Class AuthenticatingFilter
- java.lang.Object
-
- All Implemented Interfaces:
Filter,Nameable,PathConfigProcessor
- Direct Known Subclasses:
BasicHttpAuthenticationFilter,BearerHttpAuthenticationFilter,CasFilter,FormAuthenticationFilter
public abstract class AuthenticatingFilter extends AuthenticationFilter
AnAuthenticationFilterthat is capable of automatically performing an authentication attempt based on the incoming request.- Since:
- 0.9
-
-
Field Summary
Fields Modifier and Type Field Description static StringPERMISSIVE-
Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
DEFAULT_SUCCESS_URL
-
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
-
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
-
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
-
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
-
-
Constructor Summary
Constructors Constructor Description AuthenticatingFilter()
-
Method Summary
All Methods Instance Methods Abstract Methods Concrete Methods Modifier and Type Method Description protected voidcleanup(ServletRequest request, ServletResponse response, Exception existing)Overrides the default behavior to callAccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object)and swallow the exception if the exception isUnauthenticatedException.protected AuthenticationTokencreateToken(String username, String password, boolean rememberMe, String host)protected AuthenticationTokencreateToken(String username, String password, ServletRequest request, ServletResponse response)protected abstract AuthenticationTokencreateToken(ServletRequest request, ServletResponse response)protected booleanexecuteLogin(ServletRequest request, ServletResponse response)protected StringgetHost(ServletRequest request)Returns the host name or IP associated with the current subject.protected booleanisAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)Determines whether the current subject should be allowed to make the current request.protected booleanisPermissive(Object mappedValue)Returnstrueif the mappedValue contains thePERMISSIVEqualifier.protected booleanisRememberMe(ServletRequest request)Returnstrueif "rememberMe" should be enabled for the login attempt associated with the currentrequest,falseotherwise.protected booleanonLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response)protected booleanonLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response)-
Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
getSuccessUrl, issueSuccessRedirect, setSuccessUrl
-
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
-
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
-
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, doFilterInternal, executeChain, postHandle
-
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
-
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
-
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
-
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
-
-
-
-
Field Detail
-
PERMISSIVE
public static final String PERMISSIVE
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
AuthenticatingFilter
public AuthenticatingFilter()
-
-
Method Detail
-
executeLogin
protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception
- Throws:
Exception
-
createToken
protected abstract AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception
- Throws:
Exception
-
createToken
protected AuthenticationToken createToken(String username, String password, ServletRequest request, ServletResponse response)
-
createToken
protected AuthenticationToken createToken(String username, String password, boolean rememberMe, String host)
-
onLoginSuccess
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response) throws Exception
- Throws:
Exception
-
onLoginFailure
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response)
-
getHost
protected String getHost(ServletRequest request)
Returns the host name or IP associated with the current subject. This method is primarily provided for use during construction of anAuthenticationToken. The default implementation merely returnsServletRequest.getRemoteHost().- Parameters:
request- the incoming ServletRequest- Returns:
- the
InetAddressto associate with the login attempt.
-
isRememberMe
protected boolean isRememberMe(ServletRequest request)
Returnstrueif "rememberMe" should be enabled for the login attempt associated with the currentrequest,falseotherwise. This implementation always returnsfalseand is provided as a template hook to subclasses that supportrememberMelogins and wish to determinerememberMein a custom mannner based on the currentrequest.- Parameters:
request- the incoming ServletRequest- Returns:
trueif "rememberMe" should be enabled for the login attempt associated with the currentrequest,falseotherwise.
-
isAccessAllowed
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
Determines whether the current subject should be allowed to make the current request. The default implementation returnstrueif the user is authenticated. Will also returntrueif theAccessControlFilter.isLoginRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse)returns false and the "permissive" flag is set.- Overrides:
isAccessAllowedin classAuthenticationFilter- Parameters:
request- the incomingServletRequestresponse- the outgoingServletResponsemappedValue- the filter-specific config value mapped to this filter in the URL rules mappings.- Returns:
trueif request should be allowed access
-
isPermissive
protected boolean isPermissive(Object mappedValue)
Returnstrueif the mappedValue contains thePERMISSIVEqualifier.- Returns:
trueif this filter should be permissive
-
cleanup
protected void cleanup(ServletRequest request, ServletResponse response, Exception existing) throws ServletException, IOException
Overrides the default behavior to callAccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object)and swallow the exception if the exception isUnauthenticatedException.- Overrides:
cleanupin classAdviceFilter- Parameters:
request- the incomingServletRequestresponse- the outgoingServletResponseexisting- any exception that might have occurred while executing theFilterChainor pre or post advice, ornullif the pre/chain/post execution did not throw anException.- Throws:
ServletException- if any exception other than anIOExceptionis thrown.IOException- if the pre/chain/post execution throw anIOException
-
-