AuthenticatingFilter (Apache Shiro

java.lang.Object
- org.apache.shiro.web.servlet.ServletContextSupport
- - org.apache.shiro.web.servlet.AbstractFilter
  - - org.apache.shiro.web.servlet.NameableFilter
    - - org.apache.shiro.web.servlet.OncePerRequestFilter
      - org.apache.shiro.web.servlet.AdviceFilter
        
        org.apache.shiro.web.filter.PathMatchingFilter
        
        org.apache.shiro.web.filter.AccessControlFilter
        
        org.apache.shiro.web.filter.authc.AuthenticationFilter
        
        org.apache.shiro.web.filter.authc.AuthenticatingFilter

All Implemented Interfaces:

javax.servlet.Filter, org.apache.shiro.util.Nameable, PathConfigProcessor

Direct Known Subclasses:

BasicHttpAuthenticationFilter, FormAuthenticationFilter
```
public abstract class AuthenticatingFilter
extends AuthenticationFilter
```
An AuthenticationFilter that is capable of automatically performing an authentication attempt based on the incoming request.

Since:

0.9

Field Summary

Fields
Modifier and Type Field and Description

static String PERMISSIVE
- Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
  DEFAULT_SUCCESS_URL
- Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
  DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
- Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
  appliedPaths, pathMatcher
- Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
  ALREADY_FILTERED_SUFFIX
- Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
  filterConfig

Fields
Modifier and Type	Field and Description
`static String`	`PERMISSIVE`

Constructor Summary

Constructors
Constructor and Description

AuthenticatingFilter()

Constructors
Constructor and Description
`AuthenticatingFilter()`

Method Summary

All Methods Instance Methods Abstract Methods Concrete Methods
Modifier and Type	Method and Description
`protected void`	`cleanup(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Exception existing)` Overrides the default behavior to call `AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object)` and swallow the exception if the exception is `UnauthenticatedException`.
`protected abstract org.apache.shiro.authc.AuthenticationToken`	`createToken(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)`
`protected org.apache.shiro.authc.AuthenticationToken`	`createToken(String username, String password, boolean rememberMe, String host)`
`protected org.apache.shiro.authc.AuthenticationToken`	`createToken(String username, String password, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)`
`protected boolean`	`executeLogin(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)`
`protected String`	`getHost(javax.servlet.ServletRequest request)` Returns the host name or IP associated with the current subject.
`protected boolean`	`isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue)` Determines whether the current subject should be allowed to make the current request.
`protected boolean`	`isPermissive(Object mappedValue)` Returns `true` if the mappedValue contains the `PERMISSIVE` qualifier.
`protected boolean`	`isRememberMe(javax.servlet.ServletRequest request)` Returns `true` if "rememberMe" should be enabled for the login attempt associated with the current `request`, `false` otherwise.
`protected boolean`	`onLoginFailure(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.authc.AuthenticationException e, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)`
`protected boolean`	`onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.subject.Subject subject, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)`

Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
getSuccessUrl, issueSuccessRedirect, setSuccessUrl

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail
- PERMISSIVE
```
public static final String PERMISSIVE
```
  See Also:
  
  Constant Field Values

Constructor Detail
- AuthenticatingFilter
```
public AuthenticatingFilter()
```

Method Detail

executeLogin

protected boolean executeLogin(javax.servlet.ServletRequest request,
                               javax.servlet.ServletResponse response)
                        throws Exception

Throws:: Exception

createToken

protected abstract org.apache.shiro.authc.AuthenticationToken createToken(javax.servlet.ServletRequest request,
                                                                          javax.servlet.ServletResponse response)
                                                                   throws Exception

Throws:: Exception

createToken

protected org.apache.shiro.authc.AuthenticationToken createToken(String username,
                                                                 String password,
                                                                 javax.servlet.ServletRequest request,
                                                                 javax.servlet.ServletResponse response)

createToken

protected org.apache.shiro.authc.AuthenticationToken createToken(String username,
                                                                 String password,
                                                                 boolean rememberMe,
                                                                 String host)

onLoginSuccess

protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token,
                                 org.apache.shiro.subject.Subject subject,
                                 javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)
                          throws Exception

Throws:: Exception

onLoginFailure

protected boolean onLoginFailure(org.apache.shiro.authc.AuthenticationToken token,
                                 org.apache.shiro.authc.AuthenticationException e,
                                 javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)

getHost
```
protected String getHost(javax.servlet.ServletRequest request)
```
Returns the host name or IP associated with the current subject. This method is primarily provided for use during construction of an AuthenticationToken.
The default implementation merely returns ServletRequest.getRemoteHost().

Parameters:

request - the incoming ServletRequest

Returns:

the InetAddress to associate with the login attempt.

isRememberMe
```
protected boolean isRememberMe(javax.servlet.ServletRequest request)
```
Returns true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.
This implementation always returns false and is provided as a template hook to subclasses that support rememberMe logins and wish to determine rememberMe in a custom mannner based on the current request.

Parameters:

request - the incoming ServletRequest

Returns:

true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.

isAccessAllowed
```
protected boolean isAccessAllowed(javax.servlet.ServletRequest request,
                                  javax.servlet.ServletResponse response,
                                  Object mappedValue)
```
Determines whether the current subject should be allowed to make the current request.
The default implementation returns true if the user is authenticated. Will also return true if the AccessControlFilter.isLoginRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse) returns false and the "permissive" flag is set.

Overrides:

isAccessAllowed in class AuthenticationFilter

Parameters:

request - the incoming ServletRequest

response - the outgoing ServletResponse

mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.

Returns:

true if request should be allowed access

isPermissive
```
protected boolean isPermissive(Object mappedValue)
```
Returns true if the mappedValue contains the PERMISSIVE qualifier.

Returns:

true if this filter should be permissive

cleanup
```
protected void cleanup(javax.servlet.ServletRequest request,
                       javax.servlet.ServletResponse response,
                       Exception existing)
                throws javax.servlet.ServletException,
                       IOException
```
Overrides the default behavior to call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object) and swallow the exception if the exception is UnauthenticatedException.

Overrides:

cleanup in class AdviceFilter

Parameters:

request - the incoming ServletRequest

response - the outgoing ServletResponse

existing - any exception that might have occurred while executing the FilterChain or pre or post advice, or null if the pre/chain/post execution did not throw an Exception.

Throws:

javax.servlet.ServletException - if any exception other than an IOException is thrown.

IOException - if the pre/chain/post execution throw an IOException

Class AuthenticatingFilter

Field Summary

Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

Constructor Summary

Method Summary

Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

Methods inherited from class java.lang.Object

Field Detail

PERMISSIVE

Constructor Detail

AuthenticatingFilter

Method Detail

executeLogin

createToken

createToken

createToken

onLoginSuccess

onLoginFailure

getHost

isRememberMe

isAccessAllowed

isPermissive

cleanup