Package org.apache.shiro.mgt

Class DefaultSessionStorageEvaluator

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean isSessionStorageEnabled()
      Returns true if any Subject's Session may be used to persist that Subject's state, false otherwise.
      boolean isSessionStorageEnabled​(Subject subject)
      This implementation functions as follows: If the specified Subject already has an existing Session (typically because an application developer has called subject.getSession() already), Shiro will use that existing session to store subject state. If a Subject does not yet have a Session, this implementation checks the sessionStorageEnabled property: If sessionStorageEnabled is true (the default setting), a new session may be created to persist Subject state if necessary. If sessionStorageEnabled is false, a new session will not be created to persist session state. Most applications use Sessions and are OK with the default true setting for sessionStorageEnabled.
      void setSessionStorageEnabled​(boolean sessionStorageEnabled)
      Sets if any Subject's Session may be used to persist that Subject's state.

    • Constructor Detail

      • DefaultSessionStorageEvaluator

        public DefaultSessionStorageEvaluator()

    • Method Detail

      • isSessionStorageEnabled

        public boolean isSessionStorageEnabled​(Subject subject)
        This implementation functions as follows:
        • If the specified Subject already has an existing Session (typically because an application developer has called subject.getSession() already), Shiro will use that existing session to store subject state.
        • If a Subject does not yet have a Session, this implementation checks the sessionStorageEnabled property:
          • If sessionStorageEnabled is true (the default setting), a new session may be created to persist Subject state if necessary.
          • If sessionStorageEnabled is false, a new session will not be created to persist session state.
        Most applications use Sessions and are OK with the default true setting for sessionStorageEnabled.

        However, if your application is a purely 100% stateless application that never uses sessions, you will want to set sessionStorageEnabled to false. Realize that a false value will ensure that any subject login only retains the authenticated identity for the duration of a request. Any other requests, invocations or messages will not be authenticated.

        Specified by:
        isSessionStorageEnabled in interface SessionStorageEvaluator
        Parameters:
        subject - the Subject for which session state persistence may be enabled
        Returns:
        the value of isSessionStorageEnabled() and ignores the Subject argument.
        See Also:
        Subject.getSession(), Subject.getSession(boolean)

      • isSessionStorageEnabled

        public boolean isSessionStorageEnabled()
        Returns true if any Subject's Session may be used to persist that Subject's state, false otherwise. The default value is true.

        N.B. This is a global configuration setting; setting this value to false will disable sessions to persist Subject state for all Subjects that do not already have a Session. It should typically only be set to false for 100% stateless applications (e.g. when sessions aren't used or when remote clients authenticate on every request).

        Returns:
        true if any Subject's Session may be used to persist that Subject's state, false otherwise.

      • setSessionStorageEnabled

        public void setSessionStorageEnabled​(boolean sessionStorageEnabled)
        Sets if any Subject's Session may be used to persist that Subject's state. The default value is true.

        N.B. This is a global configuration setting; setting this value to false will disable sessions to persist Subject state for all Subjects that do not already have a Session. It should typically only be set to false for 100% stateless applications (e.g. when sessions aren't used or when remote clients authenticate on every request).

        Parameters:
        sessionStorageEnabled - if any Subject's Session may be used to persist that Subject's state.