Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.shiro.web.mgt
Class DefaultWebSessionStorageEvaluator

java.lang.Object
  extended by org.apache.shiro.mgt.DefaultSessionStorageEvaluator
      extended by org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator
All Implemented Interfaces:
SessionStorageEvaluator
public class DefaultWebSessionStorageEvaluator
extends DefaultSessionStorageEvaluator

A web-specific SessionStorageEvaluator that performs the same logic as the parent class DefaultSessionStorageEvaluator but additionally checks for a request-specific flag that may enable or disable session access.

This implementation usually works in conjunction with the NoSessionCreationFilter: If the NoSessionCreationFilter is configured in a filter chain, that filter will set a specific ServletRequest attribute indicating that session creation should be disabled.

This DefaultWebSessionStorageEvaluator will then inspect this attribute, and if it has been set, will return false from isSessionStorageEnabled(org.apache.shiro.subject.Subject) method, thereby preventing Shiro from creating a session for the purpose of storing subject state.

If the request attribute has not been set (i.e. the NoSessionCreationFilter is not configured or has been disabled), this class does nothing and delegates to the parent class for existing behavior.

Since:
1.2

Constructor Summary
DefaultWebSessionStorageEvaluator()
           
 
Method Summary
 boolean isSessionStorageEnabled(Subject subject)
          Returns true if session storage is generally available (as determined by the super class's global configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled() and no request-specific override has turned off session storage, false otherwise.
 
Methods inherited from class org.apache.shiro.mgt.DefaultSessionStorageEvaluator
isSessionStorageEnabled, setSessionStorageEnabled
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

DefaultWebSessionStorageEvaluator

public DefaultWebSessionStorageEvaluator()
Method Detail

isSessionStorageEnabled

public boolean isSessionStorageEnabled(Subject subject)
Returns true if session storage is generally available (as determined by the super class's global configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled() and no request-specific override has turned off session storage, false otherwise.

This means session storage is disabled if the DefaultSessionStorageEvaluator.isSessionStorageEnabled() property is false or if a request attribute is discovered that turns off session storage for the current request.

Specified by:
isSessionStorageEnabled in interface SessionStorageEvaluator
Overrides:
isSessionStorageEnabled in class DefaultSessionStorageEvaluator
Parameters:
subject - the Subject for which session state persistence may be enabled
Returns:
true if session storage is generally available (as determined by the super class's global configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled() and no request-specific override has turned off session storage, false otherwise.
See Also:
Subject.getSession(), Subject.getSession(boolean)
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.