Package org.apache.shiro.session.mgt

Class DefaultSessionContext

org.apache.shiro.util.MapContext

org.apache.shiro.session.mgt.DefaultSessionContext

All Implemented Interfaces:

, <,>, SessionContext

public class DefaultSessionContext
extends MapContext
implements SessionContext

Default implementation of the SessionContext interface which provides getters and setters that wrap interaction with the underlying backing context map.

Since:

1.0

See Also:

Serialized Form

Nested Class Summary

Nested classes/interfaces inherited from interface java.util.

< extends , extends >

Constructor Summary

Constructors

Constructor	Description
DefaultSessionContext()
<,> map)

Method Summary

Modifier and Type	Method	Description
	getHost()	Returns the originating host name or IP address (as a String) from where the Subject is initiating the Session.
	getSessionId()
void	host)	Sets the originating host name or IP address (as a String) from where the Subject is initiating the Session.
void	sessionId)

Methods inherited from class org.apache.shiro.util.MapContext

clear, containsKey, containsValue, entrySet, get, getTypedValue, isEmpty, keySet, nullSafePut, put, putAll, remove, size, values

Methods inherited from class java.lang.

, , , , , , , , , ,

Methods inherited from interface java.util.

, , , , , , , , , , , , , , , , , , , , , , , ,

Constructor Detail

DefaultSessionContext

public DefaultSessionContext()

DefaultSessionContext

public DefaultSessionContext(<,> map)

Method Detail

getHost

public  getHost()

Description copied from interface: SessionContext

Returns the originating host name or IP address (as a String) from where the Subject is initiating the Session.

See the setHost(String) JavaDoc for more about security policies based on the Session host.

Specified by:

getHost in interface SessionContext

Returns:

the originating host name or IP address (as a String) from where the Subject is initiating the Session.

See Also:

setHost(String)

setHost

public void setHost( host)

Description copied from interface: SessionContext

Sets the originating host name or IP address (as a String) from where the Subject is initiating the Session.

In web-based systems, this host can be inferred from the incoming request, e.g. javax.servlet.ServletRequest#getRemoteAddr() or javax.servlet.ServletRequest#getRemoteHost() methods, or in socket-based systems, it can be obtained via inspecting the socket initiator's host IP.

Most secure environments should specify a valid, non-null host, since knowing the host allows for more flexibility when securing a system: by requiring an host, access control policies can also ensure access is restricted to specific client locations in addition to Subject principals, if so desired.

Caveat - if clients to your system are on a public network (as would be the case for a public web site), odds are high the clients can be behind a NAT (Network Address Translation) router or HTTP proxy server. If so, all clients accessing your system behind that router or proxy will have the same originating host. If your system is configured to allow only one session per host, then the next request from a different NAT or proxy client will fail and access will be denied for that client. Just be aware that host-based security policies are best utilized in LAN or private WAN environments when you can be ensure clients will not share IPs or be behind such NAT routers or proxy servers.

Specified by:

setHost in interface SessionContext

Parameters:

host - the originating host name or IP address (as a String) from where the Subject is initiating the Session.

getSessionId

public  getSessionId()

Specified by:

getSessionId in interface SessionContext

setSessionId

public void setSessionId( sessionId)

Specified by:

setSessionId in interface SessionContext