Creates a {@code Subject} instance reflecting the specified contextual data. <p/> The context can be anything needed by this {@code SecurityManager} to construct a {@code Subject} instance. Most Shiro end-users will never call this method - it exists primarily for framework development and to support any underlying custom {@link SubjectFactory SubjectFactory} implementations that may be used by the {@code SecurityManager}. <h4>Usage</h4> After calling this method, the returned instance is <em>not</em> bound to the application for further use. Callers are expected to know that {@code Subject} instances have local scope only and any other further use beyond the calling method must be managed explicitly.
Logs in the specified Subject using the given {@code authenticationToken}, returning an updated Subject instance reflecting the authenticated state if successful or throwing {@code AuthenticationException} if it is not. <p/> Note that most application developers should probably not call this method directly unless they have a good reason for doing so. The preferred way to log in a Subject is to call <code>subject.{@link hunt.shiro.subject.Subject#login login(authenticationToken)}</code> (usually after acquiring the Subject by calling {@link hunt.shiro.SecurityUtils#getSubject() SecurityUtils.getSubject()}). <p/> Framework developers on the other hand might find calling this method directly useful in certain cases.
Logs out the specified Subject from the system. <p/> Note that most application developers should not call this method unless they have a good reason for doing so. The preferred way to logout a Subject is to call <code>{@link hunt.shiro.subject.Subject#logout Subject.logout()}</code>, not the {@code SecurityManager} directly. <p/> Framework developers on the other hand might find calling this method directly useful in certain cases.
Authenticates a user based on the submitted {@code AuthenticationToken}. <p/> If the authentication is successful, an {@link AuthenticationInfo} instance is returned that represents the user's account data relevant to Shiro. This returned object is generally used in turn to construct a {@code Subject} representing a more complete security-specific 'view' of an account that also allows access to a {@code Session}.
Returns <tt>true</tt> if the corresponding subject/user is permitted to perform an action or access a resource summarized by the specified permission string.
Returns <tt>true</tt> if the corresponding subject/user is permitted to perform an action or access a resource summarized by the specified permission.
Checks if the corresponding Subject implies the given permission strings and returns a bool array indicating which permissions are implied.
Checks if the corresponding Subject/user implies the given Permissions and returns a bool array indicating which permissions are implied.
Returns <tt>true</tt> if the corresponding Subject/user implies all of the specified permission strings, <tt>false</tt> otherwise.
Returns <tt>true</tt> if the corresponding Subject/user implies all of the specified permissions, <tt>false</tt> otherwise.
Ensures the corresponding Subject/user implies the specified permission string.
Ensures a subject/user {@link Permission#implies(Permission)} implies} the specified <tt>Permission</tt>. If the subject's existing associated permissions do not {@link Permission#implies(Permission)} imply} the given permission, an {@link AuthorizationException} will be thrown.
Ensures the corresponding Subject/user {@link Permission#implies(Permission) implies} all of the specified permission strings.
Ensures the corresponding Subject/user {@link Permission#implies(Permission) implies} all of the specified permission strings.
Returns <tt>true</tt> if the corresponding Subject/user has the specified role, <tt>false</tt> otherwise.
Checks if the corresponding Subject/user has the specified roles, returning a bool array indicating which roles are associated with the given subject.
Returns <tt>true</tt> if the corresponding Subject/user has all of the specified roles, <tt>false</tt> otherwise.
Asserts the corresponding Subject/user has the specified role by returning quietly if they do or throwing an {@link AuthorizationException} if they do not.
Asserts the corresponding Subject/user has all of the specified roles by returning quietly if they do or throwing an {@link AuthorizationException} if they do not.
Same as {@link #checkRoles(hunt.shiro.subject.PrincipalCollection, java.util.Collection) checkRoles(PrincipalCollection subjectPrincipal, Collection<string> roleIdentifiers)} but doesn't require a collection as an argument. Asserts the corresponding Subject/user has all of the specified roles by returning quietly if they do or throwing an {@link AuthorizationException} if they do not.
Starts a new session based on the specified contextual initialization data, which can be used by the underlying implementation to determine how exactly to create the internal Session instance. <p/> This method is mainly used in framework development, as the implementation will often relay the argument to an underlying {@link SessionFactory} which could use the context to construct the internal Session instance in a specific manner. This allows pluggable {@link hunt.shiro.session.Session Session} creation logic by simply injecting a {@code SessionFactory} into the {@code SessionManager} instance.
Retrieves the session corresponding to the specified contextual data (such as a session ID if applicable), or {@code null} if no Session could be found. If a session is found but invalid (stopped or expired), a {@link SessionException} will be thrown.
A {@code SecurityManager} executes all security operations for <em>all</em> Subjects (aka users) across a single application. <p/> The interface itself primarily exists as a convenience - it extends the {@link hunt.shiro.authc.Authenticator}, {@link Authorizer}, and {@link SessionManager} interfaces, thereby consolidating these behaviors into a single point of reference. For most Shiro usages, this simplifies configuration and tends to be a more convenient approach than referencing {@code Authenticator}, {@code Authorizer}, and {@code SessionManager} instances separately; instead one only needs to interact with a single {@code SecurityManager} instance. <p/> In addition to the above three interfaces, this interface provides a number of methods supporting {@link Subject} behavior. A {@link hunt.shiro.subject.Subject Subject} executes authentication, authorization, and session operations for a <em>single</em> user, and as such can only be managed by {@code A SecurityManager} which is aware of all three functions. The three parent interfaces on the other hand do not 'know' about {@code Subject}s to ensure a clean separation of concerns. <p/> <b>Usage Note</b>: In actuality the large majority of application programmers won't interact with a SecurityManager very often, if at all. <em>Most</em> application programmers only care about security operations for the currently executing user, usually attained by calling {@link hunt.shiro.SecurityUtils#getSubject() SecurityUtils.getSubject()}. <p/> Framework developers on the other hand might find working with an actual SecurityManager useful.
@see hunt.shiro.mgt.DefaultSecurityManager