org.apache.shiro.mgt
Class DefaultSessionStorageEvaluator

java.lang.Object
  extended by org.apache.shiro.mgt.DefaultSessionStorageEvaluator
All Implemented Interfaces:
SessionStorageEvaluator
Direct Known Subclasses:
DefaultWebSessionStorageEvaluator

public class DefaultSessionStorageEvaluator
extends Object
implements SessionStorageEvaluator

A Default SessionStorageEvaluator that provides reasonable control over if and how Sessions may be used for storing Subject state. See the isSessionStorageEnabled(org.apache.shiro.subject.Subject) method for exact behavior.

Since:
1.2

Constructor Summary
DefaultSessionStorageEvaluator()
           
 
Method Summary
 boolean isSessionStorageEnabled()
          Returns true if any Subject's Session may be used to persist that Subject's state, false otherwise.
 boolean isSessionStorageEnabled(Subject subject)
          This implementation functions as follows: If the specified Subject already has an existing Session (typically because an application developer has called subject.getSession() already), Shiro will use that existing session to store subject state. If a Subject does not yet have a Session, this implementation checks the sessionStorageEnabled property: If sessionStorageEnabled is true (the default setting), a new session may be created to persist Subject state if necessary. If sessionStorageEnabled is false, a new session will not be created to persist session state. Most applications use Sessions and are OK with the default true setting for sessionStorageEnabled.
 void setSessionStorageEnabled(boolean sessionStorageEnabled)
          Sets if any Subject's Session may be used to persist that Subject's state.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultSessionStorageEvaluator

public DefaultSessionStorageEvaluator()
Method Detail

isSessionStorageEnabled

public boolean isSessionStorageEnabled(Subject subject)
This implementation functions as follows: Most applications use Sessions and are OK with the default true setting for sessionStorageEnabled.

However, if your application is a purely 100% stateless application that never uses sessions, you will want to set sessionStorageEnabled to false. Realize that a false value will ensure that any subject login only retains the authenticated identity for the duration of a request. Any other requests, invocations or messages will not be authenticated.

Specified by:
isSessionStorageEnabled in interface SessionStorageEvaluator
Parameters:
subject - the Subject for which session state persistence may be enabled
Returns:
the value of isSessionStorageEnabled() and ignores the Subject argument.
See Also:
Subject.getSession(), Subject.getSession(boolean)

isSessionStorageEnabled

public boolean isSessionStorageEnabled()
Returns true if any Subject's Session may be used to persist that Subject's state, false otherwise. The default value is true.

N.B. This is a global configuration setting; setting this value to false will disable sessions to persist Subject state for all Subjects that do not already have a Session. It should typically only be set to false for 100% stateless applications (e.g. when sessions aren't used or when remote clients authenticate on every request).

Returns:
true if any Subject's Session may be used to persist that Subject's state, false otherwise.

setSessionStorageEnabled

public void setSessionStorageEnabled(boolean sessionStorageEnabled)
Sets if any Subject's Session may be used to persist that Subject's state. The default value is true.

N.B. This is a global configuration setting; setting this value to false will disable sessions to persist Subject state for all Subjects that do not already have a Session. It should typically only be set to false for 100% stateless applications (e.g. when sessions aren't used or when remote clients authenticate on every request).

Parameters:
sessionStorageEnabled - if any Subject's Session may be used to persist that Subject's state.


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.