/** * Saves the subject's state to the subject's {@link org.apache.shiro.subject.Subject#getSession() session} only * if {@link #isSessionStorageEnabled(Subject) sessionStorageEnabled(subject)}. If session storage is not enabled * for the specific {@code Subject}, this method does nothing. * <p/> * In either case, the argument {@code Subject} is returned directly (a new Subject instance is not created). * * @param subject the Subject instance for which its state will be created or updated. * @return the same {@code Subject} passed in (a new Subject instance is not created). */ public Subject save(Subject subject) { if (isSessionStorageEnabled(subject)) { saveToSession(subject); } else { log.trace("Session storage of subject state for Subject [{}] has been disabled: identity and " + "authentication state are expected to be initialized on every request or invocation.", subject); } return subject; }
@Override protected void saveToSession(final Subject subject) { boolean updatesDisabled = false; Session session = subject.getSession(false); if (session == null && !CollectionUtils.isEmpty(subject.getPrincipals())) { // Force the creation of the session here to get the id session = subject.getSession(); // Optimize the session creation path: the default saveToSession implementation // will call setAttribute() several times in a row, causing unnecessary DAO UPDATE queries updatesDisabled = disableUpdatesForSession(subject, session); } super.saveToSession(subject); if (updatesDisabled) { enableUpdatesForSession(subject, session); } }
/** * Saves the subject's state to the subject's {@link org.apache.shiro.subject.Subject#getSession() session} only * if {@link #isSessionStorageEnabled(Subject) sessionStorageEnabled(subject)}. If session storage is not enabled * for the specific {@code Subject}, this method does nothing. * <p/> * In either case, the argument {@code Subject} is returned directly (a new Subject instance is not created). * * @param subject the Subject instance for which its state will be created or updated. * @return the same {@code Subject} passed in (a new Subject instance is not created). */ public Subject save(Subject subject) { if (isSessionStorageEnabled(subject)) { saveToSession(subject); } else { log.trace("Session storage of subject state for Subject [{}] has been disabled: identity and " + "authentication state are expected to be initialized on every request or invocation.", subject); } return subject; }
@Override protected void saveToSession(final Subject subject) { boolean updatesDisabled = false; Session session = subject.getSession(false); if (session == null && !CollectionUtils.isEmpty(subject.getPrincipals())) { // Force the creation of the session here to get the id session = subject.getSession(); // Optimize the session creation path: the default saveToSession implementation // will call setAttribute() several times in a row, causing unnecessary DAO UPDATE queries updatesDisabled = disableUpdatesForSession(subject, session); } super.saveToSession(subject); if (updatesDisabled) { enableUpdatesForSession(subject, session); } }