Default constructor that initializes a {@link DefaultSerializer} as the {@link #getSerializer() serializer} and an {@link AesCipherService} as the {@link #getCipherService() cipherService}.
If a {@link #getCipherService() cipherService} is available, it will be used to first decrypt the byte array. Then the bytes are then {@link #deserialize(byte[]) deserialized} and then returned.
Converts the given principal collection the byte array that will be persisted to be 'remembered' later. <p/> This implementation first {@link #serialize(hunt.shiro.subject.PrincipalCollection) serializes} the principals to a byte array and then {@link #encrypt(byte[]) encrypts} that byte array.
Decrypts the byte array using the configured {@link #getCipherService() cipherService}.
De-serializes the given byte array by using the {@link #getSerializer() serializer}'s {@link Serializer#deserialize deserialize} method.
Encrypts the byte array by using the configured {@link #getCipherService() cipherService}.
Forgets (removes) any remembered identity data for the specified {@link Subject} instance.
Convenience method that returns the cipher key to use for <em>both</em> encryption and decryption. <p/> <b>N.B.</b> This method can only be called if the underlying {@link #getCipherService() cipherService} is a symmetric CipherService which by definition uses the same key for both encryption and decryption. If using an asymmetric CipherService public/private key pair, you cannot use this method, and should instead use the {@link #getEncryptionCipherKey()} and {@link #getDecryptionCipherKey()} methods individually. <p/> The default {@link AesCipherService} instance is a symmetric cipher service, so this method can be used if you are using the default.
Returns the {@code CipherService} to use for encrypting and decrypting serialized identity data to prevent easy inspection of Subject identity data. <p/> Unless overridden by the {@link #setCipherService} method, the default instance is an {@link AesCipherService}.
Returns the decryption cipher key to use for decryption operations.
Returns the cipher key to use for encryption operations.
Returns {@code info}.{@link hunt.shiro.authc.AuthenticationInfo#getPrincipals() getPrincipals()} and ignores the {@link Subject} argument.
Implements the interface method by first {@link #getRememberedSerializedIdentity(SubjectContext) acquiring} the remembered serialized byte array. Then it {@link #convertBytesToPrincipals(byte[], SubjectContext) converts} them and returns the re-constituted {@link PrincipalCollection}. If no remembered principals could be obtained, {@code null} is returned. <p/> If any exceptions are thrown, the {@link #onRememberedPrincipalFailure(RuntimeException, SubjectContext)} method is called to allow any necessary post-processing (such as immediately removing any previously remembered values for safety).
Based on the given subject context data, retrieves the previously persisted serialized identity, or {@code null} if there is no available data. The context map is usually populated by a {@link Subject.Builder} implementation. See the {@link SubjectFactory} class constants for Shiro's known map keys.
Determines whether or not remember me services should be performed for the specified token. This method returns {@code true} iff: <ol> <li>The token is not {@code null} and</li> <li>The token is an {@code instanceof} {@link RememberMeAuthenticationToken} and</li> <li>{@code token}.{@link hunt.shiro.authc.RememberMeAuthenticationToken#isRememberMe() isRememberMe()} is {@code true}</li> </ol>
Reacts to a failed login by immediately {@link #forgetIdentity(hunt.shiro.subject.Subject) forgetting} any previously remembered identity. This is an additional security feature to prevent any remenant identity data from being retained in case the authentication attempt is not being executed by the expected user.
Reacts to a subject logging out of the application and immediately {@link #forgetIdentity(hunt.shiro.subject.Subject) forgets} any previously stored identity and returns.
Called when an exception is thrown while trying to retrieve principals. The default implementation logs a warning message and forgets ('unremembers') the problem identity by calling {@link #forgetIdentity(SubjectContext) forgetIdentity(context)} and then immediately re-throws the exception to allow the calling component to react accordingly. <p/> This method implementation never returns an object - it always rethrows, but can be overridden by subclasses for custom handling behavior. <p/> This most commonly would be called when an encryption key is updated and old principals are retrieved that have been encrypted with the previous key.
Reacts to the successful login attempt by first always {@link #forgetIdentity(Subject) forgetting} any previously stored identity. Then if the {@code token} {@link #isRememberMe(hunt.shiro.authc.AuthenticationToken) is a RememberMe} token, the associated identity will be {@link #rememberIdentity(hunt.shiro.subject.Subject, hunt.shiro.authc.AuthenticationToken, hunt.shiro.authc.AuthenticationInfo) remembered} for later retrieval during a new user session.
Remembers a subject-unique identity for retrieval later. This implementation first {@link #getIdentityToRemember resolves} the exact {@link PrincipalCollection principals} to remember. It then remembers the principals by calling {@link #rememberIdentity(hunt.shiro.subject.Subject, hunt.shiro.subject.PrincipalCollection)}. <p/> This implementation ignores the {@link AuthenticationToken} argument, but it is available to subclasses if necessary for custom logic.
Remembers the specified account principals by first {@link #convertPrincipalsToBytes(hunt.shiro.subject.PrincipalCollection) converting} them to a byte array and then {@link #rememberSerializedIdentity(hunt.shiro.subject.Subject, byte[]) remembers} that byte array.
Persists the identity bytes to a persistent store for retrieval later via the {@link #getRememberedSerializedIdentity(SubjectContext)} method.
Serializes the given {@code principals} by serializing them to a byte array by using the {@link #getSerializer() serializer}'s {@link Serializer#serialize(Object) serialize} method.
Convenience method that sets the cipher key to use for <em>both</em> encryption and decryption. <p/> <b>N.B.</b> This method can only be called if the underlying {@link #getCipherService() cipherService} is a symmetric CipherService?which by definition uses the same key for both encryption and decryption. If using an asymmetric CipherService?(such as a public/private key pair), you cannot use this method, and should instead use the {@link #setEncryptionCipherKey(byte[])} and {@link #setDecryptionCipherKey(byte[])} methods individually. <p/> The default {@link AesCipherService} instance is a symmetric CipherService, so this method can be used if you are using the default.
Sets the {@code CipherService} to use for encrypting and decrypting serialized identity data to prevent easy inspection of Subject identity data. <p/> If the CipherService is a symmetric CipherService (using the same key for both encryption and decryption), you should set your key via the {@link #setCipherKey(byte[])} method. <p/> If the CipherService is an asymmetric CipherService (different keys for encryption and decryption, such as public/private key pairs), you should set your encryption and decryption key via the respective {@link #setEncryptionCipherKey(byte[])} and {@link #setDecryptionCipherKey(byte[])} methods. <p/> <b>N.B.</b> Unless overridden by this method, the default CipherService instance is an {@link AesCipherService}. This {@code RememberMeManager} implementation already has a configured symmetric key to use for encryption and decryption, but it is recommended to provide your own for added security. See the class-level JavaDoc for more information and why it might be good to provide your own.
Sets the decryption key to use for decryption operations.
Sets the encryption key to use for encryption operations.
Based on the specified subject context map being used to build a Subject instance, returns any previously remembered principals for the subject for automatic identity association (aka 'Remember Me'). <p/> The context map is usually populated by a {@link Subject.Builder} implementation. See the {@link SubjectFactory} class constants for Shiro's known map keys.
Forgets any remembered identity corresponding to the subject context map being used to build a subject instance. <p/> The context map is usually populated by a {@link Subject.Builder} implementation. See the {@link SubjectFactory} class constants for Shiro's known map keys.
Reacts to a successful authentication attempt, typically saving the principals to be retrieved ('remembered') for future system access.
Reacts to a failed authentication attempt, typically by forgetting any previously remembered principals for the Subject.
Reacts to a Subject logging out of the application, typically by forgetting any previously remembered principals for the Subject.
Abstract implementation of the {@code RememberMeManager} interface that handles {@link #setSerializer(hunt.shiro.io.Serializer) serialization} and {@link #setCipherService encryption} of the remembered user identity. <p/> The remembered identity storage location and details are left to subclasses. <h2>Default encryption key</h2> This implementation uses an {@link AesCipherService AesCipherService} for strong encryption by default. It also uses a default generated symmetric key to both encrypt and decrypt data. As AES is a symmetric cipher, the same {@code key} is used to both encrypt and decrypt data, BUT NOTE: <p/> Because Shiro is an open-source project, if anyone knew that you were using Shiro's default {@code key}, they could download/view the source, and with enough effort, reconstruct the {@code key} and decode encrypted data at will. <p/> Of course, this key is only really used to encrypt the remembered {@code PrincipalCollection} which is typically a user id or username. So if you do not consider that sensitive information, and you think the default key still makes things 'sufficiently difficult', then you can ignore this issue. <p/> However, if you do feel this constitutes sensitive information, it is recommended that you provide your own {@code key} via the {@link #setCipherKey setCipherKey} method to a key known only to your application, guaranteeing that no third party can decrypt your data. You can generate your own key by calling the {@code CipherService}'s {@link hunt.shiro.crypto.AesCipherService#generateNewKey() generateNewKey} method and using that result as the {@link #setCipherKey cipherKey} configuration attribute.