001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing,
013 * software distributed under the License is distributed on an
014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015 * KIND, either express or implied.  See the License for the
016 * specific language governing permissions and limitations
017 * under the License.
018 */
019package org.apache.shiro.mgt;
020
021import org.apache.shiro.subject.Subject;
022
023/**
024 * Evaluates whether or not Shiro may use a {@code Subject}'s {@link org.apache.shiro.session.Session Session}
025 * to persist that {@code Subject}'s internal state.
026 * <p/>
027 * It is a common Shiro implementation strategy to use a Subject's session to persist the Subject's identity and
028 * authentication state (e.g. after login) so that information does not need to be passed around for any further
029 * requests/invocations.  This effectively allows a session id to be used for any request or invocation as the only
030 * 'pointer' that Shiro needs, and from that, Shiro can re-create the Subject instance based on the referenced Session.
031 * <p/>
032 * However, in purely stateless applications, such as some REST applications or those where every request is
033 * authenticated, it is usually not needed or desirable to use Sessions to store this state (since it is in
034 * fact re-created on every request).  In these applications, sessions would never be used.
035 * <p/>
036 * This interface allows implementations to determine exactly when a Session might be used or not to store
037 * {@code Subject} state on a <em>per-Subject</em> basis.
038 * <p/>
039 * If you simply wish to enable or disable session usage at a global level for all {@code Subject}s, the
040 * {@link DefaultSessionStorageEvaluator} should be sufficient.  Per-subject behavior should be performed in custom
041 * implementations of this interface.
042 *
043 * @see Subject#getSession()
044 * @see Subject#getSession(boolean)
045 * @see DefaultSessionStorageEvaluator
046 * @since 1.2
047 */
048public interface SessionStorageEvaluator {
049
050    /**
051     * Returns {@code true} if the specified {@code Subject}'s
052     * {@link org.apache.shiro.subject.Subject#getSession() session} may be used to persist that Subject's
053     * state, {@code false} otherwise.
054     *
055     * @param subject the {@code Subject} for which session state persistence may be enabled
056     * @return {@code true} if the specified {@code Subject}'s
057     *         {@link org.apache.shiro.subject.Subject#getSession() session} may be used to persist that Subject's
058     *         state, {@code false} otherwise.
059     * @see Subject#getSession()
060     * @see Subject#getSession(boolean)
061     */
062    boolean isSessionStorageEnabled(Subject subject);
063
064}