View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.mgt;
20  
21  import org.apache.shiro.subject.Subject;
22  
23  /**
24   * Evaluates whether or not Shiro may use a {@code Subject}'s {@link org.apache.shiro.session.Session Session}
25   * to persist that {@code Subject}'s internal state.
26   * <p/>
27   * It is a common Shiro implementation strategy to use a Subject's session to persist the Subject's identity and
28   * authentication state (e.g. after login) so that information does not need to be passed around for any further
29   * requests/invocations.  This effectively allows a session id to be used for any request or invocation as the only
30   * 'pointer' that Shiro needs, and from that, Shiro can re-create the Subject instance based on the referenced Session.
31   * <p/>
32   * However, in purely stateless applications, such as some REST applications or those where every request is
33   * authenticated, it is usually not needed or desirable to use Sessions to store this state (since it is in
34   * fact re-created on every request).  In these applications, sessions would never be used.
35   * <p/>
36   * This interface allows implementations to determine exactly when a Session might be used or not to store
37   * {@code Subject} state on a <em>per-Subject</em> basis.
38   * <p/>
39   * If you simply wish to enable or disable session usage at a global level for all {@code Subject}s, the
40   * {@link DefaultSessionStorageEvaluator} should be sufficient.  Per-subject behavior should be performed in custom
41   * implementations of this interface.
42   *
43   * @see Subject#getSession()
44   * @see Subject#getSession(boolean)
45   * @see DefaultSessionStorageEvaluator
46   * @since 1.2
47   */
48  public interface SessionStorageEvaluator {
49  
50      /**
51       * Returns {@code true} if the specified {@code Subject}'s
52       * {@link org.apache.shiro.subject.Subject#getSession() session} may be used to persist that Subject's
53       * state, {@code false} otherwise.
54       *
55       * @param subject the {@code Subject} for which session state persistence may be enabled
56       * @return {@code true} if the specified {@code Subject}'s
57       *         {@link org.apache.shiro.subject.Subject#getSession() session} may be used to persist that Subject's
58       *         state, {@code false} otherwise.
59       * @see Subject#getSession()
60       * @see Subject#getSession(boolean)
61       */
62      boolean isSessionStorageEnabled(Subject subject);
63  
64  }