Class DefaultSessionStorageEvaluator

java.lang.Object
org.apache.shiro.mgt.DefaultSessionStorageEvaluator
All Implemented Interfaces:
SessionStorageEvaluator
public class DefaultSessionStorageEvaluator extends Object implements SessionStorageEvaluator
A Default SessionStorageEvaluator that provides reasonable control over if and how Sessions may be used for storing Subject state. See the isSessionStorageEnabled(org.apache.shiro.subject.Subject) method for exact behavior.
Since:
1.2

  • Constructor Summary

    Constructors
    Constructor
    Description
    DefaultSessionStorageEvaluator()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    isSessionStorageEnabled()
    Returns true if any Subject's Session may be used to persist that Subject's state, false otherwise.
    boolean
    isSessionStorageEnabled(Subject subject)
    This implementation functions as follows: If the specified Subject already has an existing Session (typically because an application developer has called subject.getSession() already), Shiro will use that existing session to store subject state. If a Subject does not yet have a Session, this implementation checks the sessionStorageEnabled property: If sessionStorageEnabled is true (the default setting), a new session may be created to persist Subject state if necessary. If sessionStorageEnabled is false, a new session will not be created to persist session state. Most applications use Sessions and are OK with the default true setting for sessionStorageEnabled.
    void
    setSessionStorageEnabled(boolean sessionStorageEnabled)
    Sets if any Subject's Session may be used to persist that Subject's state.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

  • Method Details

    • isSessionStorageEnabled

      public boolean isSessionStorageEnabled(Subject subject)
      This implementation functions as follows:
      • If the specified Subject already has an existing Session (typically because an application developer has called subject.getSession() already), Shiro will use that existing session to store subject state.
      • If a Subject does not yet have a Session, this implementation checks the sessionStorageEnabled property:
        • If sessionStorageEnabled is true (the default setting), a new session may be created to persist Subject state if necessary.
        • If sessionStorageEnabled is false, a new session will not be created to persist session state.
      Most applications use Sessions and are OK with the default true setting for sessionStorageEnabled.

      However, if your application is a purely 100% stateless application that never uses sessions, you will want to set sessionStorageEnabled to false. Realize that a false value will ensure that any subject login only retains the authenticated identity for the duration of a request. Any other requests, invocations or messages will not be authenticated.

      Specified by:
      isSessionStorageEnabled in interface SessionStorageEvaluator
      Parameters:
      subject - the Subject for which session state persistence may be enabled
      Returns:
      the value of isSessionStorageEnabled() and ignores the Subject argument.
      See Also:

    • isSessionStorageEnabled

      public boolean isSessionStorageEnabled()
      Returns true if any Subject's Session may be used to persist that Subject's state, false otherwise. The default value is true.

      N.B. This is a global configuration setting; setting this value to false will disable sessions to persist Subject state for all Subjects that do not already have a Session. It should typically only be set to false for 100% stateless applications (e.g. when sessions aren't used or when remote clients authenticate on every request).

      Returns:
      true if any Subject's Session may be used to persist that Subject's state, false otherwise.

    • setSessionStorageEnabled

      public void setSessionStorageEnabled(boolean sessionStorageEnabled)
      Sets if any Subject's Session may be used to persist that Subject's state. The default value is true.

      N.B. This is a global configuration setting; setting this value to false will disable sessions to persist Subject state for all Subjects that do not already have a Session. It should typically only be set to false for 100% stateless applications (e.g. when sessions aren't used or when remote clients authenticate on every request).

      Parameters:
      sessionStorageEnabled - if any Subject's Session may be used to persist that Subject's state.