1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 module hunt.shiro.mgt.DefaultSecurityManager; 20 21 import hunt.shiro.mgt.DefaultSubjectFactory; 22 import hunt.shiro.mgt.DefaultSubjectDAO; 23 import hunt.shiro.mgt.RememberMeManager; 24 import hunt.shiro.mgt.SessionsSecurityManager; 25 import hunt.shiro.mgt.SubjectFactory; 26 import hunt.shiro.mgt.SubjectDAO; 27 28 import hunt.shiro.Exceptions; 29 import hunt.shiro.authc.AuthenticationInfo; 30 import hunt.shiro.authc.AuthenticationToken; 31 import hunt.shiro.authc.Authenticator; 32 import hunt.shiro.authc.LogoutAware; 33 import hunt.shiro.authz.Authorizer; 34 import hunt.shiro.realm.Realm; 35 import hunt.shiro.session.Session; 36 import hunt.shiro.session.mgt.DefaultSessionContext; 37 import hunt.shiro.session.mgt.DefaultSessionKey; 38 import hunt.shiro.session.mgt.SessionContext; 39 import hunt.shiro.session.mgt.SessionKey; 40 import hunt.shiro.subject.PrincipalCollection; 41 import hunt.shiro.subject.Subject; 42 import hunt.shiro.subject.SubjectContext; 43 import hunt.shiro.subject.support.DefaultSubjectContext; 44 import hunt.shiro.util.CollectionUtils; 45 import hunt.logging.Logger; 46 47 import hunt.Exceptions; 48 import hunt.collection; 49 import hunt.util.Common; 50 51 import std.conv; 52 53 54 55 /** 56 * The Shiro framework's default concrete implementation of the {@link SecurityManager} interface, 57 * based around a collection of {@link hunt.shiro.realm.Realm}s. This implementation delegates its 58 * authentication, authorization, and session operations to wrapped {@link Authenticator}, {@link Authorizer}, and 59 * {@link hunt.shiro.session.mgt.SessionManager SessionManager} instances respectively via superclass 60 * implementation. 61 * <p/> 62 * To greatly reduce and simplify configuration, this implementation (and its superclasses) will 63 * create suitable defaults for all of its required dependencies, <em>except</em> the required one or more 64 * {@link Realm Realm}s. Because {@code Realm} implementations usually interact with an application's data model, 65 * they are almost always application specific; you will want to specify at least one custom 66 * {@code Realm} implementation that 'knows' about your application's data/security model 67 * (via {@link #setRealm} or one of the overloaded constructors). All other attributes in this class hierarchy 68 * will have suitable defaults for most enterprise applications. 69 * <p/> 70 * <b>RememberMe notice</b>: This class supports the ability to configure a 71 * {@link #setRememberMeManager RememberMeManager} 72 * for {@code RememberMe} identity services for login/logout, BUT, a default instance <em>will not</em> be created 73 * for this attribute at startup. 74 * <p/> 75 * Because RememberMe services are inherently client tier-specific and 76 * therefore aplication-dependent, if you want {@code RememberMe} services enabled, you will have to specify an 77 * instance yourself via the {@link #setRememberMeManager(RememberMeManager) setRememberMeManager} 78 * mutator. However if you're reading this JavaDoc with the 79 * expectation of operating in a Web environment, take a look at the 80 * {@code hunt.shiro.web.DefaultWebSecurityManager} implementation, which 81 * <em>does</em> support {@code RememberMe} services by default at startup. 82 * 83 */ 84 class DefaultSecurityManager : SessionsSecurityManager { 85 86 protected RememberMeManager rememberMeManager; 87 protected SubjectDAO subjectDAO; 88 protected SubjectFactory subjectFactory; 89 90 /** 91 * Default no-arg constructor. 92 */ 93 this() { 94 super(); 95 this.subjectFactory = new DefaultSubjectFactory(); 96 this.subjectDAO = new DefaultSubjectDAO(); 97 } 98 99 /** 100 * Supporting constructor for a single-realm application. 101 * 102 * @param singleRealm the single realm used by this SecurityManager. 103 */ 104 this(Realm singleRealm) { 105 this(); 106 setRealm(singleRealm); 107 } 108 109 /** 110 * Supporting constructor for multiple {@link #setRealms realms}. 111 * 112 * @param realms the realm instances backing this SecurityManager. 113 */ 114 this(Realm[] realms) { 115 this(); 116 setRealms(realms); 117 } 118 119 /** 120 * Returns the {@code SubjectFactory} responsible for creating {@link Subject} instances exposed to the application. 121 * 122 * @return the {@code SubjectFactory} responsible for creating {@link Subject} instances exposed to the application. 123 */ 124 SubjectFactory getSubjectFactory() { 125 return subjectFactory; 126 } 127 128 /** 129 * Sets the {@code SubjectFactory} responsible for creating {@link Subject} instances exposed to the application. 130 * 131 * @param subjectFactory the {@code SubjectFactory} responsible for creating {@link Subject} instances exposed to the application. 132 */ 133 void setSubjectFactory(SubjectFactory subjectFactory) { 134 this.subjectFactory = subjectFactory; 135 } 136 137 /** 138 * Returns the {@code SubjectDAO} responsible for persisting Subject state, typically used after login or when an 139 * Subject identity is discovered (eg after RememberMe services). Unless configured otherwise, the default 140 * implementation is a {@link DefaultSubjectDAO}. 141 * 142 * @return the {@code SubjectDAO} responsible for persisting Subject state, typically used after login or when an 143 * Subject identity is discovered (eg after RememberMe services). 144 * @see DefaultSubjectDAO 145 */ 146 SubjectDAO getSubjectDAO() { 147 return subjectDAO; 148 } 149 150 /** 151 * Sets the {@code SubjectDAO} responsible for persisting Subject state, typically used after login or when an 152 * Subject identity is discovered (eg after RememberMe services). Unless configured otherwise, the default 153 * implementation is a {@link DefaultSubjectDAO}. 154 * 155 * @param subjectDAO the {@code SubjectDAO} responsible for persisting Subject state, typically used after login or when an 156 * Subject identity is discovered (eg after RememberMe services). 157 * @see DefaultSubjectDAO 158 */ 159 void setSubjectDAO(SubjectDAO subjectDAO) { 160 this.subjectDAO = subjectDAO; 161 } 162 163 RememberMeManager getRememberMeManager() { 164 return rememberMeManager; 165 } 166 167 void setRememberMeManager(RememberMeManager rememberMeManager) { 168 this.rememberMeManager = rememberMeManager; 169 } 170 171 protected SubjectContext createSubjectContext() { 172 return new DefaultSubjectContext(); 173 } 174 175 /** 176 * Creates a {@code Subject} instance for the user represented by the given method arguments. 177 * 178 * @param token the {@code AuthenticationToken} submitted for the successful authentication. 179 * @param info the {@code AuthenticationInfo} of a newly authenticated user. 180 * @param existing the existing {@code Subject} instance that initiated the authentication attempt 181 * @return the {@code Subject} instance that represents the context and session data for the newly 182 * authenticated subject. 183 */ 184 protected Subject createSubject(AuthenticationToken token, 185 AuthenticationInfo info, Subject existing) { 186 SubjectContext context = createSubjectContext(); 187 context.setAuthenticated(true); 188 context.setAuthenticationToken(token); 189 context.setAuthenticationInfo(info); 190 if (existing !is null) { 191 context.setSubject(existing); 192 } 193 return createSubject(context); 194 } 195 196 /** 197 * Binds a {@code Subject} instance created after authentication to the application for later use. 198 * <p/> 199 * As of Shiro 1.2, this method has been deprecated in favor of {@link #save(hunt.shiro.subject.Subject)}, 200 * which this implementation now calls. 201 * 202 * @param subject the {@code Subject} instance created after authentication to be bound to the application 203 * for later use. 204 * @see #save(hunt.shiro.subject.Subject) 205 * deprecated("") in favor of {@link #save(hunt.shiro.subject.Subject) save(subject)}. 206 */ 207 deprecated("") protected void bind(Subject subject) { 208 save(subject); 209 } 210 211 protected void rememberMeSuccessfulLogin(AuthenticationToken token, 212 AuthenticationInfo info, Subject subject) { 213 RememberMeManager rmm = getRememberMeManager(); 214 if (rmm !is null) { 215 try { 216 rmm.onSuccessfulLogin(subject, token, info); 217 } catch (Exception e) { 218 version (HUNT_SHIRO_DEBUG) { 219 string msg = "Delegate RememberMeManager instance of type [" ~ typeid(cast(Object) rmm) 220 .name ~ "] threw an exception during onSuccessfulLogin. RememberMe services will not be " 221 ~ "performed for account [" ~ typeid(cast(Object) info).name ~ "]."; 222 warning(msg, e); 223 } 224 } 225 } else { 226 version (HUNT_SHIRO_DEBUG) { 227 tracef("This " ~ typeid(this) 228 .name ~ " instance does not have a " ~ "[" ~ typeid(RememberMeManager) 229 .toString() ~ "] instance configured. RememberMe services " ~ "will not be performed for account [" ~ ( 230 cast(Object) info).toString() ~ "]."); 231 } 232 } 233 } 234 235 protected void rememberMeFailedLogin(AuthenticationToken token, 236 AuthenticationException ex, Subject subject) { 237 RememberMeManager rmm = getRememberMeManager(); 238 if (rmm !is null) { 239 try { 240 rmm.onFailedLogin(subject, token, ex); 241 } catch (Exception e) { 242 version (HUNT_SHIRO_DEBUG) { 243 string msg = "Delegate RememberMeManager instance of type [" ~ typeid(cast(Object) rmm) 244 .name ~ "] threw an exception during onFailedLogin for AuthenticationToken [" ~ typeid( 245 cast(Object) token).name ~ "]."; 246 warning(msg, e); 247 } 248 } 249 } 250 } 251 252 protected void rememberMeLogout(Subject subject) { 253 RememberMeManager rmm = getRememberMeManager(); 254 if (rmm !is null) { 255 try { 256 rmm.onLogout(subject); 257 } catch (Exception e) { 258 version (HUNT_SHIRO_DEBUG) { 259 PrincipalCollection pc = (subject !is null ? subject.getPrincipals() : null); 260 string msg = "Delegate RememberMeManager instance of type [" ~ typeid(rmm).toString() 261 ~ "] threw an exception during onLogout for subject with principals [" ~ pc.to!string() 262 ~ "]"; 263 warning(msg, e); 264 } 265 } 266 } 267 } 268 269 /** 270 * First authenticates the {@code AuthenticationToken} argument, and if successful, constructs a 271 * {@code Subject} instance representing the authenticated account's identity. 272 * <p/> 273 * Once constructed, the {@code Subject} instance is then {@link #bind bound} to the application for 274 * subsequent access before being returned to the caller. 275 * 276 * @param token the authenticationToken to process for the login attempt. 277 * @return a Subject representing the authenticated user. 278 * @throws AuthenticationException if there is a problem authenticating the specified {@code token}. 279 */ 280 Subject login(Subject subject, AuthenticationToken token) { 281 AuthenticationInfo info; 282 try { 283 info = authenticate(token); 284 } catch (AuthenticationException ae) { 285 try { 286 onFailedLogin(token, ae, subject); 287 } catch (Exception e) { 288 version (HUNT_SHIRO_DEBUG) { 289 infof("onFailedLogin method threw an " 290 ~ "exception. Logging and propagating original AuthenticationException.", 291 e); 292 } 293 } 294 throw ae; //propagate 295 } 296 297 Subject loggedIn = createSubject(token, info, subject); 298 // Always create a new subject whithout refering to the existing one. 299 // Subject loggedIn = createSubject(token, info, null); 300 301 onSuccessfulLogin(token, info, loggedIn); 302 303 return loggedIn; 304 } 305 306 protected void onSuccessfulLogin(AuthenticationToken token, 307 AuthenticationInfo info, Subject subject) { 308 rememberMeSuccessfulLogin(token, info, subject); 309 } 310 311 protected void onFailedLogin(AuthenticationToken token, 312 AuthenticationException ae, Subject subject) { 313 rememberMeFailedLogin(token, ae, subject); 314 } 315 316 protected void beforeLogout(Subject subject) { 317 rememberMeLogout(subject); 318 } 319 320 protected SubjectContext copy(SubjectContext subjectContext) { 321 // warning((cast(Object)subjectContext).toString()); 322 return new DefaultSubjectContext(subjectContext); 323 } 324 325 /** 326 * This implementation functions as follows: 327 * <p/> 328 * <ol> 329 * <li>Ensures the {@code SubjectContext} is as populated as it can be, using heuristics to acquire 330 * data that may not have already been available to it (such as a referenced session or remembered principals).</li> 331 * <li>Calls {@link #doCreateSubject(hunt.shiro.subject.SubjectContext)} to actually perform the 332 * {@code Subject} instance creation.</li> 333 * <li>calls {@link #save(hunt.shiro.subject.Subject) save(subject)} to ensure the constructed 334 * {@code Subject}'s state is accessible for future requests/invocations if necessary.</li> 335 * <li>returns the constructed {@code Subject} instance.</li> 336 * </ol> 337 * 338 * @param subjectContext any data needed to direct how the Subject should be constructed. 339 * @return the {@code Subject} instance reflecting the specified contextual data. 340 * @see #ensureSecurityManager(hunt.shiro.subject.SubjectContext) 341 * @see #resolveSession(hunt.shiro.subject.SubjectContext) 342 * @see #resolvePrincipals(hunt.shiro.subject.SubjectContext) 343 * @see #doCreateSubject(hunt.shiro.subject.SubjectContext) 344 * @see #save(hunt.shiro.subject.Subject) 345 */ 346 Subject createSubject(SubjectContext subjectContext) { 347 //create a copy so we don't modify the argument's backing map: 348 SubjectContext context = copy(subjectContext); 349 350 //ensure that the context has a SecurityManager instance, and if not, add one: 351 context = ensureSecurityManager(context); 352 353 //Resolve an associated Session (usually based on a referenced session ID), and place it in the context before 354 //sending to the SubjectFactory. The SubjectFactory should not need to know how to acquire sessions as the 355 //process is often environment specific - better to shield the SF from these details: 356 context = resolveSession(context); 357 358 //Similarly, the SubjectFactory should not require any concept of RememberMe - translate that here first 359 //if possible before handing off to the SubjectFactory: 360 context = resolvePrincipals(context); 361 362 Subject subject = doCreateSubject(context); 363 364 //save this subject for future reference if necessary: 365 //(this is needed here in case rememberMe principals were resolved and they need to be stored in the 366 //session, so we don't constantly rehydrate the rememberMe PrincipalCollection on every operation). 367 //Added in 1.2: 368 save(subject); 369 370 return subject; 371 } 372 373 /** 374 * Actually creates a {@code Subject} instance by delegating to the internal 375 * {@link #getSubjectFactory() subjectFactory}. By the time this method is invoked, all possible 376 * {@code SubjectContext} data (session, principals, et. al.) has been made accessible using all known heuristics 377 * and will be accessible to the {@code subjectFactory} via the {@code subjectContext.resolve*} methods. 378 * 379 * @param context the populated context (data map) to be used by the {@code SubjectFactory} when creating a 380 * {@code Subject} instance. 381 * @return a {@code Subject} instance reflecting the data in the specified {@code SubjectContext} data map. 382 * @see #getSubjectFactory() 383 * @see SubjectFactory#createSubject(hunt.shiro.subject.SubjectContext) 384 */ 385 protected Subject doCreateSubject(SubjectContext context) { 386 return getSubjectFactory().createSubject(context); 387 } 388 389 /** 390 * Saves the subject's state to a persistent location for future reference if necessary. 391 * <p/> 392 * This implementation merely delegates to the internal {@link #setSubjectDAO(SubjectDAO) subjectDAO} and calls 393 * {@link SubjectDAO#save(hunt.shiro.subject.Subject) subjectDAO.save(subject)}. 394 * 395 * @param subject the subject for which state will potentially be persisted 396 * @see SubjectDAO#save(hunt.shiro.subject.Subject) 397 */ 398 protected void save(Subject subject) { 399 this.subjectDAO.save(subject); 400 } 401 402 /** 403 * Removes (or 'unbinds') the Subject's state from the application, typically called during {@link #logout}.. 404 * <p/> 405 * This implementation merely delegates to the internal {@link #setSubjectDAO(SubjectDAO) subjectDAO} and calls 406 * {@link SubjectDAO#remove(hunt.shiro.subject.Subject) remove(subject)}. 407 * 408 * @param subject the subject for which state will be removed 409 * @see SubjectDAO#remove(hunt.shiro.subject.Subject) 410 */ 411 protected void remove(Subject subject) { 412 this.subjectDAO.remove(subject); 413 } 414 415 /** 416 * Determines if there is a {@code SecurityManager} instance in the context, and if not, adds 'this' to the 417 * context. This ensures the SubjectFactory instance will have access to a SecurityManager during Subject 418 * construction if necessary. 419 * 420 * @param context the subject context data that may contain a SecurityManager instance. 421 * @return The SubjectContext to use to pass to a {@link SubjectFactory} for subject creation. 422 */ 423 //@SuppressWarnings({"unchecked"}) 424 protected SubjectContext ensureSecurityManager(SubjectContext context) { 425 if (context.resolveSecurityManager() !is null) { 426 version (HUNT_SHIRO_DEBUG) { 427 tracef("Context already contains a SecurityManager instance. Returning."); 428 } 429 return context; 430 } 431 version (HUNT_SHIRO_DEBUG) { 432 warning("No SecurityManager found in context. Adding self reference."); 433 } 434 context.setSecurityManager(this); 435 return context; 436 } 437 438 /** 439 * Attempts to resolve any associated session based on the context and returns a 440 * context that represents this resolved {@code Session} to ensure it may be referenced if necessary by the 441 * invoked {@link SubjectFactory} that performs actual {@link Subject} construction. 442 * <p/> 443 * If there is a {@code Session} already in the context because that is what the caller wants to be used for 444 * {@code Subject} construction, or if no session is resolved, this method effectively does nothing 445 * returns the context method argument unaltered. 446 * 447 * @param context the subject context data that may resolve a Session instance. 448 * @return The context to use to pass to a {@link SubjectFactory} for subject creation. 449 */ 450 //@SuppressWarnings({"unchecked"}) 451 protected SubjectContext resolveSession(SubjectContext context) { 452 if (context.resolveSession() !is null) { 453 version (HUNT_SHIRO_DEBUG) 454 tracef("Context already contains a session. Returning."); 455 return context; 456 } 457 try { 458 //Context couldn't resolve it directly, let's see if we can since we have direct access to 459 //the session manager: 460 Session session = resolveContextSession(context); 461 if (session !is null) { 462 context.setSession(session); 463 } 464 } catch (InvalidSessionException e) { 465 warningf("Resolved SubjectContext context session is invalid. Ignoring and creating an anonymous " 466 ~ "(session-less) Subject instance.", e); 467 } 468 return context; 469 } 470 471 protected Session resolveContextSession(SubjectContext context) { 472 SessionKey key = getSessionKey(context); 473 if (key !is null) { 474 return getSession(key); 475 } 476 return null; 477 } 478 479 protected SessionKey getSessionKey(SubjectContext context) { 480 string sessionId = context.getSessionId(); 481 if (sessionId !is null) { 482 return new DefaultSessionKey(sessionId); 483 } 484 return null; 485 } 486 487 private static bool isEmpty(PrincipalCollection pc) { 488 return pc is null || pc.isEmpty(); 489 } 490 491 /** 492 * Attempts to resolve an identity (a {@link PrincipalCollection}) for the context using heuristics. This 493 * implementation functions as follows: 494 * <ol> 495 * <li>Check the context to see if it can already {@link SubjectContext#resolvePrincipals resolve an identity}. If 496 * so, this method does nothing and returns the method argument unaltered.</li> 497 * <li>Check for a RememberMe identity by calling {@link #getRememberedIdentity}. If that method returns a 498 * non-null value, place the remembered {@link PrincipalCollection} in the context.</li> 499 * </ol> 500 * 501 * @param context the subject context data that may provide (directly or indirectly through one of its values) a 502 * {@link PrincipalCollection} identity. 503 * @return The Subject context to use to pass to a {@link SubjectFactory} for subject creation. 504 */ 505 //@SuppressWarnings({"unchecked"}) 506 protected SubjectContext resolvePrincipals(SubjectContext context) { 507 508 PrincipalCollection principals = context.resolvePrincipals(); 509 510 if (isEmpty(principals)) { 511 version (HUNT_SHIRO_DEBUG) 512 tracef("No identity (PrincipalCollection) found in the context. Looking for a remembered identity."); 513 514 principals = getRememberedIdentity(context); 515 516 if (!isEmpty(principals)) { 517 version (HUNT_SHIRO_DEBUG) 518 tracef("Found remembered PrincipalCollection. Adding to the context to be used " 519 ~ "for subject construction by the SubjectFactory."); 520 521 context.setPrincipals(principals); 522 523 // The following call was removed (commented out) in Shiro 1.2 because it uses the session as an 524 // implementation strategy. Session use for Shiro's own needs should be controlled in a single place 525 // to be more manageable for end-users: there are a number of stateless (e.g. REST) applications that 526 // use Shiro that need to ensure that sessions are only used when desirable. If Shiro's internal 527 // implementations used Subject sessions (setting attributes) whenever we wanted, it would be much 528 // harder for end-users to control when/where that occurs. 529 // 530 // Because of this, the SubjectDAO was created as the single point of control, and session state logic 531 // has been moved to the DefaultSubjectDAO implementation. 532 533 // Removed in Shiro 1.2. SHIRO-157 is still satisfied by the new DefaultSubjectDAO implementation 534 // introduced in 1.2 535 // Satisfies SHIRO-157: 536 // bindPrincipalsToSession(principals, context); 537 538 } else { 539 version (HUNT_SHIRO_DEBUG) 540 tracef("No remembered identity found. Returning original context."); 541 } 542 } 543 544 return context; 545 } 546 547 protected SessionContext createSessionContext(SubjectContext subjectContext) { 548 Map!(string, Object) contextMap = cast(Map!(string, Object)) subjectContext; 549 DefaultSessionContext sessionContext = new DefaultSessionContext(); 550 if (!CollectionUtils.isEmpty(contextMap)) { 551 sessionContext.putAll(contextMap); 552 } 553 string sessionId = subjectContext.getSessionId(); 554 if (sessionId !is null) { 555 sessionContext.setSessionId(sessionId); 556 } 557 string host = subjectContext.resolveHost(); 558 if (host !is null) { 559 sessionContext.setHost(host); 560 } 561 return sessionContext; 562 } 563 564 void logout(Subject subject) { 565 566 if (subject is null) { 567 throw new IllegalArgumentException("Subject method argument cannot be null."); 568 } 569 570 beforeLogout(subject); 571 572 PrincipalCollection principals = subject.getPrincipals(); 573 if (principals !is null && !principals.isEmpty()) { 574 version (HUNT_SHIRO_DEBUG) { 575 tracef("Logging out subject with primary principal %s", 576 principals.getPrimaryPrincipal()); 577 } 578 Authenticator authc = getAuthenticator(); 579 LogoutAware la = cast(LogoutAware) authc; 580 if (la !is null) { 581 la.onLogout(principals); 582 } 583 } 584 585 try { 586 remove(subject); 587 } catch (Exception e) { 588 string msg = "Unable to cleanly unbind Subject. Ignoring (logging out)."; 589 warning(msg); 590 version (HUNT_SHIRO_DEBUG) { 591 warning(e); 592 } 593 } 594 595 try { 596 stopSession(subject); 597 } catch (Exception e) { 598 version (HUNT_SHIRO_DEBUG) { 599 string msg = "Unable to cleanly stop Session for Subject [" ~ subject.getPrincipal() 600 .toString() ~ "] " ~ "Ignoring (logging out)."; 601 tracef(msg, e); 602 } 603 } 604 } 605 606 protected void stopSession(Subject subject) { 607 Session s = subject.getSession(false); 608 if (s !is null) { 609 s.stop(); 610 } 611 } 612 613 /** 614 * Unbinds or removes the Subject's state from the application, typically called during {@link #logout}. 615 * <p/> 616 * This has been deprecated in Shiro 1.2 in favor of the {@link #remove(hunt.shiro.subject.Subject) remove} 617 * method. The implementation has been updated to invoke that method. 618 * 619 * @param subject the subject to unbind from the application as it will no longer be used. 620 * deprecated("") in Shiro 1.2 in favor of {@link #remove(hunt.shiro.subject.Subject)} 621 */ 622 deprecated("") //@SuppressWarnings({"UnusedDeclaration"}) 623 protected void unbind(Subject subject) { 624 remove(subject); 625 } 626 627 protected PrincipalCollection getRememberedIdentity(SubjectContext subjectContext) { 628 RememberMeManager rmm = getRememberMeManager(); 629 if (rmm !is null) { 630 try { 631 return rmm.getRememberedPrincipals(subjectContext); 632 } catch (Exception e) { 633 version (HUNT_SHIRO_DEBUG) { 634 string msg = "Delegate RememberMeManager instance of type [" ~ typeid(cast(Object) rmm) 635 .name ~ "] threw an exception during getRememberedPrincipals()."; 636 warning(msg, e); 637 } 638 } 639 } 640 return null; 641 } 642 }