The session is the default storage location for Subject state. Other future or custom implementations could store it as a JWT inside a cookie for example, or on disk, etc. It's really there to control how subject state is persisted and allows you to specify your own mechanism if the Shiro defaults do not meet your needs.
HTH, -- Les On Wed, Sep 23, 2015 at 10:57 AM, Lenny Primak <[email protected]> wrote: > It is a facade to save your subject in the session. > Since Shiro can optionally implement it's own (not container) sessions, > SubjectDAO is used to front that session functionality. > > On Sep 23, 2015, at 1:55 PM, gembin wrote: > > > Hi, > > > > I'm new to Shiro and iI don't quite understand how SubjectDAO is used? > > > > The JavaDoc and the interface signature of SubjectDAO.java > > > > /A {@code SubjectDAO} is responsible for persisting a Subject instance's > > internal state such that the Subject instance can be recreated at a later > > time if necessary./ > > > > *Subject save(Subject subject); > > void delete(Subject subject);* > > > > I don't see how it can be recreated at a later time if necessary, since > > there is no way to get a Subject after > > persisted. The default the implementation is based on session, but how > the > > SecurityManager can use this interface if user provide a custom > SubjectDAO ? > > > > Thanks, > > Bin > > > > > > > > -- > > View this message in context: > http://shiro-user.582556.n2.nabble.com/What-s-the-purpose-of-SubjectDAO-tp7580784.html > > Sent from the Shiro User mailing list archive at Nabble.com. > > > >
