publicinterfaceWebSubjectextendsSubject, RequestPairSource {
ServletRequest getServletRequest();
ServletResponse getServletResponse();publicstaticclassBuilderextendsorg.apache.shiro.subject.Subject.Builder{publicBuilder(ServletRequest request, ServletResponse response){this(SecurityUtils.getSecurityManager(), request, response);}publicBuilder(SecurityManager securityManager, ServletRequest request, ServletResponse response){super(securityManager);if(request == null){thrownewIllegalArgumentException("ServletRequest argument cannot be null.");}elseif(response == null){thrownewIllegalArgumentException("ServletResponse argument cannot be null.");}else{this.setRequest(request);this.setResponse(response);}}//重写了Subject中的newSubjectContextInstance的方法,返回一个DefaultWebSubjectContext//该方法在父建造者会被调用 this.subjectContext = this.newSubjectContextInstance();//因此WebSubject维护的SubjectContext对象是DefaultWebSubjectContextprotected SubjectContext newSubjectContextInstance(){returnnewDefaultWebSubjectContext();}//WebSubject建造者在父类的基础上拓展了servletRequest属性的设置protected WebSubject.Builder setRequest(ServletRequest request){if(request != null){((WebSubjectContext)this.getSubjectContext()).setServletRequest(request);}returnthis;}//WebSubject建造者在父类的基础上拓展了servletResponse属性的设置protected WebSubject.Builder setResponse(ServletResponse response){if(response != null){((WebSubjectContext)this.getSubjectContext()).setServletResponse(response);}returnthis;}//调用父类的buildSubject方法构造Subject,并且校验Subject是不是WebSubjectpublic WebSubject buildWebSubject(){
Subject subject =super.buildSubject();if(!(subject instanceofWebSubject)){
String msg ="Subject implementation returned from the SecurityManager was not a "+ WebSubject.class.getName()+" implementation. Please ensure a Web-enabled SecurityManager has been configured and made available to this builder.";thrownewIllegalStateException(msg);}else{return(WebSubject)subject;}}}}