1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 module hunt.shiro.mgt.SessionStorageEvaluator; 20 21 import hunt.shiro.subject.Subject; 22 23 /** 24 * Evaluates whether or not Shiro may use a {@code Subject}'s {@link hunt.shiro.session.Session Session} 25 * to persist that {@code Subject}'s internal state. 26 * <p/> 27 * It is a common Shiro implementation strategy to use a Subject's session to persist the Subject's identity and 28 * authentication state (e.g. after login) so that information does not need to be passed around for any further 29 * requests/invocations. This effectively allows a session id to be used for any request or invocation as the only 30 * 'pointer' that Shiro needs, and from that, Shiro can re-create the Subject instance based on the referenced Session. 31 * <p/> 32 * However, in purely stateless applications, such as some REST applications or those where every request is 33 * authenticated, it is usually not needed or desirable to use Sessions to store this state (since it is in 34 * fact re-created on every request). In these applications, sessions would never be used. 35 * <p/> 36 * This interface allows implementations to determine exactly when a Session might be used or not to store 37 * {@code Subject} state on a <em>per-Subject</em> basis. 38 * <p/> 39 * If you simply wish to enable or disable session usage at a global level for all {@code Subject}s, the 40 * {@link DefaultSessionStorageEvaluator} should be sufficient. Per-subject behavior should be performed in custom 41 * implementations of this interface. 42 * 43 * @see Subject#getSession() 44 * @see Subject#getSession(bool) 45 * @see DefaultSessionStorageEvaluator 46 */ 47 interface SessionStorageEvaluator { 48 49 /** 50 * Returns {@code true} if the specified {@code Subject}'s 51 * {@link hunt.shiro.subject.Subject#getSession() session} may be used to persist that Subject's 52 * state, {@code false} otherwise. 53 * 54 * @param subject the {@code Subject} for which session state persistence may be enabled 55 * @return {@code true} if the specified {@code Subject}'s 56 * {@link hunt.shiro.subject.Subject#getSession() session} may be used to persist that Subject's 57 * state, {@code false} otherwise. 58 * @see Subject#getSession() 59 * @see Subject#getSession(bool) 60 */ 61 bool isSessionStorageEnabled(Subject subject); 62 63 }