Package org.apache.shiro.session.mgt
Class DefaultSessionContext
- java.lang.Object
-
- org.apache.shiro.util.MapContext
-
- org.apache.shiro.session.mgt.DefaultSessionContext
-
- All Implemented Interfaces:
Serializable,Map<String,Object>,SessionContext
public class DefaultSessionContext extends MapContext implements SessionContext
Default implementation of theSessionContextinterface which provides getters and setters that wrap interaction with the underlying backing context map.- Since:
- 1.0
- See Also:
- Serialized Form
-
-
Constructor Summary
Constructors Constructor Description DefaultSessionContext()DefaultSessionContext(Map<String,Object> map)
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description StringgetHost()Returns the originating host name or IP address (as a String) from where theSubjectis initiating theSession.SerializablegetSessionId()voidsetHost(String host)Sets the originating host name or IP address (as a String) from where theSubjectis initiating theSession.voidsetSessionId(Serializable sessionId)-
Methods inherited from class org.apache.shiro.util.MapContext
clear, containsKey, containsValue, entrySet, get, getTypedValue, isEmpty, keySet, nullSafePut, put, putAll, remove, size, values
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface java.util.Map
clear, compute, computeIfAbsent, computeIfPresent, containsKey, containsValue, entrySet, equals, forEach, get, getOrDefault, hashCode, isEmpty, keySet, merge, put, putAll, putIfAbsent, remove, remove, replace, replace, replaceAll, size, values
-
-
-
-
Method Detail
-
getHost
public String getHost()
Description copied from interface:SessionContextReturns the originating host name or IP address (as a String) from where theSubjectis initiating theSession. See thesetHost(String)JavaDoc for more about security policies based on theSessionhost.- Specified by:
getHostin interfaceSessionContext- Returns:
- the originating host name or IP address (as a String) from where the
Subjectis initiating theSession. - See Also:
setHost(String)
-
setHost
public void setHost(String host)
Description copied from interface:SessionContextSets the originating host name or IP address (as a String) from where theSubjectis initiating theSession. In web-based systems, this host can be inferred from the incoming request, e.g.javax.servlet.ServletRequest#getRemoteAddr()orjavax.servlet.ServletRequest#getRemoteHost()methods, or in socket-based systems, it can be obtained via inspecting the socket initiator's host IP. Most secure environments should specify a valid, non-nullhost, since knowing thehostallows for more flexibility when securing a system: by requiring an host, access control policies can also ensure access is restricted to specific client locations in addition toSubjectprincipals, if so desired. Caveat - if clients to your system are on a public network (as would be the case for a public web site), odds are high the clients can be behind a NAT (Network Address Translation) router or HTTP proxy server. If so, all clients accessing your system behind that router or proxy will have the same originating host. If your system is configured to allow only one session per host, then the next request from a different NAT or proxy client will fail and access will be denied for that client. Just be aware that host-based security policies are best utilized in LAN or private WAN environments when you can be ensure clients will not share IPs or be behind such NAT routers or proxy servers.- Specified by:
setHostin interfaceSessionContext- Parameters:
host- the originating host name or IP address (as a String) from where theSubjectis initiating theSession.
-
getSessionId
public Serializable getSessionId()
- Specified by:
getSessionIdin interfaceSessionContext
-
setSessionId
public void setSessionId(Serializable sessionId)
- Specified by:
setSessionIdin interfaceSessionContext
-
-