tessl/maven-org-apache-shiro--shiro-web
Web support module for Apache Shiro providing servlet filters, session management, and web-specific authentication and authorization features
—
Pending
environment-config.mddocs/
Environment and Configuration
Core components for initializing and configuring Apache Shiro in web applications. These classes provide environment setup, filter configuration factories, and servlet integration for bootstrapping Shiro security in web containers.
Capabilities
Web Environment Management
The WebEnvironment interface and its implementations provide centralized management of Shiro components in web applications, including security managers, filter chains, and servlet context integration.
interface WebEnvironment extends Environment {
/**
* Returns the FilterChainResolver used to resolve filter chains for incoming requests.
*
* @return the FilterChainResolver instance
*/
FilterChainResolver getFilterChainResolver();
/**
* Returns the ServletContext associated with this web environment.
*
* @return the ServletContext instance
*/
ServletContext getServletContext();
/**
* Returns the WebSecurityManager instance for this environment.
*
* @return the WebSecurityManager instance
*/
WebSecurityManager getWebSecurityManager();
/**
* Returns the configuration for Shiro's filter, providing default implementation.
*
* @return the ShiroFilterConfiguration instance
*/
default ShiroFilterConfiguration getShiroFilterConfiguration() {
return new ShiroFilterConfiguration();
}
}class DefaultWebEnvironment extends DefaultEnvironment implements MutableWebEnvironment {
/**
* Creates a new DefaultWebEnvironment instance.
*/
public DefaultWebEnvironment();
/**
* Returns the ServletContext associated with this environment.
*
* @return the ServletContext instance
*/
public ServletContext getServletContext();
/**
* Sets the ServletContext for this environment.
*
* @param servletContext the ServletContext to set
*/
public void setServletContext(ServletContext servletContext);
/**
* Returns the WebSecurityManager for this environment.
*
* @return the WebSecurityManager instance
*/
public WebSecurityManager getWebSecurityManager();
/**
* Sets the WebSecurityManager for this environment.
*
* @param webSecurityManager the WebSecurityManager to set
*/
public void setWebSecurityManager(WebSecurityManager webSecurityManager);
}interface MutableWebEnvironment extends WebEnvironment {
/**
* Sets the FilterChainResolver for this environment.
*
* @param filterChainResolver the FilterChainResolver to set
*/
void setFilterChainResolver(FilterChainResolver filterChainResolver);
/**
* Sets the ServletContext for this environment.
*
* @param servletContext the ServletContext to set
*/
void setServletContext(ServletContext servletContext);
/**
* Sets the WebSecurityManager for this environment.
*
* @param webSecurityManager the WebSecurityManager to set
*/
void setWebSecurityManager(WebSecurityManager webSecurityManager);
}Environment Initialization
Classes for bootstrapping Shiro environments in web applications through servlet context management and lifecycle handling.
class EnvironmentLoader {
/** ServletContext attribute key for storing the WebEnvironment instance */
public static final String ENVIRONMENT_ATTRIBUTE_KEY = "shiroEnvironment";
/** ServletContext init parameter name for specifying custom environment class */
public static final String ENVIRONMENT_CLASS_PARAM = "shiroEnvironmentClass";
/** ServletContext init parameter name for specifying custom configuration locations */
public static final String CONFIG_LOCATIONS_PARAM = "shiroConfigLocations";
/**
* Initializes Shiro environment in the given ServletContext.
*
* @param servletContext the ServletContext to initialize
* @return the created WebEnvironment instance
*/
public WebEnvironment initEnvironment(ServletContext servletContext) throws IllegalStateException;
/**
* Destroys the Shiro environment in the given ServletContext.
*
* @param servletContext the ServletContext to clean up
*/
public void destroyEnvironment(ServletContext servletContext);
/**
* Hook for customizing the WebEnvironment after creation but before use.
*
* @param environment the WebEnvironment to customize
*/
protected void customizeEnvironment(WebEnvironment environment);
/**
* Creates a WebEnvironment instance based on ServletContext configuration.
*
* @param sc the ServletContext
* @return the created WebEnvironment instance
*/
protected WebEnvironment createEnvironment(ServletContext sc);
}class EnvironmentLoaderListener extends EnvironmentLoader implements ServletContextListener {
/**
* Initializes the Shiro environment when the web application starts.
*
* @param sce the ServletContextEvent
*/
public void contextInitialized(ServletContextEvent sce);
/**
* Destroys the Shiro environment when the web application shuts down.
*
* @param sce the ServletContextEvent
*/
public void contextDestroyed(ServletContextEvent sce);
}Resource-Based Environments
Environment implementations that load configuration from external resources like INI files or other configuration formats.
abstract class ResourceBasedWebEnvironment extends DefaultWebEnvironment {
/** Default configuration resource locations to search */
public static final String DEFAULT_WEB_INI_RESOURCE_PATH = "/WEB-INF/shiro.ini";
/**
* Creates a new ResourceBasedWebEnvironment.
*/
public ResourceBasedWebEnvironment();
/**
* Returns the configuration resource locations.
*
* @return array of resource location strings
*/
public String[] getConfigLocations();
/**
* Sets the configuration resource locations.
*
* @param configLocations array of resource location strings
*/
public void setConfigLocations(String[] configLocations);
/**
* Initializes the environment by loading configuration from resources.
*/
public void init();
/**
* Creates objects from the loaded configuration.
*
* @return a Map of created objects
*/
protected abstract Map<String, Object> getObjects();
}class IniWebEnvironment extends ResourceBasedWebEnvironment {
/** Default INI configuration resource path */
public static final String DEFAULT_WEB_INI_RESOURCE_PATH = "/WEB-INF/shiro.ini";
/**
* Creates a new IniWebEnvironment that loads configuration from INI resources.
*/
public IniWebEnvironment();
/**
* Returns the loaded INI configuration.
*
* @return the Ini instance
*/
public Ini getIni();
/**
* Sets the INI configuration.
*
* @param ini the Ini instance to set
*/
public void setIni(Ini ini);
/**
* Creates objects from the INI configuration.
*
* @return a Map of created objects from the INI
*/
protected Map<String, Object> getObjects();
}Configuration Factories
Factory classes for creating Shiro components from various configuration sources like INI files.
class IniFilterChainResolverFactory extends IniFactorySupport<FilterChainResolver> {
/**
* Creates a new IniFilterChainResolverFactory.
*/
public IniFilterChainResolverFactory();
/**
* Returns the FilterConfig used for filter initialization.
*
* @return the FilterConfig instance
*/
public FilterConfig getFilterConfig();
/**
* Sets the FilterConfig for filter initialization.
*
* @param filterConfig the FilterConfig to set
*/
public void setFilterConfig(FilterConfig filterConfig);
/**
* Returns the global filters applied to all chains.
*
* @return List of global filter names
*/
public List<String> getGlobalFilters();
/**
* Sets the global filters applied to all chains.
*
* @param globalFilters List of global filter names
*/
public void setGlobalFilters(List<String> globalFilters);
/**
* Creates a FilterChainResolver instance from the given INI configuration.
*
* @param ini the INI configuration
* @return the created FilterChainResolver
*/
protected FilterChainResolver createInstance(Ini ini);
/**
* Creates default filter instances for the resolver.
*
* @return Map of filter name to Filter instance
*/
protected Map<String, Filter> createDefaultFilterMap();
}@Deprecated
class WebIniSecurityManagerFactory extends IniSecurityManagerFactory {
/**
* Creates a new WebIniSecurityManagerFactory using default web INI resource.
*/
public WebIniSecurityManagerFactory();
/**
* Creates a new WebIniSecurityManagerFactory with the specified INI resource path.
*
* @param iniResourcePath the INI resource path
*/
public WebIniSecurityManagerFactory(String iniResourcePath);
/**
* Creates a new WebIniSecurityManagerFactory with the given INI instance.
*
* @param ini the INI instance
*/
public WebIniSecurityManagerFactory(Ini ini);
/**
* Creates a default SecurityManager instance suitable for web applications.
*
* @return DefaultWebSecurityManager instance
*/
protected SecurityManager createDefaultInstance();
}Filter Configuration
Configuration classes for Shiro's servlet filter behavior and processing options.
class ShiroFilterConfiguration {
/** Default value for filterOncePerRequest */
public static final boolean DEFAULT_FILTER_ONCE_PER_REQUEST = true;
/** Default value for staticSecurityManagerEnabled */
public static final boolean DEFAULT_STATIC_SECURITY_MANAGER_ENABLED = false;
/**
* Creates a new ShiroFilterConfiguration with default settings.
*/
public ShiroFilterConfiguration();
/**
* Returns whether the filter should execute only once per request.
*
* @return true if filter executes once per request
*/
public boolean isFilterOncePerRequest();
/**
* Sets whether the filter should execute only once per request.
*
* @param filterOncePerRequest true to execute once per request
*/
public void setFilterOncePerRequest(boolean filterOncePerRequest);
/**
* Returns whether static SecurityManager access is enabled.
*
* @return true if static SecurityManager is enabled
*/
public boolean isStaticSecurityManagerEnabled();
/**
* Sets whether static SecurityManager access is enabled.
*
* @param staticSecurityManagerEnabled true to enable static SecurityManager
*/
public void setStaticSecurityManagerEnabled(boolean staticSecurityManagerEnabled);
}Usage Examples
Basic Web Application Setup
// web.xml configuration
/*
<context-param>
<param-name>shiroConfigLocations</param-name>
<param-value>/WEB-INF/shiro.ini</param-value>
</context-param>
<listener>
<listener-class>
org.apache.shiro.web.env.EnvironmentLoaderListener
</listener-class>
</listener>
*/
// Programmatic environment setup
public class ShiroEnvironmentConfig {
public void initializeShiro(ServletContext servletContext) {
EnvironmentLoader loader = new EnvironmentLoader();
WebEnvironment environment = loader.initEnvironment(servletContext);
// Environment is now available in ServletContext
WebEnvironment env = (WebEnvironment) servletContext.getAttribute(
EnvironmentLoader.ENVIRONMENT_ATTRIBUTE_KEY);
}
}Custom Environment Configuration
public class CustomWebEnvironment extends DefaultWebEnvironment {
@Override
public void init() {
super.init();
// Custom initialization logic
DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
setWebSecurityManager(securityManager);
// Custom filter chain configuration
PathMatchingFilterChainResolver chainResolver = new PathMatchingFilterChainResolver();
setFilterChainResolver(chainResolver);
}
}
// Register custom environment class
/*
<context-param>
<param-name>shiroEnvironmentClass</param-name>
<param-value>com.example.CustomWebEnvironment</param-value>
</context-param>
*/INI-Based Configuration
// shiro.ini configuration file content example:
/*
[main]
# Configure security manager
securityManager = org.apache.shiro.web.mgt.DefaultWebSecurityManager
# Configure realm
myRealm = com.example.MyCustomRealm
securityManager.realms = $myRealm
# Configure session manager
sessionManager = org.apache.shiro.web.session.mgt.DefaultWebSessionManager
securityManager.sessionManager = $sessionManager
[urls]
/login = authc
/admin/** = authc, roles[admin]
/user/** = authc
/** = anon
*/
public void createFromIni() {
Ini ini = Ini.fromResourcePath("/WEB-INF/shiro.ini");
IniWebEnvironment environment = new IniWebEnvironment();
environment.setIni(ini);
environment.init();
}Install with Tessl CLI
npx tessl i tessl/maven-org-apache-shiro--shiro-web