Class DefaultWebSessionStorageEvaluator

java.lang.Object
org.apache.shiro.mgt.DefaultSessionStorageEvaluator
org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator
All Implemented Interfaces:
org.apache.shiro.mgt.SessionStorageEvaluator
public class DefaultWebSessionStorageEvaluator extends org.apache.shiro.mgt.DefaultSessionStorageEvaluator
A web-specific SessionStorageEvaluator that performs the same logic as the parent class DefaultSessionStorageEvaluator but additionally checks for a request-specific flag that may enable or disable session access.

This implementation usually works in conjunction with the NoSessionCreationFilter: If the NoSessionCreationFilter is configured in a filter chain, that filter will set a specific ServletRequest attribute indicating that session creation should be disabled.

This DefaultWebSessionStorageEvaluator will then inspect this attribute, and if it has been set, will return false from isSessionStorageEnabled(org.apache.shiro.subject.Subject) method, thereby preventing Shiro from creating a session for the purpose of storing subject state.

If the request attribute has not been set (i.e. the NoSessionCreationFilter is not configured or has been disabled), this class does nothing and delegates to the parent class for existing behavior.

Since:
1.2

  • Constructor Summary

    Constructors
    Constructor
    Description
    DefaultWebSessionStorageEvaluator()
     

  • Method Summary

    Modifier and Type
    Method
    Description
    boolean
    isSessionStorageEnabled(org.apache.shiro.subject.Subject subject)
    Returns true if session storage is generally available (as determined by the super class's global configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled() and no request-specific override has turned off session storage, false otherwise.

    Methods inherited from class org.apache.shiro.mgt.DefaultSessionStorageEvaluator

    isSessionStorageEnabled, setSessionStorageEnabled

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

  • Method Details

    • isSessionStorageEnabled

      public boolean isSessionStorageEnabled(org.apache.shiro.subject.Subject subject)
      Returns true if session storage is generally available (as determined by the super class's global configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled() and no request-specific override has turned off session storage, false otherwise.

      This means session storage is disabled if the DefaultSessionStorageEvaluator.isSessionStorageEnabled() property is false or if a request attribute is discovered that turns off session storage for the current request.

      Specified by:
      isSessionStorageEnabled in interface org.apache.shiro.mgt.SessionStorageEvaluator
      Overrides:
      isSessionStorageEnabled in class org.apache.shiro.mgt.DefaultSessionStorageEvaluator
      Parameters:
      subject - the Subject for which session state persistence may be enabled
      Returns:
      true if session storage is generally available (as determined by the super class's global configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled() and no request-specific override has turned off session storage, false otherwise.