|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.apache.shiro.mgt.DefaultSubjectDAO
public class DefaultSubjectDAO
Default SubjectDAO
implementation that stores Subject state in the Subject's Session by default (but this
can be disabled - see below). The Subject instance
can be re-created at a later time by first acquiring the associated Session (typically from a
SessionManager
) via a session ID or session key and then
building a Subject
instance from Session
attributes.
Subject
's Session
is used or not to persist its own state is controlled on a
per-Subject basis as determined by the configured
sessionStorageEvaluator
.
The default Evaluator
is a DefaultSessionStorageEvaluator
, which supports enabling or disabling
session usage for Subject persistence at a global level for all subjects (and defaults to allowing sessions to be
used).
SessionStorageEvaluator
instance is a DefaultSessionStorageEvaluator
, you
can disable Session usage for Subject state entirely by configuring that instance directly, e.g.:
((DefaultSessionStorageEvaluator)sessionDAO.getSessionStorageEvaluator()).setSessionStorageEnabled(false);or, for example, in
shiro.ini
:
securityManager.subjectDAO.sessionStorageEvaluator.sessionStorageEnabled = falsebut note: ONLY do this your application is 100% stateless and you DO NOT need subjects to be remembered across remote invocations, or in a web environment across HTTP requests.
SessionStorageEvaluator
interface and configure it via the
setSessionStorageEvaluator(SessionStorageEvaluator)
method, or, with shiro.ini
:
myEvaluator = com.my.CustomSessionStorageEvaluator securityManager.subjectDAO.sessionStorageEvaluator = $myEvaluatorUnless overridden, the default evaluator is a
DefaultSessionStorageEvaluator
, which enables session usage for
Subject state by default.
isSessionStorageEnabled(org.apache.shiro.subject.Subject)
,
SessionStorageEvaluator
,
DefaultSessionStorageEvaluator
Constructor Summary | |
---|---|
DefaultSubjectDAO()
|
Method Summary | |
---|---|
void |
delete(Subject subject)
Removes any existing subject state from the subject's session (if the session exists). |
SessionStorageEvaluator |
getSessionStorageEvaluator()
Returns the SessionStorageEvaluator that will determine if a Subject 's state may be persisted in
the Subject's session. |
protected boolean |
isSessionStorageEnabled(Subject subject)
Determines if the subject's session will be used to persist subject state or not. |
protected void |
mergeAuthenticationState(Subject subject)
Merges the Subject's current authentication state with whatever may be in any available session. |
protected void |
mergePrincipals(Subject subject)
Merges the Subject's current Subject.getPrincipals() with whatever may be in
any available session. |
protected void |
removeFromSession(Subject subject)
Removes any existing subject state from the Subject's session (if the session exists). |
Subject |
save(Subject subject)
Saves the subject's state to the subject's session only
if sessionStorageEnabled(subject) . |
protected void |
saveToSession(Subject subject)
Saves the subject's state (it's principals and authentication state) to its session . |
void |
setSessionStorageEvaluator(SessionStorageEvaluator sessionStorageEvaluator)
Sets the SessionStorageEvaluator that will determine if a Subject 's state may be persisted in
the Subject's session. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Constructor Detail |
---|
public DefaultSubjectDAO()
Method Detail |
---|
protected boolean isSessionStorageEnabled(Subject subject)
SessionStorageEvaluator
(a
DefaultSessionStorageEvaluator
by default).
subject
- the subject to inspect to determine if the subject's session will be used to persist subject
state or not.
true
if the subject's session will be used to persist subject state, false
otherwise.setSessionStorageEvaluator(SessionStorageEvaluator)
,
DefaultSessionStorageEvaluator
public SessionStorageEvaluator getSessionStorageEvaluator()
SessionStorageEvaluator
that will determine if a Subject
's state may be persisted in
the Subject's session. The default instance is a DefaultSessionStorageEvaluator
.
SessionStorageEvaluator
that will determine if a Subject
's state may be persisted in
the Subject's session.DefaultSessionStorageEvaluator
public void setSessionStorageEvaluator(SessionStorageEvaluator sessionStorageEvaluator)
SessionStorageEvaluator
that will determine if a Subject
's state may be persisted in
the Subject's session. The default instance is a DefaultSessionStorageEvaluator
.
sessionStorageEvaluator
- the SessionStorageEvaluator
that will determine if a Subject
's
state may be persisted in the Subject's session.DefaultSessionStorageEvaluator
public Subject save(Subject subject)
session
only
if sessionStorageEnabled(subject)
. If session storage is not enabled
for the specific Subject
, this method does nothing.
In either case, the argument Subject
is returned directly (a new Subject instance is not created).
save
in interface SubjectDAO
subject
- the Subject instance for which its state will be created or updated.
Subject
passed in (a new Subject instance is not created).protected void saveToSession(Subject subject)
session
. The session can be retrieved at a later time
(typically from a SessionManager
to be used to recreate
the Subject
instance.
subject
- the subject for which state will be persisted to its session.protected void mergePrincipals(Subject subject)
Subject.getPrincipals()
with whatever may be in
any available session. Only updates the Subject's session if the session does not match the current principals
state.
subject
- the Subject for which principals will potentially be merged into the Subject's session.protected void mergeAuthenticationState(Subject subject)
subject
- the Subject for which principals will potentially be merged into the Subject's session.protected void removeFromSession(Subject subject)
subject
- the subject for which any existing subject state will be removed from its session.public void delete(Subject subject)
delete
in interface SubjectDAO
subject
- the Subject instance for which any persistent state should be deleted.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |