View Javadoc

1   /*
2    * Copyright 2008 Les Hazlewood
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.apache.shiro.session.mgt;
17  
18  import java.io.Serializable;
19  
20  /**
21   * A {@code SessionKey} is a key that allows look-up of any particular {@link org.apache.shiro.session.Session Session}
22   * instance.  This is not to be confused what is probably better recognized as a session <em>attribute</em> key - a key
23   * that is used to acquire a session attribute via the
24   * {@link org.apache.shiro.session.Session#getAttribute(Object) Session.getAttribute} method.  A {@code SessionKey}
25   * looks up a Session object directly.
26   * <p/>
27   * While a {@code SessionKey} allows lookup of <em>any</em> Session that might exist, this is not something in practice
28   * done too often by most Shiro end-users.  Instead, it is usually more convenient to acquire the currently executing
29   * {@code Subject}'s session via the {@link org.apache.shiro.subject.Subject#getSession} method.  This interface and
30   * its usages are best suited for framework development.
31   *
32   * @since 1.0
33   */
34  public interface SessionKey {
35  
36      /**
37       * Returns the id of the session to acquire.
38       * <p/>
39       * Acquiring sessions by ID only is a suitable strategy when sessions are natively managed by Shiro directly.
40       * For example, the Servlet specification does not have an API that allows session acquisition by session ID, so
41       * the session ID alone is not sufficient for ServletContainer-based SessionManager implementations.
42       *
43       * @return the id of the session to acquire.
44       */
45      Serializable getSessionId();
46  }