001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    package org.apache.shiro.mgt;
020    
021    import org.apache.shiro.subject.Subject;
022    
023    /**
024     * Evaluates whether or not Shiro may use a {@code Subject}'s {@link org.apache.shiro.session.Session Session}
025     * to persist that {@code Subject}'s internal state.
026     * <p/>
027     * It is a common Shiro implementation strategy to use a Subject's session to persist the Subject's identity and
028     * authentication state (e.g. after login) so that information does not need to be passed around for any further
029     * requests/invocations.  This effectively allows a session id to be used for any request or invocation as the only
030     * 'pointer' that Shiro needs, and from that, Shiro can re-create the Subject instance based on the referenced Session.
031     * <p/>
032     * However, in purely stateless applications, such as some REST applications or those where every request is
033     * authenticated, it is usually not needed or desirable to use Sessions to store this state (since it is in
034     * fact re-created on every request).  In these applications, sessions would never be used.
035     * <p/>
036     * This interface allows implementations to determine exactly when a Session might be used or not to store
037     * {@code Subject} state on a <em>per-Subject</em> basis.
038     * <p/>
039     * If you simply wish to enable or disable session usage at a global level for all {@code Subject}s, the
040     * {@link DefaultSessionStorageEvaluator} should be sufficient.  Per-subject behavior should be performed in custom
041     * implementations of this interface.
042     *
043     * @see Subject#getSession()
044     * @see Subject#getSession(boolean)
045     * @see DefaultSessionStorageEvaluator
046     * @since 1.2
047     */
048    public interface SessionStorageEvaluator {
049    
050        /**
051         * Returns {@code true} if the specified {@code Subject}'s
052         * {@link org.apache.shiro.subject.Subject#getSession() session} may be used to persist that Subject's
053         * state, {@code false} otherwise.
054         *
055         * @param subject the {@code Subject} for which session state persistence may be enabled
056         * @return {@code true} if the specified {@code Subject}'s
057         *         {@link org.apache.shiro.subject.Subject#getSession() session} may be used to persist that Subject's
058         *         state, {@code false} otherwise.
059         * @see Subject#getSession()
060         * @see Subject#getSession(boolean)
061         */
062        boolean isSessionStorageEnabled(Subject subject);
063    
064    }