Package org.apache.shiro.web.mgt
Class DefaultWebSessionStorageEvaluator
- java.lang.Object
-
- org.apache.shiro.mgt.DefaultSessionStorageEvaluator
-
- org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator
-
- All Implemented Interfaces:
SessionStorageEvaluator
public class DefaultWebSessionStorageEvaluator extends DefaultSessionStorageEvaluator
A web-specificSessionStorageEvaluator
that performs the same logic as the parent classDefaultSessionStorageEvaluator
but additionally checks for a request-specific flag that may enable or disable session access. This implementation usually works in conjunction with theNoSessionCreationFilter
: If theNoSessionCreationFilter
is configured in a filter chain, that filter will set a specificServletRequest
attribute
indicating that session creation should be disabled. ThisDefaultWebSessionStorageEvaluator
will then inspect this attribute, and if it has been set, will returnfalse
fromisSessionStorageEnabled(org.apache.shiro.subject.Subject)
method, thereby preventing Shiro from creating a session for the purpose of storing subject state. If the request attribute has not been set (i.e. theNoSessionCreationFilter
is not configured or has been disabled), this class does nothing and delegates to the parent class for existing behavior.- Since:
- 1.2
-
-
Constructor Summary
Constructors Constructor Description DefaultWebSessionStorageEvaluator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
isSessionStorageEnabled(Subject subject)
Returnstrue
if session storage is generally available (as determined by the super class's global configuration propertyDefaultSessionStorageEvaluator.isSessionStorageEnabled()
and no request-specific override has turned off session storage,false
otherwise.-
Methods inherited from class org.apache.shiro.mgt.DefaultSessionStorageEvaluator
isSessionStorageEnabled, setSessionStorageEnabled
-
-
-
-
Constructor Detail
-
DefaultWebSessionStorageEvaluator
public DefaultWebSessionStorageEvaluator()
-
-
Method Detail
-
isSessionStorageEnabled
public boolean isSessionStorageEnabled(Subject subject)
Returnstrue
if session storage is generally available (as determined by the super class's global configuration propertyDefaultSessionStorageEvaluator.isSessionStorageEnabled()
and no request-specific override has turned off session storage,false
otherwise. This means session storage is disabled if theDefaultSessionStorageEvaluator.isSessionStorageEnabled()
property isfalse
or if a request attribute is discovered that turns off session storage for the current request.- Specified by:
isSessionStorageEnabled
in interfaceSessionStorageEvaluator
- Overrides:
isSessionStorageEnabled
in classDefaultSessionStorageEvaluator
- Parameters:
subject
- theSubject
for which session state persistence may be enabled- Returns:
true
if session storage is generally available (as determined by the super class's global configuration propertyDefaultSessionStorageEvaluator.isSessionStorageEnabled()
and no request-specific override has turned off session storage,false
otherwise.- See Also:
Subject.getSession()
,Subject.getSession(boolean)
-
-