org.apache.shiro.web.mgt
Class DefaultWebSessionStorageEvaluator
java.lang.Object
org.apache.shiro.mgt.DefaultSessionStorageEvaluator
org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator
- All Implemented Interfaces:
- SessionStorageEvaluator
public class DefaultWebSessionStorageEvaluator
- extends DefaultSessionStorageEvaluator
A web-specific SessionStorageEvaluator
that performs the same logic as the parent class
DefaultSessionStorageEvaluator
but additionally checks for a request-specific flag that may enable or
disable session access.
This implementation usually works in conjunction with the
NoSessionCreationFilter
: If the NoSessionCreationFilter
is configured in a filter chain, that filter will set a specific
ServletRequest
attribute
indicating that session creation
should be disabled.
This DefaultWebSessionStorageEvaluator
will then inspect this attribute, and if it has been set, will return
false
from isSessionStorageEnabled(org.apache.shiro.subject.Subject)
method, thereby preventing
Shiro from creating a session for the purpose of storing subject state.
If the request attribute has
not been set (i.e. the NoSessionCreationFilter
is not configured or has been disabled), this class does
nothing and delegates to the parent class for existing behavior.
- Since:
- 1.2
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
DefaultWebSessionStorageEvaluator
public DefaultWebSessionStorageEvaluator()
isSessionStorageEnabled
public boolean isSessionStorageEnabled(Subject subject)
- Returns
true
if session storage is generally available (as determined by the super class's global
configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled()
and no request-specific override has turned off
session storage, false
otherwise.
This means session storage is disabled if the DefaultSessionStorageEvaluator.isSessionStorageEnabled()
property is false
or if
a request attribute is discovered that turns off session storage for the current request.
- Specified by:
isSessionStorageEnabled
in interface SessionStorageEvaluator
- Overrides:
isSessionStorageEnabled
in class DefaultSessionStorageEvaluator
- Parameters:
subject
- the Subject
for which session state persistence may be enabled
- Returns:
true
if session storage is generally available (as determined by the super class's global
configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled()
and no request-specific override has turned off
session storage, false
otherwise.- See Also:
Subject.getSession()
,
Subject.getSession(boolean)
Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.