The Shiro framework's default concrete implementation of the
SecurityManager interface,
based around a collection of
org.apache.shiro.realm.Realms. This implementation delegates its
authentication, authorization, and session operations to wrapped
Authenticator,
Authorizer, and
org.apache.shiro.session.mgt.SessionManager instances respectively via superclass
implementation.
To greatly reduce and simplify configuration, this implementation (and its superclasses) will
create suitable defaults for all of its required dependencies, except the required one or more
Realms. Because
Realm implementations usually interact with an application's data model,
they are almost always application specific; you will want to specify at least one custom
Realm implementation that 'knows' about your application's data/security model
(via
#setRealm or one of the overloaded constructors). All other attributes in this class hierarchy
will have suitable defaults for most enterprise applications.
RememberMe notice: This class supports the ability to configure a
#setRememberMeManagerfor
RememberMe identity services for login/logout, BUT, a default instance will not be created
for this attribute at startup.
Because RememberMe services are inherently client tier-specific and
therefore aplication-dependent, if you want
RememberMe services enabled, you will have to specify an
instance yourself via the
#setRememberMeManager(RememberMeManager)mutator. However if you're reading this JavaDoc with the
expectation of operating in a Web environment, take a look at the
org.apache.shiro.web.DefaultWebSecurityManager implementation, which
does support
RememberMe services by default at startup.