Builder design pattern implementation for creating {@link Subject} instances in a simplified way without requiring knowledge of Shiro's construction techniques. <p/> <b>NOTE</b>: This is provided for framework development support only and should typically never be used by application developers. {@code Subject} instances should generally be acquired by using <code>SecurityUtils.{@link SecurityUtils#getSubject() getSubject()}</code> <h4>Usage</h4> The simplest usage of this builder is to construct an anonymous, session-less {@code Subject} instance: <pre> Subject subject = new Subject.{@link #Builder() Builder}().{@link #buildSubject() buildSubject()};</pre> The default, no-arg {@code Subject.Builder()} constructor shown above will use the application's currently accessible {@code SecurityManager} via <code>SecurityUtils.{@link SecurityUtils#getSecurityManager() getSecurityManager()}</code>. You may also specify the exact {@code SecurityManager} instance to be used by the additional <code>Subject.{@link #Builder(hunt.shiro.mgt.SecurityManager) Builder(securityManager)}</code> constructor if desired. <p/> All other methods may be called before the {@link #buildSubject() buildSubject()} method to provide context on how to construct the {@code Subject} instance. For example, if you have a session id and want to acquire the {@code Subject} that 'owns' that session (assuming the session exists and is not expired): <pre> Subject subject = new Subject.Builder().sessionId(sessionId).buildSubject();</pre> <p/> Similarly, if you want a {@code Subject} instance reflecting a certain identity: <pre> PrincipalCollection principals = new SimplePrincipalCollection("username", <em>yourRealmName</em>); Subject subject = new Subject.Builder().principals(principals).build();</pre> <p/> <b>Note*</b> that the returned {@code Subject} instance is <b>not</b> automatically bound to the application (thread) for further use. That is, {@link hunt.shiro.SecurityUtils SecurityUtils}.{@link hunt.shiro.SecurityUtils#getSubject() getSubject()} will not automatically return the same instance as what is returned by the builder. It is up to the framework developer to bind the built {@code Subject} for continued use if desired.
A {@code Subject} represents state and security operations for a <em>single</em> application user. These operations include authentication (login/logout), authorization (access control), and session access. It is Shiro's primary mechanism for single-user security functionality. <h3>Acquiring a Subject</h3> To acquire the currently-executing {@code Subject}, application developers will almost always use {@code SecurityUtils}: <pre> {@link SecurityUtils SecurityUtils}.{@link hunt.shiro.SecurityUtils#getSubject() getSubject()}</pre> Almost all security operations should be performed with the {@code Subject} returned from this method. <h3>Permission methods</h3> Note that there are many *Permission methods in this interface overloaded to accept string arguments instead of {@link Permission Permission} instances. They are a convenience allowing the caller to use a string representation of a {@link Permission Permission} if desired. The underlying Authorization subsystem implementations will usually simply convert these string values to {@link Permission Permission} instances and then just call the corresponding type-safe method. (Shiro's default implementations do string-to-Permission conversion for these methods using {@link hunt.shiro.authz.permission.PermissionResolver PermissionResolver}s.) <p/> These overloaded *Permission methods forgo type-safety for the benefit of convenience and simplicity, so you should choose which ones to use based on your preferences and needs.