Classes in this File | Line Coverage | Branch Coverage | Complexity | ||||
PassThruAuthenticationFilter |
|
| 3.0;3 |
1 | /* | |
2 | * Licensed to the Apache Software Foundation (ASF) under one | |
3 | * or more contributor license agreements. See the NOTICE file | |
4 | * distributed with this work for additional information | |
5 | * regarding copyright ownership. The ASF licenses this file | |
6 | * to you under the Apache License, Version 2.0 (the | |
7 | * "License"); you may not use this file except in compliance | |
8 | * with the License. You may obtain a copy of the License at | |
9 | * | |
10 | * http://www.apache.org/licenses/LICENSE-2.0 | |
11 | * | |
12 | * Unless required by applicable law or agreed to in writing, | |
13 | * software distributed under the License is distributed on an | |
14 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | |
15 | * KIND, either express or implied. See the License for the | |
16 | * specific language governing permissions and limitations | |
17 | * under the License. | |
18 | */ | |
19 | package org.apache.shiro.web.filter.authc; | |
20 | ||
21 | import javax.servlet.ServletRequest; | |
22 | import javax.servlet.ServletResponse; | |
23 | ||
24 | /** | |
25 | * An authentication filter that redirects the user to the login page when they are trying to access | |
26 | * a protected resource. However, if the user is trying to access the login page, the filter lets | |
27 | * the request pass through to the application code. | |
28 | * <p/> | |
29 | * The difference between this filter and the {@link FormAuthenticationFilter FormAuthenticationFilter} is that | |
30 | * on a login submission (by default an HTTP POST to the login URL), the <code>FormAuthenticationFilter</code> filter | |
31 | * attempts to automatically authenticate the user by passing the <code>username</code> and <code>password</code> | |
32 | * request parameter values to | |
33 | * {@link org.apache.shiro.subject.Subject#login(org.apache.shiro.authc.AuthenticationToken) Subject.login(usernamePasswordToken)} | |
34 | * directly. | |
35 | * <p/> | |
36 | * Conversely, this controller always passes all requests to the {@link #setLoginUrl loginUrl} through, both GETs and | |
37 | * POSTs. This is useful in cases where the developer wants to write their own login behavior, which should include a | |
38 | * call to {@link org.apache.shiro.subject.Subject#login(org.apache.shiro.authc.AuthenticationToken) Subject.login(AuthenticationToken)} | |
39 | * at some point. For example, if the developer has their own custom MVC login controller or validator, | |
40 | * this <code>PassThruAuthenticationFilter</code> may be appropriate. | |
41 | * | |
42 | * @see FormAuthenticationFilter | |
43 | * @since 0.9 | |
44 | */ | |
45 | 0 | public class PassThruAuthenticationFilter extends AuthenticationFilter { |
46 | ||
47 | //TODO - complete JavaDoc | |
48 | ||
49 | protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { | |
50 | 0 | if (isLoginRequest(request, response)) { |
51 | 0 | return true; |
52 | } else { | |
53 | 0 | saveRequestAndRedirectToLogin(request, response); |
54 | 0 | return false; |
55 | } | |
56 | } | |
57 | ||
58 | } |