org.apache.shiro.mgt.SessionStorageEvaluator.java Source code

Java tutorial

  1. HOME
  2. Java
  3. org.apache.shiro.mgt.SessionStorageEvaluator.java

Introduction

Here is the source code for org.apache.shiro.mgt.SessionStorageEvaluator.java

Source

/*
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements.  See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership.  The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License.  You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
package org.apache.shiro.mgt;

import org.apache.shiro.subject.Subject;

/**
 * Evaluates whether or not Shiro may use a {@code Subject}'s {@link org.apache.shiro.session.Session Session}
 * to persist that {@code Subject}'s internal state.
 * <p/>
 * It is a common Shiro implementation strategy to use a Subject's session to persist the Subject's identity and
 * authentication state (e.g. after login) so that information does not need to be passed around for any further
 * requests/invocations.  This effectively allows a session id to be used for any request or invocation as the only
 * 'pointer' that Shiro needs, and from that, Shiro can re-create the Subject instance based on the referenced Session.
 * <p/>
 * However, in purely stateless applications, such as some REST applications or those where every request is
 * authenticated, it is usually not needed or desirable to use Sessions to store this state (since it is in
 * fact re-created on every request).  In these applications, sessions would never be used.
 * <p/>
 * This interface allows implementations to determine exactly when a Session might be used or not to store
 * {@code Subject} state on a <em>per-Subject</em> basis.
 * <p/>
 * If you simply wish to enable or disable session usage at a global level for all {@code Subject}s, the
 * {@link DefaultSessionStorageEvaluator} should be sufficient.  Per-subject behavior should be performed in custom
 * implementations of this interface.
 *
 * @see Subject#getSession()
 * @see Subject#getSession(boolean)
 * @see DefaultSessionStorageEvaluator
 * @since 1.2
 */
public interface SessionStorageEvaluator {

    /**
     * Returns {@code true} if the specified {@code Subject}'s
     * {@link org.apache.shiro.subject.Subject#getSession() session} may be used to persist that Subject's
     * state, {@code false} otherwise.
     *
     * @param subject the {@code Subject} for which session state persistence may be enabled
     * @return {@code true} if the specified {@code Subject}'s
     *         {@link org.apache.shiro.subject.Subject#getSession() session} may be used to persist that Subject's
     *         state, {@code false} otherwise.
     * @see Subject#getSession()
     * @see Subject#getSession(boolean)
     */
    boolean isSessionStorageEnabled(Subject subject);

}