Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.6.0 / shiro-core / apidocs / src-html / org / apache / shiro / session / mgt / SessionContext.html
blob: feac8b00d745a02275215c8943cea66e22bb8751 [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Source code</title>
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
</head>
<body>
<main role="main">
<div class="sourceContainer">
<pre><span class="sourceLineNo">001</span><a id="line.1">/*</a>
<span class="sourceLineNo">002</span><a id="line.2"> * Licensed to the Apache Software Foundation (ASF) under one</a>
<span class="sourceLineNo">003</span><a id="line.3"> * or more contributor license agreements. See the NOTICE file</a>
<span class="sourceLineNo">004</span><a id="line.4"> * distributed with this work for additional information</a>
<span class="sourceLineNo">005</span><a id="line.5"> * regarding copyright ownership. The ASF licenses this file</a>
<span class="sourceLineNo">006</span><a id="line.6"> * to you under the Apache License, Version 2.0 (the</a>
<span class="sourceLineNo">007</span><a id="line.7"> * "License"); you may not use this file except in compliance</a>
<span class="sourceLineNo">008</span><a id="line.8"> * with the License. You may obtain a copy of the License at</a>
<span class="sourceLineNo">009</span><a id="line.9"> *</a>
<span class="sourceLineNo">010</span><a id="line.10"> * http://www.apache.org/licenses/LICENSE-2.0</a>
<span class="sourceLineNo">011</span><a id="line.11"> *</a>
<span class="sourceLineNo">012</span><a id="line.12"> * Unless required by applicable law or agreed to in writing,</a>
<span class="sourceLineNo">013</span><a id="line.13"> * software distributed under the License is distributed on an</a>
<span class="sourceLineNo">014</span><a id="line.14"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
<span class="sourceLineNo">015</span><a id="line.15"> * KIND, either express or implied. See the License for the</a>
<span class="sourceLineNo">016</span><a id="line.16"> * specific language governing permissions and limitations</a>
<span class="sourceLineNo">017</span><a id="line.17"> * under the License.</a>
<span class="sourceLineNo">018</span><a id="line.18"> */</a>
<span class="sourceLineNo">019</span><a id="line.19">package org.apache.shiro.session.mgt;</a>
<span class="sourceLineNo">020</span><a id="line.20"></a>
<span class="sourceLineNo">021</span><a id="line.21">import java.io.Serializable;</a>
<span class="sourceLineNo">022</span><a id="line.22">import java.util.Map;</a>
<span class="sourceLineNo">023</span><a id="line.23"></a>
<span class="sourceLineNo">024</span><a id="line.24">/**</a>
<span class="sourceLineNo">025</span><a id="line.25"> * A {@code SessionContext} is a 'bucket' of data presented to a {@link SessionFactory SessionFactory} which interprets</a>
<span class="sourceLineNo">026</span><a id="line.26"> * this data to construct {@link org.apache.shiro.session.Session Session} instances. It is essentially a Map of data</a>
<span class="sourceLineNo">027</span><a id="line.27"> * with a few additional type-safe methods for easy retrieval of objects commonly used to construct Subject instances.</a>
<span class="sourceLineNo">028</span><a id="line.28"> * &lt;p/&gt;</a>
<span class="sourceLineNo">029</span><a id="line.29"> * While this interface contains type-safe setters and getters for common data types, the map can contain anything</a>
<span class="sourceLineNo">030</span><a id="line.30"> * additional that might be needed by the {@code SessionFactory} implementation to construct {@code Session} instances.</a>
<span class="sourceLineNo">031</span><a id="line.31"> * &lt;p/&gt;</a>
<span class="sourceLineNo">032</span><a id="line.32"> * &lt;b&gt;USAGE&lt;/b&gt;: Most Shiro end-users will never use a {@code SubjectContext} instance directly and instead will call</a>
<span class="sourceLineNo">033</span><a id="line.33"> * the {@code Subject.}{@link org.apache.shiro.subject.Subject#getSession() getSession()} or</a>
<span class="sourceLineNo">034</span><a id="line.34"> * {@code Subject.}{@link org.apache.shiro.subject.Subject#getSession(boolean) getSession(boolean)} methods (which</a>
<span class="sourceLineNo">035</span><a id="line.35"> * will usually use {@code SessionContext} instances to start a session with the application's</a>
<span class="sourceLineNo">036</span><a id="line.36"> * {@link SessionManager SessionManager}.</a>
<span class="sourceLineNo">037</span><a id="line.37"> *</a>
<span class="sourceLineNo">038</span><a id="line.38"> * @see org.apache.shiro.session.mgt.SessionManager#start SessionManager.start(SessionContext)</a>
<span class="sourceLineNo">039</span><a id="line.39"> * @see org.apache.shiro.session.mgt.SessionFactory SessionFactory</a>
<span class="sourceLineNo">040</span><a id="line.40"> * @since 1.0</a>
<span class="sourceLineNo">041</span><a id="line.41"> */</a>
<span class="sourceLineNo">042</span><a id="line.42">public interface SessionContext extends Map&lt;String, Object&gt; {</a>
<span class="sourceLineNo">043</span><a id="line.43"></a>
<span class="sourceLineNo">044</span><a id="line.44"> /**</a>
<span class="sourceLineNo">045</span><a id="line.45"> * Sets the originating host name or IP address (as a String) from where the {@code Subject} is initiating the</a>
<span class="sourceLineNo">046</span><a id="line.46"> * {@code Session}.</a>
<span class="sourceLineNo">047</span><a id="line.47"> * &lt;p/&gt;</a>
<span class="sourceLineNo">048</span><a id="line.48"> * In web-based systems, this host can be inferred from the incoming request, e.g.</a>
<span class="sourceLineNo">049</span><a id="line.49"> * {@code javax.servlet.ServletRequest#getRemoteAddr()} or {@code javax.servlet.ServletRequest#getRemoteHost()}</a>
<span class="sourceLineNo">050</span><a id="line.50"> * methods, or in socket-based systems, it can be obtained via inspecting the socket</a>
<span class="sourceLineNo">051</span><a id="line.51"> * initiator's host IP.</a>
<span class="sourceLineNo">052</span><a id="line.52"> * &lt;p/&gt;</a>
<span class="sourceLineNo">053</span><a id="line.53"> * Most secure environments &lt;em&gt;should&lt;/em&gt; specify a valid, non-{@code null} {@code host}, since knowing the</a>
<span class="sourceLineNo">054</span><a id="line.54"> * {@code host} allows for more flexibility when securing a system: by requiring an host, access control policies</a>
<span class="sourceLineNo">055</span><a id="line.55"> * can also ensure access is restricted to specific client &lt;em&gt;locations&lt;/em&gt; in addition to {@code Subject}</a>
<span class="sourceLineNo">056</span><a id="line.56"> * principals, if so desired.</a>
<span class="sourceLineNo">057</span><a id="line.57"> * &lt;p/&gt;</a>
<span class="sourceLineNo">058</span><a id="line.58"> * &lt;b&gt;Caveat&lt;/b&gt; - if clients to your system are on a</a>
<span class="sourceLineNo">059</span><a id="line.59"> * public network (as would be the case for a public web site), odds are high the clients can be</a>
<span class="sourceLineNo">060</span><a id="line.60"> * behind a NAT (Network Address Translation) router or HTTP proxy server. If so, all clients</a>
<span class="sourceLineNo">061</span><a id="line.61"> * accessing your system behind that router or proxy will have the same originating host.</a>
<span class="sourceLineNo">062</span><a id="line.62"> * If your system is configured to allow only one session per host, then the next request from a</a>
<span class="sourceLineNo">063</span><a id="line.63"> * different NAT or proxy client will fail and access will be denied for that client. Just be</a>
<span class="sourceLineNo">064</span><a id="line.64"> * aware that host-based security policies are best utilized in LAN or private WAN environments</a>
<span class="sourceLineNo">065</span><a id="line.65"> * when you can be ensure clients will not share IPs or be behind such NAT routers or</a>
<span class="sourceLineNo">066</span><a id="line.66"> * proxy servers.</a>
<span class="sourceLineNo">067</span><a id="line.67"> *</a>
<span class="sourceLineNo">068</span><a id="line.68"> * @param host the originating host name or IP address (as a String) from where the {@code Subject} is</a>
<span class="sourceLineNo">069</span><a id="line.69"> * initiating the {@code Session}.</a>
<span class="sourceLineNo">070</span><a id="line.70"> * @since 1.0</a>
<span class="sourceLineNo">071</span><a id="line.71"> */</a>
<span class="sourceLineNo">072</span><a id="line.72"> void setHost(String host);</a>
<span class="sourceLineNo">073</span><a id="line.73"></a>
<span class="sourceLineNo">074</span><a id="line.74"> /**</a>
<span class="sourceLineNo">075</span><a id="line.75"> * Returns the originating host name or IP address (as a String) from where the {@code Subject} is initiating the</a>
<span class="sourceLineNo">076</span><a id="line.76"> * {@code Session}.</a>
<span class="sourceLineNo">077</span><a id="line.77"> * &lt;p/&gt;</a>
<span class="sourceLineNo">078</span><a id="line.78"> * See the {@link #setHost(String) setHost(String)} JavaDoc for more about security policies based on the</a>
<span class="sourceLineNo">079</span><a id="line.79"> * {@code Session} host.</a>
<span class="sourceLineNo">080</span><a id="line.80"> *</a>
<span class="sourceLineNo">081</span><a id="line.81"> * @return the originating host name or IP address (as a String) from where the {@code Subject} is initiating the</a>
<span class="sourceLineNo">082</span><a id="line.82"> * {@code Session}.</a>
<span class="sourceLineNo">083</span><a id="line.83"> * @see #setHost(String) setHost(String)</a>
<span class="sourceLineNo">084</span><a id="line.84"> */</a>
<span class="sourceLineNo">085</span><a id="line.85"> String getHost();</a>
<span class="sourceLineNo">086</span><a id="line.86"></a>
<span class="sourceLineNo">087</span><a id="line.87"> Serializable getSessionId();</a>
<span class="sourceLineNo">088</span><a id="line.88"></a>
<span class="sourceLineNo">089</span><a id="line.89"> void setSessionId(Serializable sessionId);</a>
<span class="sourceLineNo">090</span><a id="line.90"></a>
<span class="sourceLineNo">091</span><a id="line.91">}</a>
</pre>
</div>
</main>
</body>
</html>