or run

npx @tessl/cli init
Log in

Version

Tile

Overview

Evals

Files

Files

docs

authentication-filters.mdauthorization-filters.mdenvironment-config.mdfilter-chain-management.mdindex.mdjsp-tag-library.mdservlet-filters.mdsession-management.mdweb-security-management.mdweb-subjects.mdweb-utilities.md

web-subjects.mddocs/

0
# Web Subjects
1


2
Web-aware subject implementations providing access to servlet requests and responses in Apache Shiro web applications. These components extend Shiro's Subject interface with web-specific functionality and builder patterns for subject creation.
3


4
## Capabilities
5


6
### Web Subject Interface
7


8
```java { .api }
9
interface WebSubject extends Subject, RequestPairSource {
10
    /**
11
     * Returns the servlet request associated with this subject.
12
     *
13
     * @return the ServletRequest instance
14
     */
15
    ServletRequest getServletRequest();
16
    
17
    /**
18
     * Returns the servlet response associated with this subject.
19
     *
20
     * @return the ServletResponse instance
21
     */
22
    ServletResponse getServletResponse();
23
    
24
    /**
25
     * Builder class for creating WebSubject instances.
26
     */
27
    class Builder extends Subject.Builder {
28
        public Builder(SecurityManager securityManager, ServletRequest request, ServletResponse response);
29
        
30
        public Builder sessionId(Serializable sessionId);
31
        public Builder host(String host);
32
        public Builder session(Session session);
33
        public Builder principals(PrincipalCollection principals);
34
        public Builder authenticated(boolean authenticated);
35
        
36
        public WebSubject buildWebSubject();
37
    }
38
}
39
```
40


41
### Web Subject Context
42


43
```java { .api }
44
interface WebSubjectContext extends SubjectContext, RequestPairSource {
45
    ServletRequest getServletRequest();
46
    ServletResponse getServletResponse();
47
    void setServletRequest(ServletRequest request);
48
    void setServletResponse(ServletResponse response);
49
}
50
```
51


52
```java { .api }
53
class DefaultWebSubjectContext extends DefaultSubjectContext implements WebSubjectContext {
54
    public DefaultWebSubjectContext();
55
    
56
    public ServletRequest getServletRequest();
57
    public void setServletRequest(ServletRequest request);
58
    
59
    public ServletResponse getServletResponse();
60
    public void setServletResponse(ServletResponse response);
61
}
62
```
63


64
### Web Subject Implementation
65


66
```java { .api }
67
class WebDelegatingSubject extends DelegatingSubject implements WebSubject {
68
    public WebDelegatingSubject(PrincipalCollection principals, boolean authenticated, String host,
69
                               Session session, boolean sessionEnabled, ServletRequest request,
70
                               ServletResponse response, SecurityManager securityManager);
71
    
72
    public ServletRequest getServletRequest();
73
    public ServletResponse getServletResponse();
74
    
75
    protected Session decorate(Session session);
76
}
77
```
78


79
## Usage Examples
80


81
### Working with Web Subjects
82


83
```java
84
public void handleWebRequest(HttpServletRequest request, HttpServletResponse response) {
85
    WebSubject currentUser = (WebSubject) SecurityUtils.getSubject();
86
    
87
    // Access servlet request/response through WebSubject
88
    ServletRequest subjectRequest = currentUser.getServletRequest();
89
    ServletResponse subjectResponse = currentUser.getServletResponse();
90
    
91
    // Standard Subject operations
92
    if (currentUser.isAuthenticated()) {
93
        String userId = (String) currentUser.getPrincipal();
94
        // Handle authenticated user
95
    }
96
    
97
    // Web-specific operations
98
    HttpServletRequest httpRequest = (HttpServletRequest) subjectRequest;
99
    String userAgent = httpRequest.getHeader("User-Agent");
100
}
101
```