org.apache.shiro.web.mgt

Class CookieRememberMeManager

java.lang.Object

org.apache.shiro.mgt.AbstractRememberMeManager

org.apache.shiro.web.mgt.CookieRememberMeManager

All Implemented Interfaces:

org.apache.shiro.mgt.RememberMeManager

public class CookieRememberMeManager
extends org.apache.shiro.mgt.AbstractRememberMeManager

Remembers a Subject's identity by saving the Subject's principals to a Cookie for later retrieval.

Cookie attributes (path, domain, maxAge, etc) may be set on this class's default cookie attribute, which acts as a template to use to set all properties of outgoing cookies created by this implementation.

The default cookie has the following attribute values set:

Attribute Name	Value
name	rememberMe
path	/
maxAge	Cookie.ONE_YEAR

Note that because this class subclasses the AbstractRememberMeManager which already provides serialization and encryption logic, this class utilizes both for added security before setting the cookie value.

Since:

1.0

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_REMEMBER_ME_COOKIE_NAME The default name of the underlying rememberMe cookie which is rememberMe.

Constructor Summary

Constructors

Constructor and Description
CookieRememberMeManager() Constructs a new CookieRememberMeManager with a default rememberMe cookie template.

Method Summary

Modifier and Type	Method and Description
protected void	forgetIdentity(org.apache.shiro.subject.Subject subject) Removes the 'rememberMe' cookie from the associated WebSubject's request/response pair.
void	forgetIdentity(org.apache.shiro.subject.SubjectContext subjectContext) Removes the 'rememberMe' cookie from the associated WebSubjectContext's request/response pair.
Cookie	getCookie() Returns the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.
protected byte[]	getRememberedSerializedIdentity(org.apache.shiro.subject.SubjectContext subjectContext) Returns a previously serialized identity byte array or null if the byte array could not be acquired.
protected void	rememberSerializedIdentity(org.apache.shiro.subject.Subject subject, byte[] serialized) Base64-encodes the specified serialized byte array and sets that base64-encoded String as the cookie value.
void	setCookie(Cookie cookie) Sets the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.

Methods inherited from class org.apache.shiro.mgt.AbstractRememberMeManager

convertBytesToPrincipals, convertPrincipalsToBytes, decrypt, deserialize, encrypt, getCipherKey, getCipherService, getDecryptionCipherKey, getEncryptionCipherKey, getIdentityToRemember, getRememberedPrincipals, getSerializer, isRememberMe, onFailedLogin, onLogout, onRememberedPrincipalFailure, onSuccessfulLogin, rememberIdentity, rememberIdentity, serialize, setCipherKey, setCipherService, setDecryptionCipherKey, setEncryptionCipherKey, setSerializer

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

DEFAULT_REMEMBER_ME_COOKIE_NAME

public static final String DEFAULT_REMEMBER_ME_COOKIE_NAME

The default name of the underlying rememberMe cookie which is rememberMe.

See Also:

Constant Field Values

Constructor Detail

CookieRememberMeManager

public CookieRememberMeManager()

Constructs a new CookieRememberMeManager with a default rememberMe cookie template.

Method Detail

getCookie

public Cookie getCookie()

Returns the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager. Outgoing cookies will match this one except for the value attribute, which is necessarily set dynamically at runtime.

Please see the class-level JavaDoc for the default cookie's attribute values.

Returns:

the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.

setCookie

public void setCookie(Cookie cookie)

Sets the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager. Outgoing cookies will match this one except for the value attribute, which is necessarily set dynamically at runtime.

Please see the class-level JavaDoc for the default cookie's attribute values.

Parameters:

cookie - the cookie 'template' that will be used to set all attributes of outgoing rememberMe cookies created by this RememberMeManager.

rememberSerializedIdentity

protected void rememberSerializedIdentity(org.apache.shiro.subject.Subject subject,
                                          byte[] serialized)

Base64-encodes the specified serialized byte array and sets that base64-encoded String as the cookie value.

The subject instance is expected to be a WebSubject instance with an HTTP Request/Response pair so an HTTP cookie can be set on the outgoing response. If it is not a WebSubject or that WebSubject does not have an HTTP Request/Response pair, this implementation does nothing.

Specified by:

rememberSerializedIdentity in class org.apache.shiro.mgt.AbstractRememberMeManager

Parameters:

subject - the Subject for which the identity is being serialized.

serialized - the serialized bytes to be persisted.

getRememberedSerializedIdentity

protected byte[] getRememberedSerializedIdentity(org.apache.shiro.subject.SubjectContext subjectContext)

Returns a previously serialized identity byte array or null if the byte array could not be acquired. This implementation retrieves an HTTP cookie, Base64-decodes the cookie value, and returns the resulting byte array.

The SubjectContext instance is expected to be a WebSubjectContext instance with an HTTP Request/Response pair so an HTTP cookie can be retrieved from the incoming request. If it is not a WebSubjectContext or that WebSubjectContext does not have an HTTP Request/Response pair, this implementation returns null.

Specified by:

getRememberedSerializedIdentity in class org.apache.shiro.mgt.AbstractRememberMeManager

Parameters:

subjectContext - the contextual data, usually provided by a Subject.Builder implementation, that is being used to construct a Subject instance. To be used to assist with data lookup.

Returns:

a previously serialized identity byte array or null if the byte array could not be acquired.

forgetIdentity

protected void forgetIdentity(org.apache.shiro.subject.Subject subject)

Removes the 'rememberMe' cookie from the associated WebSubject's request/response pair.

The subject instance is expected to be a WebSubject instance with an HTTP Request/Response pair. If it is not a WebSubject or that WebSubject does not have an HTTP Request/Response pair, this implementation does nothing.

Specified by:

forgetIdentity in class org.apache.shiro.mgt.AbstractRememberMeManager

Parameters:

subject - the subject instance for which identity data should be forgotten from the underlying persistence

forgetIdentity

public void forgetIdentity(org.apache.shiro.subject.SubjectContext subjectContext)

Removes the 'rememberMe' cookie from the associated WebSubjectContext's request/response pair.

The SubjectContext instance is expected to be a WebSubjectContext instance with an HTTP Request/Response pair. If it is not a WebSubjectContext or that WebSubjectContext does not have an HTTP Request/Response pair, this implementation does nothing.

Parameters:

subjectContext - the contextual data, usually provided by a Subject.Builder implementation