core/src/main/java/org/apache/shiro/mgt/SecurityManager.java - shiro - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * "License"); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro.mgt;

 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.Authenticator;
 import org.apache.shiro.authz.Authorizer;
 import org.apache.shiro.session.mgt.SessionManager;
 import org.apache.shiro.subject.Subject;
 import org.apache.shiro.subject.SubjectContext;


 /**
  * A {@code SecurityManager} executes all security operations for <em>all</em> Subjects (aka users) across a
  * single application.
  * <p/>
  * The interface itself primarily exists as a convenience - it extends the {@link org.apache.shiro.authc.Authenticator},
  * {@link Authorizer}, and {@link SessionManager} interfaces, thereby consolidating
  * these behaviors into a single point of reference.  For most Shiro usages, this simplifies configuration and
  * tends to be a more convenient approach than referencing {@code Authenticator}, {@code Authorizer}, and
  * {@code SessionManager} instances separately;  instead one only needs to interact with a single
  * {@code SecurityManager} instance.
  * <p/>
  * In addition to the above three interfaces, this interface provides a number of methods supporting
  * {@link Subject} behavior. A {@link org.apache.shiro.subject.Subject Subject} executes
  * authentication, authorization, and session operations for a <em>single</em> user, and as such can only be
  * managed by {@code A SecurityManager} which is aware of all three functions.  The three parent interfaces on the
  * other hand do not 'know' about {@code Subject}s to ensure a clean separation of concerns.
  * <p/>
  * <b>Usage Note</b>: In actuality the large majority of application programmers won't interact with a SecurityManager
  * very often, if at all.  <em>Most</em> application programmers only care about security operations for the currently
  * executing user, usually attained by calling
  * {@link org.apache.shiro.SecurityUtils#getSubject() SecurityUtils.getSubject()}.
  * <p/>
  * Framework developers on the other hand might find working with an actual SecurityManager useful.
  *
  * @see org.apache.shiro.mgt.DefaultSecurityManager
  * @since 0.2
  */
 public interface SecurityManager extends Authenticator, Authorizer, SessionManager {

     /**
      * Logs in the specified Subject using the given {@code authenticationToken}, returning an updated Subject
      * instance reflecting the authenticated state if successful or throwing {@code AuthenticationException} if it is
      * not.
      * <p/>
      * Note that most application developers should probably not call this method directly unless they have a good
      * reason for doing so.  The preferred way to log in a Subject is to call
      * <code>subject.{@link org.apache.shiro.subject.Subject#login login(authenticationToken)}</code> (usually after
      * acquiring the Subject by calling {@link org.apache.shiro.SecurityUtils#getSubject() SecurityUtils.getSubject()}).
      * <p/>
      * Framework developers on the other hand might find calling this method directly useful in certain cases.
      *
      * @param subject             the subject against which the authentication attempt will occur
      * @param authenticationToken the token representing the Subject's principal(s) and credential(s)
      * @return the subject instance reflecting the authenticated state after a successful attempt
      * @throws AuthenticationException if the login attempt failed.
      * @since 1.0
      */
     Subject login(Subject subject, AuthenticationToken authenticationToken) throws AuthenticationException;

     /**
      * Logs out the specified Subject from the system.
      * <p/>
      * Note that most application developers should not call this method unless they have a good reason for doing
      * so.  The preferred way to logout a Subject is to call
      * <code>{@link org.apache.shiro.subject.Subject#logout Subject.logout()}</code>, not the
      * {@code SecurityManager} directly.
      * <p/>
      * Framework developers on the other hand might find calling this method directly useful in certain cases.
      *
      * @param subject the subject to log out.
      * @since 1.0
      */
     void logout(Subject subject);

     /**
      * Creates a {@code Subject} instance reflecting the specified contextual data.
      * <p/>
      * The context can be anything needed by this {@code SecurityManager} to construct a {@code Subject} instance.
      * Most Shiro end-users will never call this method - it exists primarily for
      * framework development and to support any underlying custom {@link SubjectFactory SubjectFactory} implementations
      * that may be used by the {@code SecurityManager}.
      * <h4>Usage</h4>
      * After calling this method, the returned instance is <em>not</em> bound to the application for further use.
      * Callers are expected to know that {@code Subject} instances have local scope only and any
      * other further use beyond the calling method must be managed explicitly.
      *
      * @param context any data needed to direct how the Subject should be constructed.
      * @return the {@code Subject} instance reflecting the specified initialization data.
      * @see SubjectFactory#createSubject(SubjectContext)
      * @see Subject.Builder
      * @since 1.0
      */
     Subject createSubject(SubjectContext context);

 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.shiro.mgt;

	import org.apache.shiro.authc.AuthenticationException;
	import org.apache.shiro.authc.AuthenticationToken;
	import org.apache.shiro.authc.Authenticator;
	import org.apache.shiro.authz.Authorizer;
	import org.apache.shiro.session.mgt.SessionManager;
	import org.apache.shiro.subject.Subject;
	import org.apache.shiro.subject.SubjectContext;


	/**
	* A {@code SecurityManager} executes all security operations for <em>all</em> Subjects (aka users) across a
	* single application.
	* <p/>
	* The interface itself primarily exists as a convenience - it extends the {@link org.apache.shiro.authc.Authenticator},
	* {@link Authorizer}, and {@link SessionManager} interfaces, thereby consolidating
	* these behaviors into a single point of reference. For most Shiro usages, this simplifies configuration and
	* tends to be a more convenient approach than referencing {@code Authenticator}, {@code Authorizer}, and
	* {@code SessionManager} instances separately; instead one only needs to interact with a single
	* {@code SecurityManager} instance.
	* <p/>
	* In addition to the above three interfaces, this interface provides a number of methods supporting
	* {@link Subject} behavior. A {@link org.apache.shiro.subject.Subject Subject} executes
	* authentication, authorization, and session operations for a <em>single</em> user, and as such can only be
	* managed by {@code A SecurityManager} which is aware of all three functions. The three parent interfaces on the
	* other hand do not 'know' about {@code Subject}s to ensure a clean separation of concerns.
	* <p/>
	* <b>Usage Note</b>: In actuality the large majority of application programmers won't interact with a SecurityManager
	* very often, if at all. <em>Most</em> application programmers only care about security operations for the currently
	* executing user, usually attained by calling
	* {@link org.apache.shiro.SecurityUtils#getSubject() SecurityUtils.getSubject()}.
	* <p/>
	* Framework developers on the other hand might find working with an actual SecurityManager useful.
	*
	* @see org.apache.shiro.mgt.DefaultSecurityManager
	* @since 0.2
	*/
	public interface SecurityManager extends Authenticator, Authorizer, SessionManager {

	/**
	* Logs in the specified Subject using the given {@code authenticationToken}, returning an updated Subject
	* instance reflecting the authenticated state if successful or throwing {@code AuthenticationException} if it is
	* not.
	* <p/>
	* Note that most application developers should probably not call this method directly unless they have a good
	* reason for doing so. The preferred way to log in a Subject is to call
	* <code>subject.{@link org.apache.shiro.subject.Subject#login login(authenticationToken)}</code> (usually after
	* acquiring the Subject by calling {@link org.apache.shiro.SecurityUtils#getSubject() SecurityUtils.getSubject()}).
	* <p/>
	* Framework developers on the other hand might find calling this method directly useful in certain cases.
	*
	* @param subject the subject against which the authentication attempt will occur
	* @param authenticationToken the token representing the Subject's principal(s) and credential(s)
	* @return the subject instance reflecting the authenticated state after a successful attempt
	* @throws AuthenticationException if the login attempt failed.
	* @since 1.0
	*/
	Subject login(Subject subject, AuthenticationToken authenticationToken) throws AuthenticationException;

	/**
	* Logs out the specified Subject from the system.
	* <p/>
	* Note that most application developers should not call this method unless they have a good reason for doing
	* so. The preferred way to logout a Subject is to call
	* <code>{@link org.apache.shiro.subject.Subject#logout Subject.logout()}</code>, not the
	* {@code SecurityManager} directly.
	* <p/>
	* Framework developers on the other hand might find calling this method directly useful in certain cases.
	*
	* @param subject the subject to log out.
	* @since 1.0
	*/
	void logout(Subject subject);

	/**
	* Creates a {@code Subject} instance reflecting the specified contextual data.
	* <p/>
	* The context can be anything needed by this {@code SecurityManager} to construct a {@code Subject} instance.
	* Most Shiro end-users will never call this method - it exists primarily for
	* framework development and to support any underlying custom {@link SubjectFactory SubjectFactory} implementations
	* that may be used by the {@code SecurityManager}.
	* <h4>Usage</h4>
	* After calling this method, the returned instance is <em>not</em> bound to the application for further use.
	* Callers are expected to know that {@code Subject} instances have local scope only and any
	* other further use beyond the calling method must be managed explicitly.
	*
	* @param context any data needed to direct how the Subject should be constructed.
	* @return the {@code Subject} instance reflecting the specified initialization data.
	* @see SubjectFactory#createSubject(SubjectContext)
	* @see Subject.Builder
	* @since 1.0
	*/
	Subject createSubject(SubjectContext context);

	}