified file path to an Ini instance.
Cookie - Interface in org.apache.shiro.web.servlet: Interface representing HTTP cookie operations, supporting pojo-style getters and setters for all attributes which includes HttpOnly support.
COOKIE_DATE_FORMAT_STRING - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
COOKIE_HEADER_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
COOKIE_SESSION_ID_SOURCE - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
Cookie.SameSiteOptions - Enum in org.apache.shiro.web.servlet: The SameSite attribute of the Set-Cookie HTTP response header allows you to declare if your cookie should be restricted to a first-party or same-site context.
CookieRememberMeManager - Class in org.apache.shiro.web.mgt: Remembers a Subject's identity by saving the Subject's principals to a Cookie for later retrieval.
CookieRememberMeManager() - Constructor for class org.apache.shiro.web.mgt.CookieRememberMeManager: Constructs a new CookieRememberMeManager with a default rememberMe cookie template.
copy(SubjectContext) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
createBearerToken(String, ServletRequest) - Method in class org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter
createChain(String, String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
createChain(String, String) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager: Creates a filter chain for the given chainName with the specified chainDefinition String.
createChains(Map<String, String>, FilterChainManager) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
createDefaultChain(String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
createDefaultChain(String) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager: Creates a chain that should match any non-matched request paths, typically /** assuming an AntPathMatcher I used.
createDefaultInstance() - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
createDefaultInstance() - Method in class org.apache.shiro.web.config.WebIniSecurityManagerFactory: Deprecated.

Simply returns new DefaultWebSecurityManager(); to ensure a web-capable SecurityManager is available by default.
createDefaults(Ini, Ini.Section) - Method in class org.apache.shiro.web.config.WebIniSecurityManagerFactory: Deprecated.
createDefaultSecurityManager() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
createEnvironment(ServletContext) - Method in class org.apache.shiro.web.env.EnvironmentLoader: Instantiates a WebEnvironment based on the specified ServletContext.
createExposedSession(Session, SessionContext) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
createExposedSession(Session, SessionKey) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
createFilterChainResolver() - Method in class org.apache.shiro.web.env.IniWebEnvironment
createIni(String, boolean) - Method in class org.apache.shiro.web.env.IniWebEnvironment: Creates an Ini instance reflecting the specified path, or null if the path does not exist and is not required.
createInstance(Ini) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
createInstanceMap(FilterConfig) - Static method in enum org.apache.shiro.web.filter.mgt.DefaultFilter
createSession(HttpSession, String) - Method in class org.apache.shiro.web.session.mgt.ServletContainerSessionManager
createSession(SessionContext) - Method in class org.apache.shiro.web.session.mgt.ServletContainerSessionManager
createSessionContext() - Method in class org.apache.shiro.web.subject.support.WebDelegatingSubject
createSessionContext(SubjectContext) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
createSessionManager(String) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
createSubject(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter: Creates a WebSubject instance to associate with the incoming request/response pair which will be used throughout the request/response execution.
createSubject(SubjectContext) - Method in class org.apache.shiro.web.mgt.DefaultWebSubjectFactory
createSubjectContext() - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
createToken(String, String, boolean, String) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
createToken(String, String, ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
createToken(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
createToken(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter: Creates an AuthenticationToken for use during login attempt with the provided credentials in the http header.
createToken(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter: Creates an AuthenticationToken for use during login attempt with the provided credentials in the http header.
createToken(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
createWebSecurityManager() - Method in class org.apache.shiro.web.env.IniWebEnvironment
currentRequest - Variable in class org.apache.shiro.web.servlet.ShiroHttpSession
customizeEnvironment(WebEnvironment) - Method in class org.apache.shiro.web.env.EnvironmentLoader: Any additional customization of the Environment can be by overriding this method.

D

DAY_MILLIS - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
decodeRequestString(HttpServletRequest, String) - Static method in class org.apache.shiro.web.util.WebUtils: Decode the given source string with a URLDecoder.
DEFAULT_CHARACTER_ENCODING - Static variable in class org.apache.shiro.web.util.WebUtils: Default character encoding to use when request.getCharacterEncoding returns null, according to the Servlet spec.
DEFAULT_ENABLED - Static variable in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
DEFAULT_ENCODING_SCHEME - Static variable in class org.apache.shiro.web.util.RedirectView: The default encoding scheme: UTF-8
DEFAULT_ERROR_KEY_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
DEFAULT_HTTP_PORT - Static variable in class org.apache.shiro.web.filter.authz.PortFilter
DEFAULT_HTTPS_PORT - Static variable in class org.apache.shiro.web.filter.authz.SslFilter
DEFAULT_INCLUDE_SUB_DOMAINS - Static variable in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
DEFAULT_LOGIN_URL - Static variable in class org.apache.shiro.web.filter.AccessControlFilter: Simple default login URL equal to /login.jsp, which can be overridden by calling the setLoginUrl method.
DEFAULT_MAX_AGE - Static variable in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
DEFAULT_MAX_AGE - Static variable in class org.apache.shiro.web.servlet.SimpleCookie: -1, indicating the cookie should expire when the browser closes.
DEFAULT_PASSWORD_PARAM - Static variable in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
DEFAULT_REDIRECT_URL - Static variable in class org.apache.shiro.web.filter.authc.LogoutFilter: The default redirect URL to where the user will be redirected after logout.
DEFAULT_REMEMBER_ME_COOKIE_NAME - Static variable in class org.apache.shiro.web.mgt.CookieRememberMeManager: The default name of the underlying rememberMe cookie which is rememberMe.
DEFAULT_REMEMBER_ME_PARAM - Static variable in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
DEFAULT_SESSION_ID_NAME - Static variable in class org.apache.shiro.web.servlet.ShiroHttpSession
DEFAULT_SUCCESS_URL - Static variable in class org.apache.shiro.web.filter.authc.AuthenticationFilter
DEFAULT_USERNAME_PARAM - Static variable in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
DEFAULT_VERSION - Static variable in class org.apache.shiro.web.servlet.SimpleCookie: -1 indicating that no version property should be set on the cookie.
DEFAULT_WEB_INI_RESOURCE_PATH - Static variable in class org.apache.shiro.web.env.IniWebEnvironment
DEFAULT_WEB_INI_RESOURCE_PATH - Static variable in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.
DefaultFilter - Enum in org.apache.shiro.web.filter.mgt: Enum representing all of the default Shiro Filter instances available to web applications.
DefaultFilterChainManager - Class in org.apache.shiro.web.filter.mgt: Default FilterChainManager implementation maintaining a map of Filter instances (key: filter name, value: Filter) as well as a map of NamedFilterLists created from these Filters (key: filter chain name, value: NamedFilterList).
DefaultFilterChainManager() - Constructor for class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
DefaultFilterChainManager(FilterConfig) - Constructor for class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
DefaultWebEnvironment - Class in org.apache.shiro.web.env: Default WebEnvironment implementation based on a backing Map instance.
DefaultWebEnvironment() - Constructor for class org.apache.shiro.web.env.DefaultWebEnvironment
DefaultWebSecurityManager - Class in org.apache.shiro.web.mgt: Default WebSecurityManager implementation used in web-based applications or any application that requires HTTP connectivity (SOAP, http remoting, etc).
DefaultWebSecurityManager() - Constructor for class org.apache.shiro.web.mgt.DefaultWebSecurityManager
DefaultWebSecurityManager(Collection<Realm>) - Constructor for class org.apache.shiro.web.mgt.DefaultWebSecurityManager
DefaultWebSecurityManager(Realm) - Constructor for class org.apache.shiro.web.mgt.DefaultWebSecurityManager
DefaultWebSessionContext - Class in org.apache.shiro.web.session.mgt: Default implementation of the WebSessionContext interface which provides getters and setters that wrap interaction with the underlying backing context map.
DefaultWebSessionContext() - Constructor for class org.apache.shiro.web.session.mgt.DefaultWebSessionContext
DefaultWebSessionContext(Map<String, Object>) - Constructor for class org.apache.shiro.web.session.mgt.DefaultWebSessionContext
DefaultWebSessionManager - Class in org.apache.shiro.web.session.mgt: Web-application capable SessionManager implementation.
DefaultWebSessionManager() - Constructor for class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
DefaultWebSessionStorageEvaluator - Class in org.apache.shiro.web.mgt: A web-specific SessionStorageEvaluator that performs the same logic as the parent class DefaultSessionStorageEvaluator but additionally checks for a request-specific flag that may enable or disable session access.
DefaultWebSessionStorageEvaluator() - Constructor for class org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator
DefaultWebSubjectContext - Class in org.apache.shiro.web.subject.support: Default WebSubjectContext implementation that provides for additional storage and retrieval of a ServletRequest and ServletResponse.
DefaultWebSubjectContext() - Constructor for class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
DefaultWebSubjectContext(WebSubjectContext) - Constructor for class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
DefaultWebSubjectFactory - Class in org.apache.shiro.web.mgt: A SubjectFactory implementation that creates WebDelegatingSubject instances.
DefaultWebSubjectFactory() - Constructor for class org.apache.shiro.web.mgt.DefaultWebSubjectFactory
DELETED_COOKIE_VALUE - Static variable in interface org.apache.shiro.web.servlet.Cookie: The value of deleted cookie (with the maxAge 0).
destroy() - Method in class org.apache.shiro.web.servlet.AbstractFilter: Default no-op implementation that can be overridden by subclasses for custom cleanup behavior.
destroyEnvironment(ServletContext) - Method in class org.apache.shiro.web.env.EnvironmentLoader: Destroys the WebEnvironment for the given servlet context.
determineEncoding(HttpServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils: Determine the encoding for the given request.
determineWebEnvironment(ServletContext) - Method in class org.apache.shiro.web.env.EnvironmentLoader: Return the WebEnvironment implementation class to use, based on the order of: A custom WebEnvironment class - specified in the servletContext EnvironmentLoader.ENVIRONMENT_ATTRIBUTE_KEY property ServiceLoader.load(WebEnvironment.class) - (if more then one instance is found a ConfigurationException will be thrown A call to EnvironmentLoader.getDefaultWebEnvironmentClass() (default: IniWebEnvironment)
determineWebEnvironmentClass(ServletContext) - Method in class org.apache.shiro.web.env.EnvironmentLoader: Deprecated.
This method is not longer used by Shiro, and will be removed in future versions, use EnvironmentLoader.determineWebEnvironment(ServletContext) or EnvironmentLoader.determineWebEnvironment(ServletContext)
doFilter(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.servlet.ProxiedFilterChain
doFilter(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter: This doFilter implementation stores a request attribute for "already filtered", proceeding without filtering again if the attribute is already there.
doFilterInternal(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter: doFilterInternal implementation that sets-up, executes, and cleans-up a Shiro-filtered request.
doFilterInternal(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AdviceFilter: Actually implements the chain execution logic, utilizing pre, post, and after advice hooks.
doFilterInternal(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter: Same contract as for OncePerRequestFilter.doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain), but guaranteed to be invoked only once per request.
DOMAIN_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
doStartTag() - Method in class org.apache.shiro.web.tags.SecureTag

E

encodeRedirectUrl(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
encodeRedirectURL(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse: Encode the session identifier associated with this response into the specified redirect URL, if necessary.
encodeUrl(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
encodeURL(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse: Encode the session identifier associated with this response into the specified URL, if necessary.
ensureChain(String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
ENVIRONMENT_ATTRIBUTE_KEY - Static variable in class org.apache.shiro.web.env.EnvironmentLoader
ENVIRONMENT_CLASS_PARAM - Static variable in class org.apache.shiro.web.env.EnvironmentLoader: Servlet Context config param for specifying the WebEnvironment implementation class to use: shiroEnvironmentClass
EnvironmentLoader - Class in org.apache.shiro.web.env: An EnvironmentLoader is responsible for loading a web application's Shiro WebEnvironment (which includes the web app's WebSecurityManager) into the ServletContext at application startup.
EnvironmentLoader() - Constructor for class org.apache.shiro.web.env.EnvironmentLoader
EnvironmentLoaderListener - Class in org.apache.shiro.web.env: Bootstrap listener to startup and shutdown the web application's Shiro WebEnvironment at ServletContext startup and shutdown respectively.
EnvironmentLoaderListener() - Constructor for class org.apache.shiro.web.env.EnvironmentLoaderListener
executeChain(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter: Executes a FilterChain for the given request.
executeChain(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AdviceFilter: Actually executes the specified filter chain by calling chain.doFilter(request,response);.
executeLogin(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
EXPIRES_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie

F

FILTER_CHAIN_RESOLVER_NAME - Static variable in class org.apache.shiro.web.env.IniWebEnvironment
FilterChainManager - Interface in org.apache.shiro.web.filter.mgt: A FilterChainManager manages the creation and modification of Filter chains from an available pool of Filter instances.
FilterChainResolver - Interface in org.apache.shiro.web.filter.mgt: A FilterChainResolver can resolve an appropriate FilterChain to execute during a ServletRequest.
filterConfig - Variable in class org.apache.shiro.web.servlet.AbstractFilter: FilterConfig provided by the Servlet container at start-up.
FILTERS - Static variable in class org.apache.shiro.web.config.IniFilterChainResolverFactory
finalizeEnvironment(WebEnvironment) - Method in class org.apache.shiro.web.env.EnvironmentLoader: Any additional cleanup of the Environment can be done by overriding this method.
forgetIdentity(Subject) - Method in class org.apache.shiro.web.mgt.CookieRememberMeManager: Removes the 'rememberMe' cookie from the associated WebSubject's request/response pair.
forgetIdentity(SubjectContext) - Method in class org.apache.shiro.web.mgt.CookieRememberMeManager: Removes the 'rememberMe' cookie from the associated WebSubjectContext's request/response pair.
FormAuthenticationFilter - Class in org.apache.shiro.web.filter.authc: Requires the requesting user to be authenticated for the request to continue, and if they are not, forces the user to login via by redirecting them to the loginUrl you configure.
FormAuthenticationFilter() - Constructor for class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
FORWARD_CONTEXT_PATH_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
FORWARD_PATH_INFO_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
FORWARD_QUERY_STRING_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
FORWARD_REQUEST_URI_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils: Standard Servlet 2.4+ spec request attributes for forward URI and paths.
FORWARD_SERVLET_PATH_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils

G

get(int) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
GET_METHOD - Static variable in class org.apache.shiro.web.filter.AccessControlFilter: Constant representing the HTTP 'GET' request method, equal to GET.
getAlreadyFilteredAttributeName() - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter: Return name of the request attribute that identifies that a request has already been filtered.
getAndClearSavedRequest(ServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils
getAttribute(Object) - Method in class org.apache.shiro.web.session.HttpServletSession
getAttribute(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
getAttributeKeys() - Method in class org.apache.shiro.web.session.HttpServletSession
getAttributeNames() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
getChain(String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
getChain(String) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager: Returns the filter chain identified by the specified chainName or null if there is no chain with that name.
getChain(ServletRequest, ServletResponse, FilterChain) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainResolver: Returns the filter chain that should be executed for the given request, or null if the original chain should be used.
getChain(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
getChainNames() - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
getChainNames() - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager: Returns the names of all configured chains or an empty Set if no chains have been configured.
getCleanParam(ServletRequest, String) - Static method in class org.apache.shiro.web.util.WebUtils: Convenience method that returns a request parameter value, first running it through StringUtils.clean(String).
getComment() - Method in interface org.apache.shiro.web.servlet.Cookie
getComment() - Method in class org.apache.shiro.web.servlet.SimpleCookie
getConfig() - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.

Returns the actual INI configuration text to use to build the SecurityManager and FilterChainResolver used by the web application or null if the configPath should be used to load a fallback INI source.
getConfigLocations() - Method in class org.apache.shiro.web.env.ResourceBasedWebEnvironment
getConfigPath() - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.

Returns the config path to be used to load a .ini file for configuration if a configuration is not specified via the config attribute.
getContext() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
getContextAttribute(String) - Method in class org.apache.shiro.web.servlet.ServletContextSupport
getContextInitParam(String) - Method in class org.apache.shiro.web.servlet.ServletContextSupport
getContextPath(HttpServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils: Return the context path for the given request, detecting an include request URL if called within a RequestDispatcher include.
getCookie() - Method in class org.apache.shiro.web.mgt.CookieRememberMeManager: Returns the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.
getCreationTime() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
getDefaultConfigLocations() - Method in class org.apache.shiro.web.env.IniWebEnvironment: Returns an array with two elements, /WEB-INF/shiro.ini and classpath:shiro.ini.
getDefaultIni() - Method in class org.apache.shiro.web.env.IniWebEnvironment
getDefaults() - Method in class org.apache.shiro.web.env.IniWebEnvironment
getDefaultValue() - Method in class org.apache.shiro.web.tags.PrincipalTag
getDefaultWebEnvironmentClass() - Method in class org.apache.shiro.web.env.EnvironmentLoader: Returns the default WebEnvironment class, which is unless overridden: IniWebEnvironment.
getDomain() - Method in interface org.apache.shiro.web.servlet.Cookie
getDomain() - Method in class org.apache.shiro.web.servlet.SimpleCookie
getExecutionChain(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter: Returns the FilterChain to execute for the given request.
getFailureKeyAttribute() - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
getFilter(String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
getFilterChainManager() - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
getFilterChainResolver() - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
getFilterChainResolver() - Method in interface org.apache.shiro.web.env.WebEnvironment: Returns the web application's FilterChainResolver if one has been configured or null if one is not available.
getFilterChainResolver() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
getFilterChains() - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
getFilterClass() - Method in enum org.apache.shiro.web.filter.mgt.DefaultFilter
getFilterConfig() - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
getFilterConfig() - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager: Returns the FilterConfig provided by the Servlet container at webapp startup.
getFilterConfig() - Method in class org.apache.shiro.web.servlet.AbstractFilter: Returns the servlet container specified FilterConfig instance provided at startup.
getFilters() - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
getFilters() - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager: Returns the pool of available Filters managed by this manager, keyed by name.
getFilters(Map<String, String>, Map<String, ?>) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
getFrameworkIni() - Method in class org.apache.shiro.web.env.IniWebEnvironment: Extension point to allow subclasses to provide an Ini configuration that will be merged into the users configuration.
getGlobalFilters() - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
getHost() - Method in class org.apache.shiro.web.session.HttpServletSession
getHost(ServletRequest) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter: Returns the host name or IP associated with the current subject.
getHsts() - Method in class org.apache.shiro.web.filter.authz.SslFilter
getHttpMethodAction(String) - Method in class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter: Determines the corresponding application action that will be performed on the filtered resource based on the specified HTTP method (GET, POST, etc).
getHttpMethodAction(ServletRequest) - Method in class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter: Determines the action (verb) attempting to be performed on the filtered resource by the current request.
getHttpMethodActions() - Method in class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter: Returns the HTTP Method name (key) to action verb (value) mapping used to resolve actions based on an incoming HttpServletRequest.
getHttpRequest(Object) - Static method in class org.apache.shiro.web.util.WebUtils
getHttpResponse(Object) - Static method in class org.apache.shiro.web.util.WebUtils
getId() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
getId() - Method in class org.apache.shiro.web.session.HttpServletSession
getIni() - Method in class org.apache.shiro.web.env.IniWebEnvironment: Returns the Ini instance reflecting this WebEnvironment's configuration.
getInitParam(String) - Method in class org.apache.shiro.web.servlet.AbstractFilter: Returns the value for the named init-param, or null if there was no init-param specified by that name.
getKeyNames() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
getLastAccessedTime() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
getLastAccessTime() - Method in class org.apache.shiro.web.session.HttpServletSession
getLoginUrl() - Method in class org.apache.shiro.web.filter.AccessControlFilter: Returns the login URL used to authenticate a user.
getMaxAge() - Method in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
getMaxAge() - Method in interface org.apache.shiro.web.servlet.Cookie
getMaxAge() - Method in class org.apache.shiro.web.servlet.SimpleCookie
getMaxInactiveInterval() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
getMethod() - Method in class org.apache.shiro.web.util.SavedRequest
getName() - Method in interface org.apache.shiro.web.filter.mgt.NamedFilterList: Returns the configuration-unique name assigned to this Filter list.
getName() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
getName() - Method in interface org.apache.shiro.web.servlet.Cookie
getName() - Method in class org.apache.shiro.web.servlet.NameableFilter: Returns the filter's name.
getName() - Method in class org.apache.shiro.web.servlet.SimpleCookie
getName() - Method in class org.apache.shiro.web.tags.PermissionTag
getName() - Method in class org.apache.shiro.web.tags.RoleTag
getPassword(ServletRequest) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
getPasswordParam() - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
getPath() - Method in interface org.apache.shiro.web.servlet.Cookie
getPath() - Method in class org.apache.shiro.web.servlet.SimpleCookie
getPathMatcher() - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver: Returns the PatternMatcher used when determining if an incoming request's path matches a configured filter chain.
getPathWithinApplication(HttpServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils: Return the path within the web application for the given request.
getPathWithinApplication(ServletRequest) - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver: Merely returns WebUtils.getPathWithinApplication(request) and can be overridden by subclasses for custom request-to-application-path resolution behavior.
getPathWithinApplication(ServletRequest) - Method in class org.apache.shiro.web.filter.PathMatchingFilter: Returns the context path within the application based on the specified request.
getPort() - Method in class org.apache.shiro.web.filter.authz.PortFilter
getPrincipalsAndCredentials(String, String) - Method in class org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter: Returns the username and password pair based on the specified encoded String obtained from the request's authorization header.
getPrincipalsAndCredentials(String, String) - Method in class org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter
getProperty() - Method in class org.apache.shiro.web.tags.PrincipalTag
getQueryString() - Method in class org.apache.shiro.web.util.SavedRequest
getRedirectUrl() - Method in class org.apache.shiro.web.filter.authc.LogoutFilter: Returns the URL to where the user will be redirected after logout.
getRedirectUrl(ServletRequest, ServletResponse, Subject) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter: Returns the redirect URL to send the user after logout.
getRememberedSerializedIdentity(SubjectContext) - Method in class org.apache.shiro.web.mgt.CookieRememberMeManager: Returns a previously serialized identity byte array or null if the byte array could not be acquired.
getRememberMeParam() - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
getRemoteUser() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
getRequest() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
getRequest(Object) - Static method in class org.apache.shiro.web.util.WebUtils
getRequestedSessionId() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
getRequestUri(HttpServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils: Deprecated.
use getPathWithinApplication() to get the path minus the context path, or call HttpServletRequest.getRequestURI() directly from your code.
getRequestURI() - Method in class org.apache.shiro.web.util.SavedRequest
getRequestUrl() - Method in class org.apache.shiro.web.util.SavedRequest
getRequiredWebEnvironment(ServletContext) - Static method in class org.apache.shiro.web.util.WebUtils: Find the Shiro WebEnvironment for this web application, which is typically loaded via the EnvironmentLoaderListener.
getResponse(Object) - Static method in class org.apache.shiro.web.util.WebUtils
getSameSite() - Method in interface org.apache.shiro.web.servlet.Cookie
getSameSite() - Method in class org.apache.shiro.web.servlet.SimpleCookie
getSavedRequest(ServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils
getScheme(String, int) - Method in class org.apache.shiro.web.filter.authz.PortFilter
getScheme(String, int) - Method in class org.apache.shiro.web.filter.authz.SslFilter
getSecurityManager() - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
getSecurityManager() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
getSecurityManagerFactory() - Method in class org.apache.shiro.web.env.IniWebEnvironment: Returns the SecurityManager factory used by this WebEnvironment.
getServletContext() - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
getServletContext() - Method in interface org.apache.shiro.web.env.WebEnvironment: Returns the ServletContext associated with this WebEnvironment instance.
getServletContext() - Method in class org.apache.shiro.web.servlet.ServletContextSupport
getServletContext() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
getServletContextIniResource(String) - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.

Returns the INI instance reflecting the specified servlet context resource path or null if no resource was found.
getServletRequest() - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionContext
getServletRequest() - Method in interface org.apache.shiro.web.session.mgt.WebSessionContext: Returns the ServletRequest received by the servlet container triggering the creation of the Session instance.
getServletRequest() - Method in class org.apache.shiro.web.session.mgt.WebSessionKey
getServletRequest() - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
getServletRequest() - Method in class org.apache.shiro.web.subject.support.WebDelegatingSubject
getServletRequest() - Method in interface org.apache.shiro.web.subject.WebSubject: Returns the ServletRequest accessible when the Subject instance was created.
getServletRequest() - Method in interface org.apache.shiro.web.subject.WebSubjectContext: Returns the ServletRequest received by the servlet container triggering the creation of the Subject instance.
getServletRequest() - Method in interface org.apache.shiro.web.util.RequestPairSource: Returns the incoming ServletRequest associated with the component.
getServletResponse() - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionContext
getServletResponse() - Method in interface org.apache.shiro.web.session.mgt.WebSessionContext: The paired ServletResponse corresponding to the associated servletRequest.
getServletResponse() - Method in class org.apache.shiro.web.session.mgt.WebSessionKey
getServletResponse() - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
getServletResponse() - Method in class org.apache.shiro.web.subject.support.WebDelegatingSubject
getServletResponse() - Method in interface org.apache.shiro.web.subject.WebSubject: Returns the ServletResponse accessible when the Subject instance was created.
getServletResponse() - Method in interface org.apache.shiro.web.subject.WebSubjectContext: The paired ServletResponse corresponding to the associated servletRequest.
getServletResponse() - Method in interface org.apache.shiro.web.util.RequestPairSource: Returns the outgoing ServletResponse paired with the incoming servletRequest.
getSession() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
getSession() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
getSession(boolean) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
getSession(SessionKey) - Method in class org.apache.shiro.web.session.mgt.ServletContainerSessionManager
getSessionContext() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
getSessionId(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
getSessionId(SessionKey) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
getSessionIdCookie() - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
getSessionKey(SubjectContext) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
getSessionMode() - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager: Deprecated.
getSpecifiedIni(String[]) - Method in class org.apache.shiro.web.env.IniWebEnvironment
getStartTimestamp() - Method in class org.apache.shiro.web.session.HttpServletSession
getSubject() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
getSubject() - Method in class org.apache.shiro.web.tags.SecureTag
getSubject(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.AccessControlFilter: Convenience method that acquires the Subject associated with the request.
getSubject(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter: Returns the currently executing Subject.
getSubjectPrincipal() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
getSuccessUrl() - Method in class org.apache.shiro.web.filter.authc.AuthenticationFilter: Returns the success url to use as the default location a user is sent after logging in.
getTimeout() - Method in class org.apache.shiro.web.session.HttpServletSession
getType() - Method in class org.apache.shiro.web.tags.PrincipalTag
getUnauthorizedUrl() - Method in class org.apache.shiro.web.filter.authz.AuthorizationFilter: Returns the URL to which users should be redirected if they are denied access to an underlying path or resource, or null if a raw HttpServletResponse.SC_UNAUTHORIZED response should be issued (401 Unauthorized).
getUrl() - Method in class org.apache.shiro.web.util.RedirectView
getUsername(ServletRequest) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
getUsernameParam() - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
getUserPrincipal() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
getValue() - Method in interface org.apache.shiro.web.servlet.Cookie
getValue() - Method in class org.apache.shiro.web.servlet.SimpleCookie
getValue(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
getValueNames() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
getVersion() - Method in interface org.apache.shiro.web.servlet.Cookie
getVersion() - Method in class org.apache.shiro.web.servlet.SimpleCookie
getWebEnvironment(ServletContext) - Static method in class org.apache.shiro.web.util.WebUtils: Find the Shiro WebEnvironment for this web application, which is typically loaded via EnvironmentLoaderListener.
getWebEnvironment(ServletContext, String) - Static method in class org.apache.shiro.web.util.WebUtils: Find the Shiro WebEnvironment for this web application.
getWebSecurityManager() - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
getWebSecurityManager() - Method in interface org.apache.shiro.web.env.WebEnvironment: Returns the web application's security manager instance.
GMT_TIME_ZONE_ID - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
GuestTag - Class in org.apache.shiro.web.tags: JSP tag that renders the tag body if the current user is not known to the system, either because they haven't logged in yet, or because they have no 'RememberMe' identity.
GuestTag() - Constructor for class org.apache.shiro.web.tags.GuestTag

H

HasAnyRolesTag - Class in org.apache.shiro.web.tags: Displays body content if the current user has any of the roles specified.
HasAnyRolesTag() - Constructor for class org.apache.shiro.web.tags.HasAnyRolesTag
hasChains() - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
hasChains() - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager: Returns true if one or more configured chains are available, false if none are configured.
HasPermissionTag - Class in org.apache.shiro.web.tags
HasPermissionTag() - Constructor for class org.apache.shiro.web.tags.HasPermissionTag
HasRoleTag - Class in org.apache.shiro.web.tags
HasRoleTag() - Constructor for class org.apache.shiro.web.tags.HasRoleTag
HostFilter - Class in org.apache.shiro.web.filter.authz: A Filter that can allow or deny access based on the host that sent the request.
HostFilter() - Constructor for class org.apache.shiro.web.filter.authz.HostFilter
HSTS() - Constructor for class org.apache.shiro.web.filter.authz.SslFilter.HSTS
HTTP_HEADER - Static variable in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
HTTP_ONLY_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
HTTP_SCHEME - Static variable in class org.apache.shiro.web.filter.authz.PortFilter
HTTP_SESSION_MODE - Static variable in class org.apache.shiro.web.mgt.DefaultWebSecurityManager: Deprecated.
HttpMethodPermissionFilter - Class in org.apache.shiro.web.filter.authz: A filter that translates an HTTP Request's Method (eg GET, POST, etc) into an corresponding action (verb) and uses that verb to construct a permission that will be checked to determine access.
HttpMethodPermissionFilter() - Constructor for class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter: Creates the filter instance with default method-to-action values in the instance's http method actions map.
HTTPS_SCHEME - Static variable in class org.apache.shiro.web.filter.authz.SslFilter
HttpServletSession - Class in org.apache.shiro.web.session: Session implementation that is backed entirely by a standard servlet container HttpSession instance.
HttpServletSession(HttpSession, String) - Constructor for class org.apache.shiro.web.session.HttpServletSession
httpSessions - Variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest

I

IDENTITY_REMOVED_KEY - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
INCLUDE_CONTEXT_PATH_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
INCLUDE_PATH_INFO_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
INCLUDE_QUERY_STRING_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
INCLUDE_REQUEST_URI_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils: Standard Servlet 2.3+ spec request attributes for include URI and paths.
INCLUDE_SERVLET_PATH_ATTRIBUTE - Static variable in class org.apache.shiro.web.util.WebUtils
indexOf(Object) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
IniFilterChainResolverFactory - Class in org.apache.shiro.web.config: A Factory that creates FilterChainResolver instances based on Ini configuration.
IniFilterChainResolverFactory() - Constructor for class org.apache.shiro.web.config.IniFilterChainResolverFactory
IniFilterChainResolverFactory(Ini) - Constructor for class org.apache.shiro.web.config.IniFilterChainResolverFactory
IniFilterChainResolverFactory(Ini, Map<String, ?>) - Constructor for class org.apache.shiro.web.config.IniFilterChainResolverFactory
IniShiroFilter - Class in org.apache.shiro.web.servlet: Deprecated.
in 1.2 in favor of using the ShiroFilter
IniShiroFilter() - Constructor for class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.
init() - Method in class org.apache.shiro.web.env.IniWebEnvironment: Initializes this instance by resolving any potential (explicit or resource-configured) Ini configuration and calling configure for actual instance configuration.
init() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
init() - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.
init() - Method in class org.apache.shiro.web.servlet.ShiroFilter: Configures this instance based on the existing WebEnvironment instance available to the currently accessible servletContext.
init(FilterConfig) - Method in class org.apache.shiro.web.servlet.AbstractFilter: Sets the filter's filterConfig and then immediately calls onFilterConfigSet() to trigger any processing a subclass might wish to perform.
initEnvironment(ServletContext) - Method in class org.apache.shiro.web.env.EnvironmentLoader: Initializes Shiro's WebEnvironment instance for the specified ServletContext based on the EnvironmentLoader.CONFIG_LOCATIONS_PARAM value.
initFilter(Filter) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager: Initializes the filter by calling filter.init( getFilterConfig() );.
IniWebEnvironment - Class in org.apache.shiro.web.env: WebEnvironment implementation configured by an Ini instance or Ini resource locations.
IniWebEnvironment() - Constructor for class org.apache.shiro.web.env.IniWebEnvironment
invalidate() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
invalidRequest - org.apache.shiro.web.filter.mgt.DefaultFilter
InvalidRequestFilter - Class in org.apache.shiro.web.filter: A request filter that blocks malicious requests.
InvalidRequestFilter() - Constructor for class org.apache.shiro.web.filter.InvalidRequestFilter
IPV4_PATTERN - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
IPV4_QUAD_REGEX - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
IPV4_REGEX - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.AccessControlFilter: Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response,mappedValue) method instead.
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter: Determines whether the current subject should be allowed to make the current request.
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authc.AuthenticationFilter: Determines whether the current subject is authenticated.
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authc.UserFilter: Returns true if the request is a loginRequest or if the current subject is not null, false otherwise.
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.HostFilter
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter: Resolves an 'application friendly' action verb based on the HttpServletRequest's method, appends that action to each configured permission (the mappedValue argument is a String[] array), and delegates the permission check for the newly constructed permission(s) to the superclass isAccessAllowed implementation to perform the actual permission check.
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.PortFilter
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.SslFilter: Retains the parent method's port-matching behavior but additionally guarantees that the ServletRequest.isSecure().
isAccessAllowed(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
isBlockBackslash() - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
isBlockNonAscii() - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
isBlockSemicolon() - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
isEmpty() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
isEnabled() - Method in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
isEnabled() - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter: Returns true if this filter should generally* execute for any request, false if it should let the request/response pass through immediately to the next element in the FilterChain.
isEnabled(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter: Returns true if this filter should filter the specified request, false if it should let the request/response pass through immediately to the next element in the FilterChain.
isEnabled(ServletRequest, ServletResponse, String, Object) - Method in class org.apache.shiro.web.filter.PathMatchingFilter: Path-matching version of the parent class's OncePerRequestFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse) method, but additionally allows for inspection of any path-specific configuration values corresponding to the specified request.
isEncodeable(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse: Return true if the specified URL should be encoded with a session identifier.
isHttp(Object) - Static method in class org.apache.shiro.web.util.WebUtils
isHttpOnly() - Method in interface org.apache.shiro.web.servlet.Cookie
isHttpOnly() - Method in class org.apache.shiro.web.servlet.SimpleCookie
isHttpSessionMode() - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
isHttpSessionMode() - Method in interface org.apache.shiro.web.mgt.WebSecurityManager: Security information needs to be retained from request to request, so Shiro makes use of a session for this.
isHttpSessions() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
isHttpSessions() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
isIncludeSubDomains() - Method in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
isIpv4Candidate(String) - Method in class org.apache.shiro.web.filter.authz.HostFilter
isLoginRequest(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.AccessControlFilter: Returns true if the incoming request is a login request, false otherwise.
isLoginSubmission(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter: This default implementation merely returns true if the request is an HTTP POST, false otherwise.
isNew() - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
isPermissive(Object) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter: Returns true if the mappedValue contains the AuthenticatingFilter.PERMISSIVE qualifier.
isPermitted(String) - Method in class org.apache.shiro.web.tags.PermissionTag
isPostOnlyLogout() - Method in class org.apache.shiro.web.filter.authc.LogoutFilter: Due to browser pre-fetching, using a GET requests for logout my cause a user to be logged accidentally, for example: out while typing in an address bar.
isRememberMe(ServletRequest) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter: Returns true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.
isRememberMe(ServletRequest) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
isRequestedSessionIdFromCookie() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
isRequestedSessionIdFromUrl() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
isRequestedSessionIdFromURL() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
isRequestedSessionIdValid() - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
isSchemeChar(char) - Static method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse: Determine if the character is allowed in the scheme of a URI.
isSecure() - Method in interface org.apache.shiro.web.servlet.Cookie
isSecure() - Method in class org.apache.shiro.web.servlet.SimpleCookie
isServletContainerSessions() - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager: This is a native session manager implementation, so this method returns false always.
isServletContainerSessions() - Method in class org.apache.shiro.web.session.mgt.ServletContainerSessionManager: This implementation always delegates to the servlet container for sessions, so this method returns true always.
isServletContainerSessions() - Method in interface org.apache.shiro.web.session.mgt.WebSessionManager: Returns true if session management and storage is managed by the underlying Servlet container or false if managed by Shiro directly (called 'native' sessions).
isSessionCreationEnabled() - Method in class org.apache.shiro.web.subject.support.WebDelegatingSubject: Returns true if session creation is allowed (as determined by the super class's {@link super#isSessionCreationEnabled()} value and no request-specific override has disabled sessions for this subject, false otherwise.
isSessionIdCookieEnabled() - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
isSessionIdUrlRewritingEnabled() - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
isSessionStorageEnabled(Subject) - Method in class org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator: Returns true if session storage is generally available (as determined by the super class's global configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled() and no request-specific override has turned off session storage, false otherwise.
isStaticSecurityManagerEnabled() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter: Returns true if the constructed securityManager reference should be bound to static memory (via SecurityUtils.setSecurityManager), false otherwise.
issueRedirect(ServletRequest, ServletResponse, String) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter: Issues an HTTP redirect to the specified URL after subject logout.
issueRedirect(ServletRequest, ServletResponse, String) - Static method in class org.apache.shiro.web.util.WebUtils: Redirects the current request to a new URL based on the given parameters and default values for unspecified parameters.
issueRedirect(ServletRequest, ServletResponse, String, Map) - Static method in class org.apache.shiro.web.util.WebUtils: Redirects the current request to a new URL based on the given parameters and default values for unspecified parameters.
issueRedirect(ServletRequest, ServletResponse, String, Map, boolean) - Static method in class org.apache.shiro.web.util.WebUtils: Redirects the current request to a new URL based on the given parameters and default values for unspecified parameters.
issueRedirect(ServletRequest, ServletResponse, String, Map, boolean, boolean) - Static method in class org.apache.shiro.web.util.WebUtils: Redirects the current request to a new URL based on the given parameters.
issueSuccessRedirect(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.AuthenticationFilter: Redirects to user to the previously attempted URL after a successful login.
isTrue(ServletRequest, String) - Static method in class org.apache.shiro.web.util.WebUtils: Checks to see if a request param is considered true using a loose matching strategy for general values that indicate that something is true or enabled, etc.
isUserInRole(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
isWeb(Object) - Static method in class org.apache.shiro.web.util.WebUtils
iterator() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList

L

LacksPermissionTag - Class in org.apache.shiro.web.tags
LacksPermissionTag() - Constructor for class org.apache.shiro.web.tags.LacksPermissionTag
LacksRoleTag - Class in org.apache.shiro.web.tags
LacksRoleTag() - Constructor for class org.apache.shiro.web.tags.LacksRoleTag
lastIndexOf(Object) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
LAX - org.apache.shiro.web.servlet.Cookie.SameSiteOptions: Cookies are allowed to be sent with top-level navigations and will be sent along with GET requests initiated by third party website.
listIterator() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
listIterator(int) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
loadIniFromConfig() - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.
loadIniFromPath() - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.
logout - org.apache.shiro.web.filter.mgt.DefaultFilter
LogoutFilter - Class in org.apache.shiro.web.filter.authc: Simple Filter that, upon receiving a request, will immediately log-out the currently executing subject and then redirect them to a configured redirectUrl.
LogoutFilter() - Constructor for class org.apache.shiro.web.filter.authc.LogoutFilter

M

MAXAGE_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
mergeIni(Ini, Ini) - Method in class org.apache.shiro.web.env.IniWebEnvironment
MutableWebEnvironment - Interface in org.apache.shiro.web.env: A WebEnvironment that supports 'write' operations operations.

N

NAME_VALUE_DELIMITER - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
NameableFilter - Class in org.apache.shiro.web.servlet: Allows a filter to be named via JavaBeans-compatible NameableFilter.getName()/NameableFilter.setName(String) methods.
NameableFilter() - Constructor for class org.apache.shiro.web.servlet.NameableFilter
NamedFilterList - Interface in org.apache.shiro.web.filter.mgt: A NamedFilterList is a List of Filter instances that is uniquely identified by a name.
NATIVE_SESSION_MODE - Static variable in class org.apache.shiro.web.mgt.DefaultWebSecurityManager: Deprecated.
newInstance() - Method in enum org.apache.shiro.web.filter.mgt.DefaultFilter
newSubjectContextInstance() - Method in class org.apache.shiro.web.subject.WebSubject.Builder: Overrides the parent implementation to return a new instance of a DefaultWebSubjectContext to account for the additional request/response pair.
newSubjectInstance(PrincipalCollection, boolean, String, Session, ServletRequest, ServletResponse, SecurityManager) - Method in class org.apache.shiro.web.mgt.DefaultWebSubjectFactory: Deprecated.
since 1.2 - override DefaultWebSubjectFactory.createSubject(org.apache.shiro.subject.SubjectContext) directly if you need to instantiate a custom Subject class.
NONE - org.apache.shiro.web.servlet.Cookie.SameSiteOptions: Cookies will be sent in all contexts, i.e sending cross-origin is allowed.
normalize(String) - Static method in class org.apache.shiro.web.util.WebUtils: Normalize a relative URI path that may have relative values ("/./", "/../", and so on ) it it.
noSessionCreation - org.apache.shiro.web.filter.mgt.DefaultFilter
NoSessionCreationFilter - Class in org.apache.shiro.web.filter.session: A PathMatchingFilter that will disable creating new Sessions during the request.
NoSessionCreationFilter() - Constructor for class org.apache.shiro.web.filter.session.NoSessionCreationFilter
NotAuthenticatedTag - Class in org.apache.shiro.web.tags: JSP tag that renders the tag body only if the current user has not executed a successful authentication attempt during their current session.
NotAuthenticatedTag() - Constructor for class org.apache.shiro.web.tags.NotAuthenticatedTag

O

onAccessDenied(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.AccessControlFilter: Processes requests where the subject was denied access as determined by the isAccessAllowed method.
onAccessDenied(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
onAccessDenied(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
onAccessDenied(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.UserFilter: This default implementation simply calls saveRequestAndRedirectToLogin and then immediately returns false, thereby preventing the chain from continuing so the redirect may execute.
onAccessDenied(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authz.AuthorizationFilter: Handles the response when access has been denied.
onAccessDenied(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
onAccessDenied(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.AccessControlFilter: Processes requests where the subject was denied access as determined by the isAccessAllowed method, retaining the mappedValue that was used during configuration.
onAccessDenied(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authz.PortFilter: Redirects the request to the same exact incoming URL, but with the port listed in the filter's configuration.
OncePerRequestFilter - Class in org.apache.shiro.web.servlet: Filter base class that guarantees to be just executed once per request, on any servlet container.
OncePerRequestFilter() - Constructor for class org.apache.shiro.web.servlet.OncePerRequestFilter
onDoStartTag() - Method in class org.apache.shiro.web.tags.AuthenticatedTag
onDoStartTag() - Method in class org.apache.shiro.web.tags.GuestTag
onDoStartTag() - Method in class org.apache.shiro.web.tags.NotAuthenticatedTag
onDoStartTag() - Method in class org.apache.shiro.web.tags.PermissionTag
onDoStartTag() - Method in class org.apache.shiro.web.tags.PrincipalTag
onDoStartTag() - Method in class org.apache.shiro.web.tags.RoleTag
onDoStartTag() - Method in class org.apache.shiro.web.tags.SecureTag
onDoStartTag() - Method in class org.apache.shiro.web.tags.UserTag
ONE_YEAR - Static variable in interface org.apache.shiro.web.servlet.Cookie: The number of seconds in one year (= 60 * 60 * 24 * 365).
onExpiration(Session, ExpiredSessionException, SessionKey) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
onFilterConfigSet() - Method in class org.apache.shiro.web.servlet.AbstractFilter: Template method to be overridden by subclasses to perform initialization logic at start-up.
onFilterConfigSet() - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
onInvalidation(Session, InvalidSessionException, SessionKey) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
onLoginFailure(AuthenticationToken, AuthenticationException, ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
onLoginFailure(AuthenticationToken, AuthenticationException, ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
onLoginSuccess(AuthenticationToken, Subject, ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
onLoginSuccess(AuthenticationToken, Subject, ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
onLogoutRequestNotAPost(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter: This method is called when postOnlyLogout is true, and the request was NOT a POST.
onPreHandle(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.AccessControlFilter: Returns true if isAccessAllowed(Request,Response,Object), otherwise returns the result of onAccessDenied(Request,Response,Object).
onPreHandle(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.authc.AnonymousFilter: Always returns true allowing unchecked access to the underlying path or resource.
onPreHandle(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.PathMatchingFilter: This default implementation always returns true and should be overridden by subclasses for custom logic if necessary.
onPreHandle(ServletRequest, ServletResponse, Object) - Method in class org.apache.shiro.web.filter.session.NoSessionCreationFilter
onStart(Session, SessionContext) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager: Stores the Session's ID, usually as a Cookie, to associate with future requests.
onStop(Session, SessionKey) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
org.apache.shiro.web - package org.apache.shiro.web: Shiro's web support module to support security in any web-enabled application.
org.apache.shiro.web.config - package org.apache.shiro.web.config: Web-specific implementation extensions to the org.apache.shiro.config components.
org.apache.shiro.web.env - package org.apache.shiro.web.env: Web-specific Environment implementation and support.
org.apache.shiro.web.filter - package org.apache.shiro.web.filter: Base package supporting all Servlet Filter implementations used to control access to web pages and URL resources.
org.apache.shiro.web.filter.authc - package org.apache.shiro.web.filter.authc: Servlet Filter implementations specific to controlling access based on a subject's authentication status, or those that can execute authentications (log-ins) directly.
org.apache.shiro.web.filter.authz - package org.apache.shiro.web.filter.authz: Servlet Filter implementations that perform authorization (access control) checks based on the Subject's abilities (for example, role or permission checks).
org.apache.shiro.web.filter.mgt - package org.apache.shiro.web.filter.mgt: The filter 'mgt' (management) package contains components used in managing Filters that are available for filter chain construction, the filter chains themselves, as well as resolving filter chains based by name.
org.apache.shiro.web.filter.session - package org.apache.shiro.web.filter.session
org.apache.shiro.web.mgt - package org.apache.shiro.web.mgt: Components supporting web-specific SecurityManager implementations.
org.apache.shiro.web.servlet - package org.apache.shiro.web.servlet: Shiro-specific implementations of the Servlet API (Servlet Filters, et al).
org.apache.shiro.web.session - package org.apache.shiro.web.session: Components supporting Session management in web-enabled applications.
org.apache.shiro.web.session.mgt - package org.apache.shiro.web.session.mgt
org.apache.shiro.web.subject - package org.apache.shiro.web.subject: Web-specific Subject interfaces to enable Subject use in web environments.
org.apache.shiro.web.subject.support - package org.apache.shiro.web.subject.support: Supporting implementations of org.apache.shiro.web.subject package interfaces.
org.apache.shiro.web.tags - package org.apache.shiro.web.tags: Provides the Shiro JSP Tag Library implementations.
org.apache.shiro.web.util - package org.apache.shiro.web.util

P

parseConfig() - Method in class org.apache.shiro.web.env.IniWebEnvironment: Loads configuration Ini from ResourceBasedWebEnvironment.getConfigLocations() if set, otherwise falling back to the IniWebEnvironment.getDefaultConfigLocations().
PassThruAuthenticationFilter - Class in org.apache.shiro.web.filter.authc: An authentication filter that redirects the user to the login page when they are trying to access a protected resource.
PassThruAuthenticationFilter() - Constructor for class org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
PATH_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
PathConfigProcessor - Interface in org.apache.shiro.web.filter: A PathConfigProcessor processes configuration entries on a per path (url) basis.
pathMatcher - Variable in class org.apache.shiro.web.filter.PathMatchingFilter: PatternMatcher used in determining which paths to react to for a given request.
pathMatches(String, String) - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver: Returns true if an incoming request path (the path argument) matches a configured filter chain path (the pattern argument), false otherwise.
PathMatchingFilter - Class in org.apache.shiro.web.filter: Base class for Filters that will process only specified paths and allow all others to pass through.
PathMatchingFilter() - Constructor for class org.apache.shiro.web.filter.PathMatchingFilter
PathMatchingFilterChainResolver - Class in org.apache.shiro.web.filter.mgt: A FilterChainResolver that resolves FilterChains based on url path matching, as determined by a configurable PathMatcher.
PathMatchingFilterChainResolver() - Constructor for class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
PathMatchingFilterChainResolver(FilterConfig) - Constructor for class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
pathsMatch(String, String) - Method in class org.apache.shiro.web.filter.PathMatchingFilter: Returns true if the path matches the specified pattern string, false otherwise.
pathsMatch(String, ServletRequest) - Method in class org.apache.shiro.web.filter.PathMatchingFilter: Returns true if the incoming request matches the specified path pattern, false otherwise.
PermissionsAuthorizationFilter - Class in org.apache.shiro.web.filter.authz: Filter that allows access if the current user has the permissions specified by the mapped value, or denies access if the user does not have all of the permissions specified.
PermissionsAuthorizationFilter() - Constructor for class org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
PermissionTag - Class in org.apache.shiro.web.tags
PermissionTag() - Constructor for class org.apache.shiro.web.tags.PermissionTag
PERMISSIVE - Static variable in class org.apache.shiro.web.filter.authc.AuthenticatingFilter
perms - org.apache.shiro.web.filter.mgt.DefaultFilter
port - org.apache.shiro.web.filter.mgt.DefaultFilter
PortFilter - Class in org.apache.shiro.web.filter.authz: A Filter that requires the request to be on a specific port, and if not, redirects to the same URL on that port.
PortFilter() - Constructor for class org.apache.shiro.web.filter.authz.PortFilter
POST_METHOD - Static variable in class org.apache.shiro.web.filter.AccessControlFilter: Constant representing the HTTP 'POST' request method, equal to POST.
postHandle(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authz.SslFilter: If HTTP Strict Transport Security (HSTS) is enabled the HTTP header will be written, otherwise this method does nothing.
postHandle(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.servlet.AdviceFilter: Allows 'post' advice logic to be called, but only if no exception occurs during filter chain execution.
preHandle(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter: Acquires the currently executing subject, a potentially Subject or request-specific redirectUrl, and redirects the end-user to that redirect url.
preHandle(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.PathMatchingFilter: Implementation that handles path-matching behavior before a request is evaluated.
preHandle(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.servlet.AdviceFilter: Returns true if the filter chain should be allowed to continue, false otherwise.
prepareServletRequest(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter: Prepares the ServletRequest instance that will be passed to the FilterChain for request processing.
prepareServletResponse(ServletRequest, ServletResponse, FilterChain) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter: Prepares the ServletResponse instance that will be passed to the FilterChain for request processing.
PrincipalTag - Class in org.apache.shiro.web.tags: Tag used to print out the String value of a user's default principal, or a specific principal as specified by the tag's attributes.
PrincipalTag() - Constructor for class org.apache.shiro.web.tags.PrincipalTag
PRIVATE_CLASS_A_REGEX - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
PRIVATE_CLASS_B_REGEX - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
PRIVATE_CLASS_B_SUBSET - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
PRIVATE_CLASS_C_REGEX - Static variable in class org.apache.shiro.web.filter.authz.HostFilter
processPathConfig(String, String) - Method in interface org.apache.shiro.web.filter.PathConfigProcessor: Processes the specified config, unique to the given path, and returns the Filter that should execute for that path/config combination.
processPathConfig(String, String) - Method in class org.apache.shiro.web.filter.PathMatchingFilter: Splits any comma-delmited values that might be found in the config argument and sets the resulting String[] array on the appliedPaths internal Map.
ProxiedFilterChain - Class in org.apache.shiro.web.servlet: A proxied filter chain is a FilterChain instance that proxies an original FilterChain as well as a List of other Filters that might need to execute prior to the final wrapped original chain.
ProxiedFilterChain(FilterChain, List<Filter>) - Constructor for class org.apache.shiro.web.servlet.ProxiedFilterChain
proxy(FilterChain) - Method in interface org.apache.shiro.web.filter.mgt.NamedFilterList: Returns a new FilterChain instance that will first execute this list's Filters (in list order) and end with the execution of the given filterChain instance.
proxy(FilterChain) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
proxy(FilterChain, String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
proxy(FilterChain, String) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager: Proxies the specified original FilterChain with the named chain.
putValue(String, Object) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession

Q

queryProperties(Map) - Method in class org.apache.shiro.web.util.RedirectView: Determine name-value pairs for query strings, which will be stringified, URL-encoded and formatted by appendQueryProperties.

R

readValue(HttpServletRequest, HttpServletResponse) - Method in interface org.apache.shiro.web.servlet.Cookie
readValue(HttpServletRequest, HttpServletResponse) - Method in class org.apache.shiro.web.servlet.SimpleCookie
redirectToLogin(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.AccessControlFilter: Convenience method for subclasses that merely acquires the getLoginUrl and redirects the request to that url.
redirectToSavedRequest(ServletRequest, ServletResponse, String) - Static method in class org.apache.shiro.web.util.WebUtils: Redirects the to the request url from a previously saved request, or if there is no saved request, redirects the end user to the specified fallbackUrl.
RedirectView - Class in org.apache.shiro.web.util: View that redirects to an absolute, context relative, or current request relative URL, exposing all model attributes as HTTP query parameters.
RedirectView() - Constructor for class org.apache.shiro.web.util.RedirectView: Constructor for use as a bean.
RedirectView(String) - Constructor for class org.apache.shiro.web.util.RedirectView: Create a new RedirectView with the given URL.
RedirectView(String, boolean) - Constructor for class org.apache.shiro.web.util.RedirectView: Create a new RedirectView with the given URL.
RedirectView(String, boolean, boolean) - Constructor for class org.apache.shiro.web.util.RedirectView: Create a new RedirectView with the given URL.
REFERENCED_SESSION_ID - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
REFERENCED_SESSION_ID_IS_VALID - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
REFERENCED_SESSION_ID_SOURCE - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
REFERENCED_SESSION_IS_NEW - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
registerFilters(Map<String, Filter>, FilterChainManager) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
rememberSerializedIdentity(Subject, byte[]) - Method in class org.apache.shiro.web.mgt.CookieRememberMeManager: Base64-encodes the specified serialized byte array and sets that base64-encoded String as the cookie value.
remove(int) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
remove(Object) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
removeAll(Collection<?>) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
removeAttribute(Object) - Method in class org.apache.shiro.web.session.HttpServletSession
removeAttribute(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
removeContextAttribute(String) - Method in class org.apache.shiro.web.servlet.ServletContextSupport
removeFrom(HttpServletRequest, HttpServletResponse) - Method in interface org.apache.shiro.web.servlet.Cookie
removeFrom(HttpServletRequest, HttpServletResponse) - Method in class org.apache.shiro.web.servlet.SimpleCookie
removeRequestIdentity(Subject) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
removeValue(String) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
renderMergedOutputModel(Map, HttpServletRequest, HttpServletResponse) - Method in class org.apache.shiro.web.util.RedirectView: Convert model to request parameters and redirect to the given URL.
RequestPairSource - Interface in org.apache.shiro.web.util: A RequestPairSource is a component that can supply a ServletRequest and ServletResponse pair associated with a currently executing request.
resolveHost() - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
resolveServletRequest() - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
resolveServletRequest() - Method in interface org.apache.shiro.web.subject.WebSubjectContext
resolveServletResponse() - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
resolveServletResponse() - Method in interface org.apache.shiro.web.subject.WebSubjectContext
ResourceBasedWebEnvironment - Class in org.apache.shiro.web.env: Abstract implementation for WebEnvironments that can be initialized via resource paths (config files).
ResourceBasedWebEnvironment() - Constructor for class org.apache.shiro.web.env.ResourceBasedWebEnvironment
rest - org.apache.shiro.web.filter.mgt.DefaultFilter
retainAll(Collection<?>) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
roles - org.apache.shiro.web.filter.mgt.DefaultFilter
RolesAuthorizationFilter - Class in org.apache.shiro.web.filter.authz: Filter that allows access if the current user has the roles specified by the mapped value, or denies access if the user does not have all of the roles specified.
RolesAuthorizationFilter() - Constructor for class org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
RoleTag - Class in org.apache.shiro.web.tags
RoleTag() - Constructor for class org.apache.shiro.web.tags.RoleTag
ROOT_PATH - Static variable in interface org.apache.shiro.web.servlet.Cookie: Root path to use when the path hasn't been set and request context root is empty or null.

S

SAME_SITE_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
SAVED_REQUEST_KEY - Static variable in class org.apache.shiro.web.util.WebUtils: Session key used to save a request and later restore it, for example when redirecting to a requested page after login, equal to shiroSavedRequest.
SavedRequest - Class in org.apache.shiro.web.util: Maintains request data for a request that was redirected, so that after authentication the user can be redirected to the originally requested page.
SavedRequest(HttpServletRequest) - Constructor for class org.apache.shiro.web.util.SavedRequest: Constructs a new instance from the given HTTP request.
saveRequest(ServletRequest) - Method in class org.apache.shiro.web.filter.AccessControlFilter: Convenience method merely delegates to WebUtils.saveRequest(request) to save the request state for reuse later.
saveRequest(ServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils
saveRequestAndRedirectToLogin(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.filter.AccessControlFilter: Convenience method for subclasses to use when a login redirect is required.
saveTo(HttpServletRequest, HttpServletResponse) - Method in interface org.apache.shiro.web.servlet.Cookie
saveTo(HttpServletRequest, HttpServletResponse) - Method in class org.apache.shiro.web.servlet.SimpleCookie
SECURE_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie
SecureTag - Class in org.apache.shiro.web.tags
SecureTag() - Constructor for class org.apache.shiro.web.tags.SecureTag
sendRedirect(HttpServletRequest, HttpServletResponse, String, boolean) - Method in class org.apache.shiro.web.util.RedirectView: Send a redirect back to the HTTP client
SERVLET_REQUEST_KEY - Static variable in class org.apache.shiro.web.util.WebUtils
SERVLET_RESPONSE_KEY - Static variable in class org.apache.shiro.web.util.WebUtils
ServletContainerSessionManager - Class in org.apache.shiro.web.session.mgt: SessionManager implementation providing Session implementations that are merely wrappers for the Servlet container's HttpSession.
ServletContainerSessionManager() - Constructor for class org.apache.shiro.web.session.mgt.ServletContainerSessionManager
servletContext - Variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
servletContext - Variable in class org.apache.shiro.web.servlet.ShiroHttpSession
ServletContextSupport - Class in org.apache.shiro.web.servlet: Base implementation for any components that need to access the web application's ServletContext.
ServletContextSupport() - Constructor for class org.apache.shiro.web.servlet.ServletContextSupport
session - Variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
session - Variable in class org.apache.shiro.web.servlet.ShiroHttpSession
SESSION_ID_URL_REWRITING_ENABLED - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
set(int, Filter) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
setAttribute(Object, Object) - Method in class org.apache.shiro.web.session.HttpServletSession
setAttribute(String, Object) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
setAuthorizedHosts(String) - Method in class org.apache.shiro.web.filter.authz.HostFilter
setBlockBackslash(boolean) - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
setBlockNonAscii(boolean) - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
setBlockSemicolon(boolean) - Method in class org.apache.shiro.web.filter.InvalidRequestFilter
setComment(String) - Method in interface org.apache.shiro.web.servlet.Cookie
setComment(String) - Method in class org.apache.shiro.web.servlet.SimpleCookie
setConfig(String) - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.

Sets the actual INI configuration text to use to build the SecurityManager and FilterChainResolver used by the web application.
setConfigLocations(String) - Method in class org.apache.shiro.web.env.ResourceBasedWebEnvironment
setConfigLocations(String[]) - Method in class org.apache.shiro.web.env.ResourceBasedWebEnvironment
setConfigPath(String) - Method in class org.apache.shiro.web.servlet.IniShiroFilter: Deprecated.

Sets the config path to be used to load a .ini file for configuration if a configuration is not specified via the config attribute.
setContext(ServletContext) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
setContextAttribute(String, Object) - Method in class org.apache.shiro.web.servlet.ServletContextSupport
setContextRelative(boolean) - Method in class org.apache.shiro.web.util.RedirectView: Set whether to interpret a given URL that starts with a slash ("/") as relative to the current ServletContext, i.e.
setCookie(Cookie) - Method in class org.apache.shiro.web.mgt.CookieRememberMeManager: Sets the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.
setDefaultValue(String) - Method in class org.apache.shiro.web.tags.PrincipalTag
setDeniedHosts(String) - Method in class org.apache.shiro.web.filter.authz.HostFilter
setDomain(String) - Method in interface org.apache.shiro.web.servlet.Cookie
setDomain(String) - Method in class org.apache.shiro.web.servlet.SimpleCookie
setEnabled(boolean) - Method in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
setEnabled(boolean) - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter: Sets whether or not this filter generally executes for any request.
setEncodingScheme(String) - Method in class org.apache.shiro.web.util.RedirectView: Set the encoding scheme for this view.
setFailureAttribute(ServletRequest, AuthenticationException) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
setFailureKeyAttribute(String) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
setFilterChainManager(FilterChainManager) - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver
setFilterChainResolver(FilterChainResolver) - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
setFilterChainResolver(FilterChainResolver) - Method in interface org.apache.shiro.web.env.MutableWebEnvironment: Sets the WebEnvironment's FilterChainResolver.
setFilterChainResolver(FilterChainResolver) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
setFilterChains(Map<String, NamedFilterList>) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
setFilterConfig(FilterConfig) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
setFilterConfig(FilterConfig) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager: Sets the FilterConfig provided by the Servlet container at webapp startup.
setFilterConfig(FilterConfig) - Method in class org.apache.shiro.web.servlet.AbstractFilter: Sets the FilterConfig and the ServletContext as attributes of this class for use by subclasses.
setFilters(Map<String, Filter>) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
setGlobalFilters(List<String>) - Method in class org.apache.shiro.web.config.IniFilterChainResolverFactory
setGlobalFilters(List<String>) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager
setGlobalFilters(List<String>) - Method in interface org.apache.shiro.web.filter.mgt.FilterChainManager: Configures the set of named filters that will match all paths.
setHost(String) - Method in class org.apache.shiro.web.session.HttpServletSession
setHsts(SslFilter.HSTS) - Method in class org.apache.shiro.web.filter.authz.SslFilter
setHttp10Compatible(boolean) - Method in class org.apache.shiro.web.util.RedirectView: Set whether to stay compatible with HTTP 1.0 clients.
setHttpOnly(boolean) - Method in interface org.apache.shiro.web.servlet.Cookie
setHttpOnly(boolean) - Method in class org.apache.shiro.web.servlet.SimpleCookie
setIncludeSubDomains(boolean) - Method in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
setIni(Ini) - Method in class org.apache.shiro.web.env.IniWebEnvironment: Allows for configuration via a direct Ini instance instead of via config locations.
setLoginUrl(String) - Method in class org.apache.shiro.web.filter.AccessControlFilter: Sets the login URL used to authenticate a user.
setLoginUrl(String) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter
setMaxAge(int) - Method in class org.apache.shiro.web.filter.authz.SslFilter.HSTS
setMaxAge(int) - Method in interface org.apache.shiro.web.servlet.Cookie
setMaxAge(int) - Method in class org.apache.shiro.web.servlet.SimpleCookie
setMaxInactiveInterval(int) - Method in class org.apache.shiro.web.servlet.ShiroHttpSession
setName(String) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
setName(String) - Method in interface org.apache.shiro.web.servlet.Cookie
setName(String) - Method in class org.apache.shiro.web.servlet.NameableFilter: Sets the filter's name.
setName(String) - Method in class org.apache.shiro.web.servlet.SimpleCookie
setName(String) - Method in class org.apache.shiro.web.tags.PermissionTag
setName(String) - Method in class org.apache.shiro.web.tags.RoleTag
setPasswordParam(String) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter: Sets the request parameter name to look for when acquiring the password.
setPath(String) - Method in interface org.apache.shiro.web.servlet.Cookie
setPath(String) - Method in class org.apache.shiro.web.servlet.SimpleCookie
setPathMatcher(PatternMatcher) - Method in class org.apache.shiro.web.filter.mgt.PathMatchingFilterChainResolver: Sets the PatternMatcher used when determining if an incoming request's path matches a configured filter chain.
setPort(int) - Method in class org.apache.shiro.web.filter.authz.PortFilter
setPostOnlyLogout(boolean) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter: Due to browser pre-fetching, using a GET requests for logout my cause a user to be logged accidentally, for example: out while typing in an address bar.
setProperty(String) - Method in class org.apache.shiro.web.tags.PrincipalTag
setRedirectUrl(String) - Method in class org.apache.shiro.web.filter.authc.LogoutFilter: Sets the URL to where the user will be redirected after logout.
setRememberMeParam(String) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter: Sets the request parameter name to look for when acquiring the rememberMe boolean value.
setRequest(ServletRequest) - Method in class org.apache.shiro.web.subject.WebSubject.Builder: Called by the WebSubject.Builder constructor, this method places the request object in the context map for later retrieval.
setRequest(ShiroHttpServletRequest) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse
setResponse(ServletResponse) - Method in class org.apache.shiro.web.subject.WebSubject.Builder: Called by the WebSubject.Builder constructor, this method places the response object in the context map for later retrieval.
setSameSite(Cookie.SameSiteOptions) - Method in interface org.apache.shiro.web.servlet.Cookie
setSameSite(Cookie.SameSiteOptions) - Method in class org.apache.shiro.web.servlet.SimpleCookie
setSecure(boolean) - Method in interface org.apache.shiro.web.servlet.Cookie
setSecure(boolean) - Method in class org.apache.shiro.web.servlet.SimpleCookie
setSecurityManager(SecurityManager) - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
setSecurityManager(WebSecurityManager) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter
setSecurityManagerFactory(WebIniSecurityManagerFactory) - Method in class org.apache.shiro.web.env.IniWebEnvironment: Allows for setting the SecurityManager factory which will be used to create the SecurityManager.
setServletContext(ServletContext) - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
setServletContext(ServletContext) - Method in interface org.apache.shiro.web.env.MutableWebEnvironment: Sets the WebEnvironment's associated ServletContext instance.
setServletContext(ServletContext) - Method in class org.apache.shiro.web.servlet.ServletContextSupport
setServletRequest(ServletRequest) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionContext
setServletRequest(ServletRequest) - Method in interface org.apache.shiro.web.session.mgt.WebSessionContext: Sets the ServletRequest received by the servlet container triggering the creation of the Session instance.
setServletRequest(ServletRequest) - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
setServletRequest(ServletRequest) - Method in interface org.apache.shiro.web.subject.WebSubjectContext: Sets the ServletRequest received by the servlet container triggering the creation of the Subject instance.
setServletResponse(ServletResponse) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionContext
setServletResponse(ServletResponse) - Method in interface org.apache.shiro.web.session.mgt.WebSessionContext: Sets the paired ServletResponse corresponding to the associated servletRequest.
setServletResponse(ServletResponse) - Method in class org.apache.shiro.web.subject.support.DefaultWebSubjectContext
setServletResponse(ServletResponse) - Method in interface org.apache.shiro.web.subject.WebSubjectContext: Sets the paired ServletResponse corresponding to the associated servletRequest.
setSessionIdCookie(Cookie) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
setSessionIdCookieEnabled(boolean) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
setSessionIdUrlRewritingEnabled(boolean) - Method in class org.apache.shiro.web.session.mgt.DefaultWebSessionManager
setSessionManager(SessionManager) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
setSessionMode(String) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager: Deprecated.
since 1.2
setStaticSecurityManagerEnabled(boolean) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter: Sets if the constructed securityManager reference should be bound to static memory (via SecurityUtils.setSecurityManager).
setSubjectDAO(SubjectDAO) - Method in class org.apache.shiro.web.mgt.DefaultWebSecurityManager
setSuccessUrl(String) - Method in class org.apache.shiro.web.filter.authc.AuthenticationFilter: Sets the default/fallback success url to use as the default location a user is sent after logging in.
setTimeout(long) - Method in class org.apache.shiro.web.session.HttpServletSession
setType(String) - Method in class org.apache.shiro.web.tags.PrincipalTag
setUnauthorizedUrl(String) - Method in class org.apache.shiro.web.filter.authz.AuthorizationFilter: Sets the URL to which users should be redirected if they are denied access to an underlying path or resource.
setUrl(String) - Method in class org.apache.shiro.web.util.RedirectView
setUsernameParam(String) - Method in class org.apache.shiro.web.filter.authc.FormAuthenticationFilter: Sets the request parameter name to look for when acquiring the username.
setValue(String) - Method in interface org.apache.shiro.web.servlet.Cookie
setValue(String) - Method in class org.apache.shiro.web.servlet.SimpleCookie
setVersion(int) - Method in interface org.apache.shiro.web.servlet.Cookie
setVersion(int) - Method in class org.apache.shiro.web.servlet.SimpleCookie
setWebSecurityManager(WebSecurityManager) - Method in class org.apache.shiro.web.env.DefaultWebEnvironment
setWebSecurityManager(WebSecurityManager) - Method in interface org.apache.shiro.web.env.MutableWebEnvironment: Sets the WebEnvironment's WebSecurityManager.
ShiroFilter - Class in org.apache.shiro.web.servlet: Primary Shiro Filter for web applications configuring Shiro via Servlet <listener> in web.xml.
ShiroFilter() - Constructor for class org.apache.shiro.web.servlet.ShiroFilter
ShiroHttpServletRequest - Class in org.apache.shiro.web.servlet: A ShiroHttpServletRequest wraps the Servlet container's original ServletRequest instance, but ensures that all HttpServletRequest invocations that require Shiro's support (getRemoteUser, getSession, etc) can be executed first by Shiro as necessary before allowing the underlying Servlet container instance's method to be invoked.
ShiroHttpServletRequest(HttpServletRequest, ServletContext, boolean) - Constructor for class org.apache.shiro.web.servlet.ShiroHttpServletRequest
ShiroHttpServletResponse - Class in org.apache.shiro.web.servlet: HttpServletResponse implementation to support URL Encoding of Shiro Session IDs.
ShiroHttpServletResponse(HttpServletResponse, ServletContext, ShiroHttpServletRequest) - Constructor for class org.apache.shiro.web.servlet.ShiroHttpServletResponse
ShiroHttpSession - Class in org.apache.shiro.web.servlet: Wrapper class that uses a Shiro Session under the hood for all session operations instead of the Servlet Container's session mechanism.
ShiroHttpSession(Session, HttpServletRequest, ServletContext) - Constructor for class org.apache.shiro.web.servlet.ShiroHttpSession
shouldNotFilter(ServletRequest) - Method in class org.apache.shiro.web.servlet.OncePerRequestFilter: Deprecated.
in favor of overriding OncePerRequestFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse) for custom behavior. This method will be removed in Shiro 2.0.
showTagBody(String) - Method in class org.apache.shiro.web.tags.HasAnyRolesTag
showTagBody(String) - Method in class org.apache.shiro.web.tags.HasPermissionTag
showTagBody(String) - Method in class org.apache.shiro.web.tags.HasRoleTag
showTagBody(String) - Method in class org.apache.shiro.web.tags.LacksPermissionTag
showTagBody(String) - Method in class org.apache.shiro.web.tags.LacksRoleTag
showTagBody(String) - Method in class org.apache.shiro.web.tags.PermissionTag
showTagBody(String) - Method in class org.apache.shiro.web.tags.RoleTag
SimpleCookie - Class in org.apache.shiro.web.servlet: Default Cookie implementation.
SimpleCookie() - Constructor for class org.apache.shiro.web.servlet.SimpleCookie
SimpleCookie(String) - Constructor for class org.apache.shiro.web.servlet.SimpleCookie
SimpleCookie(Cookie) - Constructor for class org.apache.shiro.web.servlet.SimpleCookie
SimpleNamedFilterList - Class in org.apache.shiro.web.filter.mgt: Simple NamedFilterList implementation that is supported by a backing List instance and a simple name property.
SimpleNamedFilterList(String) - Constructor for class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList: Creates a new SimpleNamedFilterList instance with the specified name, defaulting to a new ArrayList instance as the backing list.
SimpleNamedFilterList(String, List<Filter>) - Constructor for class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList: Creates a new SimpleNamedFilterList instance with the specified name and backingList.
size() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
splitChainDefinition(String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager: Splits the comma-delimited filter chain definition line into individual filter definition tokens.
ssl - org.apache.shiro.web.filter.mgt.DefaultFilter
SslFilter - Class in org.apache.shiro.web.filter.authz: Filter which requires a request to be over SSL.
SslFilter() - Constructor for class org.apache.shiro.web.filter.authz.SslFilter
SslFilter.HSTS - Class in org.apache.shiro.web.filter.authz: Helper class for HTTP Strict Transport Security (HSTS)
start(SessionContext) - Method in class org.apache.shiro.web.session.mgt.ServletContainerSessionManager
stop() - Method in class org.apache.shiro.web.session.HttpServletSession
STRICT - org.apache.shiro.web.servlet.Cookie.SameSiteOptions: Cookies will only be sent in a first-party context and not be sent along with requests initiated by third party websites.
subList(int, int) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList

T

toArray() - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
toArray(T[]) - Method in class org.apache.shiro.web.filter.mgt.SimpleNamedFilterList
toEncoded(String, String) - Method in class org.apache.shiro.web.servlet.ShiroHttpServletResponse: Return the specified URL with the specified session identifier suitably encoded.
toHttp(ServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils: A convenience method that merely casts the incoming ServletRequest to an HttpServletRequest:
toHttp(ServletResponse) - Static method in class org.apache.shiro.web.util.WebUtils: A convenience method that merely casts the incoming ServletResponse to an HttpServletResponse:
toNameConfigPair(String) - Method in class org.apache.shiro.web.filter.mgt.DefaultFilterChainManager: Based on the given filter chain definition token (e.g.
toPort(Object) - Method in class org.apache.shiro.web.filter.authz.PortFilter
toString() - Method in class org.apache.shiro.web.servlet.ServletContextSupport: It is highly recommended not to override this method directly, and instead override the toStringBuilder() method, a better-performing alternative.
toStringBuilder() - Method in class org.apache.shiro.web.servlet.NameableFilter: Returns a StringBuilder instance with the name, or if the name is null, just the super.toStringBuilder() instance.
toStringBuilder() - Method in class org.apache.shiro.web.servlet.ServletContextSupport: Same concept as toString(), but returns a StringBuilder instance instead.
touch() - Method in class org.apache.shiro.web.session.HttpServletSession

U

updateSessionLastAccessTime(ServletRequest, ServletResponse) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter: Updates any 'native' Session's last access time that might exist to the timestamp when this method is called.
URL_SESSION_ID_SOURCE - Static variable in class org.apache.shiro.web.servlet.ShiroHttpServletRequest
urlEncode(String, String) - Method in class org.apache.shiro.web.util.RedirectView: URL-encode the given input String with the given encoding scheme, using URLEncoder.encode(input, enc).
URLS - Static variable in class org.apache.shiro.web.config.IniFilterChainResolverFactory
user - org.apache.shiro.web.filter.mgt.DefaultFilter
UserFilter - Class in org.apache.shiro.web.filter.authc: Filter that allows access to resources if the accessor is a known user, which is defined as having a known principal.
UserFilter() - Constructor for class org.apache.shiro.web.filter.authc.UserFilter
UserTag - Class in org.apache.shiro.web.tags: JSP tag that renders the tag body if the current user known to the system, either from a successful login attempt (not necessarily during the current session) or from 'RememberMe' services.
UserTag() - Constructor for class org.apache.shiro.web.tags.UserTag

V

valueOf(String) - Static method in enum org.apache.shiro.web.filter.mgt.DefaultFilter: Returns the enum constant of this type with the specified name.
valueOf(String) - Static method in enum org.apache.shiro.web.servlet.Cookie.SameSiteOptions: Returns the enum constant of this type with the specified name.
values() - Static method in enum org.apache.shiro.web.filter.mgt.DefaultFilter: Returns an array containing the constants of this enum type, in the order they are declared.
values() - Static method in enum org.apache.shiro.web.servlet.Cookie.SameSiteOptions: Returns an array containing the constants of this enum type, in the order they are declared.
verifyAttributes() - Method in class org.apache.shiro.web.tags.PermissionTag
verifyAttributes() - Method in class org.apache.shiro.web.tags.SecureTag
VERSION_ATTRIBUTE_NAME - Static variable in class org.apache.shiro.web.servlet.SimpleCookie

W

WebDelegatingSubject - Class in org.apache.shiro.web.subject.support: Default WebSubject implementation that additional ensures the ability to retain a servlet request/response pair to be used by internal shiro components as necessary during the request execution.
WebDelegatingSubject(PrincipalCollection, boolean, String, Session, boolean, ServletRequest, ServletResponse, SecurityManager) - Constructor for class org.apache.shiro.web.subject.support.WebDelegatingSubject
WebDelegatingSubject(PrincipalCollection, boolean, String, Session, ServletRequest, ServletResponse, SecurityManager) - Constructor for class org.apache.shiro.web.subject.support.WebDelegatingSubject
WebEnvironment - Interface in org.apache.shiro.web.env: A web-specific Environment instance, used in web applications.
WebIniSecurityManagerFactory - Class in org.apache.shiro.web.config: Deprecated.
use Shiro's Environment mechanisms instead.
WebIniSecurityManagerFactory() - Constructor for class org.apache.shiro.web.config.WebIniSecurityManagerFactory: Deprecated.

Creates a new WebIniSecurityManagerFactory instance which will construct web-capable SecurityManager instances.
WebIniSecurityManagerFactory(Ini) - Constructor for class org.apache.shiro.web.config.WebIniSecurityManagerFactory: Deprecated.

Creates a new WebIniSecurityManagerFactory instance which will construct web-capable SecurityManager instances.
WebSecurityManager - Interface in org.apache.shiro.web.mgt: This interface represents a SecurityManager implementation that can used in web-enabled applications.
WebSessionContext - Interface in org.apache.shiro.web.session.mgt: A WebSubjectContext is a SessionContext that additionally provides for type-safe methods to set and retrieve a ServletRequest and ServletResponse, as the request/response pair will often need to be referenced during construction of web-initiated Session instances.
WebSessionKey - Class in org.apache.shiro.web.session.mgt: A SessionKey implementation that also retains the ServletRequest and ServletResponse associated with the web request that is performing the session lookup.
WebSessionKey(Serializable, ServletRequest, ServletResponse) - Constructor for class org.apache.shiro.web.session.mgt.WebSessionKey
WebSessionKey(ServletRequest, ServletResponse) - Constructor for class org.apache.shiro.web.session.mgt.WebSessionKey
WebSessionManager - Interface in org.apache.shiro.web.session.mgt: SessionManager specific to web-enabled applications.
WebSubject - Interface in org.apache.shiro.web.subject: A WebSubject represents a Subject instance that was acquired as a result of an incoming ServletRequest.
WebSubject.Builder - Class in org.apache.shiro.web.subject: A WebSubject.Builder performs the same function as a Subject.Builder, but additionally ensures that the Servlet request/response pair that is triggering the Subject instance's creation is retained for use by internal Shiro components as necessary.
WebSubjectContext - Interface in org.apache.shiro.web.subject: A WebSubjectContext is a SubjectContext that additionally provides for type-safe methods to set and retrieve a ServletRequest and ServletResponse.
WebUtils - Class in org.apache.shiro.web.util: Simple utility class for operations used across multiple class hierarchies in the web framework code.
WebUtils() - Constructor for class org.apache.shiro.web.util.WebUtils
wrapServletRequest(HttpServletRequest) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter: Wraps the original HttpServletRequest in a ShiroHttpServletRequest, which is required for supporting Servlet Specification behavior backed by a Subject instance.
wrapServletResponse(HttpServletResponse, ShiroHttpServletRequest) - Method in class org.apache.shiro.web.servlet.AbstractShiroFilter: Returns a new ShiroHttpServletResponse instance, wrapping the orig argument, in order to provide correct URL rewriting behavior required by the Servlet Specification when using Shiro-based sessions (and not Servlet Container HTTP-based sessions).

_

_isSessionCreationEnabled(Object) - Static method in class org.apache.shiro.web.util.WebUtils: Returns true if a session is allowed to be created for a subject-associated request, false otherwise.
_isSessionCreationEnabled(ServletRequest) - Static method in class org.apache.shiro.web.util.WebUtils: Returns true if a session is allowed to be created for a subject-associated request, false otherwise.

A B C D E F G H I L M N O P Q R S T U V W _
All Classes All Packages