UserFilter (Apache Shiro :: Web 1.1.0 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.shiro.web.filter.authc
Class UserFilter

java.lang.Object
  org.apache.shiro.web.servlet.ServletContextSupport
      org.apache.shiro.web.servlet.AbstractFilter
          org.apache.shiro.web.servlet.NameableFilter
              org.apache.shiro.web.servlet.OncePerRequestFilter
                  org.apache.shiro.web.servlet.AdviceFilter
                      org.apache.shiro.web.filter.PathMatchingFilter
                          org.apache.shiro.web.filter.AccessControlFilter
                              org.apache.shiro.web.filter.authc.UserFilter

All Implemented Interfaces:: Filter, Nameable, PathConfigProcessor

public class UserFilter
extends AccessControlFilter
extends AccessControlFilter

Filter that allows access to resources if the accessor is a known user, which is defined as having a known principal. This means that any user who is authenticated or remembered via a 'remember me' feature will be allowed access from this filter.

If the accessor is not a known user, then they will be redirected to the loginUrl

Since:: 0.9

Field Summary

Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
`DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD`

Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
`appliedPaths, pathMatcher`

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
`ALREADY_FILTERED_SUFFIX`

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
`filterConfig`

Constructor Summary
`UserFilter()`

Method Summary
`protected boolean`	`isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)` Returns `true` if the request is a `loginRequest` or if the current `subject` is not `null`, `false` otherwise.
`protected boolean`	`onAccessDenied(ServletRequest request, ServletResponse response)` This default implementation simply calls `saveRequestAndRedirectToLogin` and then immediately returns `false`, thereby preventing the chain from continuing so the redirect may execute.

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
`getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl`

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
`getPathWithinApplication, pathsMatch, pathsMatch, preHandle, processPathConfig`

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
`afterCompletion, cleanup, doFilterInternal, executeChain, postHandle`

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
`doFilter, getAlreadyFilteredAttributeName, shouldNotFilter`

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
`getName, setName, toStringBuilder`

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
`destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig`

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
`getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Constructor Detail

UserFilter

public UserFilter()

Method Detail

isAccessAllowed

protected boolean isAccessAllowed(ServletRequest request,
                                  ServletResponse response,
                                  Object mappedValue)

Returns true if the request is a loginRequest or if the current subject is not null, false otherwise.

Specified by:: isAccessAllowed in class AccessControlFilter

Parameters:: request - the incoming ServletRequest; response - the outgoing ServletResponse; mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
Returns:: true if the request is a loginRequest or if the current subject is not null, false otherwise.

onAccessDenied

protected boolean onAccessDenied(ServletRequest request,
                                 ServletResponse response)
                          throws Exception

This default implementation simply calls saveRequestAndRedirectToLogin and then immediately returns false, thereby preventing the chain from continuing so the redirect may execute.

Specified by:: onAccessDenied in class AccessControlFilter

Parameters:: request - the incoming ServletRequest; response - the outgoing ServletResponse
Returns:: true if the request should continue to be processed; false if the subclass will handle/render the response directly.
Throws:: Exception - if there is an error processing the request.