DefaultWebSessionStorageEvaluator

org.apache.shiro.web.mgt

Class DefaultWebSessionStorageEvaluator

java.lang.Object
- org.apache.shiro.mgt.DefaultSessionStorageEvaluator
- - org.apache.shiro.web.mgt.DefaultWebSessionStorageEvaluator

All Implemented Interfaces:

SessionStorageEvaluator
```
public class DefaultWebSessionStorageEvaluator
extends DefaultSessionStorageEvaluator
```
A web-specific SessionStorageEvaluator that performs the same logic as the parent class DefaultSessionStorageEvaluator but additionally checks for a request-specific flag that may enable or disable session access.
This implementation usually works in conjunction with the NoSessionCreationFilter: If the NoSessionCreationFilter is configured in a filter chain, that filter will set a specific ServletRequest attribute indicating that session creation should be disabled.
This DefaultWebSessionStorageEvaluator will then inspect this attribute, and if it has been set, will return false from isSessionStorageEnabled(org.apache.shiro.subject.Subject) method, thereby preventing Shiro from creating a session for the purpose of storing subject state.
If the request attribute has not been set (i.e. the NoSessionCreationFilter is not configured or has been disabled), this class does nothing and delegates to the parent class for existing behavior.

Since:

1.2

Constructor Summary

Constructors

Constructor and Description
`DefaultWebSessionStorageEvaluator()`

Method Summary

All Methods

Instance Methods

Concrete Methods
Modifier and Type	Method and Description
`boolean`	`isSessionStorageEnabled(Subject subject)` Returns `true` if session storage is generally available (as determined by the super class's global configuration property `DefaultSessionStorageEvaluator.isSessionStorageEnabled()` and no request-specific override has turned off session storage, `false` otherwise.

Methods inherited from class org.apache.shiro.mgt.DefaultSessionStorageEvaluator
isSessionStorageEnabled, setSessionStorageEnabled

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - DefaultWebSessionStorageEvaluator
```
public DefaultWebSessionStorageEvaluator()
```
- Method Detail
  - isSessionStorageEnabled
```
public boolean isSessionStorageEnabled(Subject subject)
```
    Returns true if session storage is generally available (as determined by the super class's global configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled() and no request-specific override has turned off session storage, false otherwise.
    This means session storage is disabled if the DefaultSessionStorageEvaluator.isSessionStorageEnabled() property is false or if a request attribute is discovered that turns off session storage for the current request.
    
    Specified by:
    
    isSessionStorageEnabled in interface SessionStorageEvaluator
    
    Overrides:
    
    isSessionStorageEnabled in class DefaultSessionStorageEvaluator
    
    Parameters:
    
    subject - the Subject for which session state persistence may be enabled
    
    Returns:
    
    true if session storage is generally available (as determined by the super class's global configuration property DefaultSessionStorageEvaluator.isSessionStorageEnabled() and no request-specific override has turned off session storage, false otherwise.