Class AuthenticationFilter
- java.lang.Object
-
- org.apache.shiro.web.servlet.ServletContextSupport
-
- org.apache.shiro.web.servlet.AbstractFilter
-
- org.apache.shiro.web.servlet.NameableFilter
-
- org.apache.shiro.web.servlet.OncePerRequestFilter
-
- org.apache.shiro.web.servlet.AdviceFilter
-
- org.apache.shiro.web.filter.PathMatchingFilter
-
- org.apache.shiro.web.filter.AccessControlFilter
-
- org.apache.shiro.web.filter.authc.AuthenticationFilter
-
- All Implemented Interfaces:
Filter
,Nameable
,PathConfigProcessor
- Direct Known Subclasses:
AuthenticatingFilter
,PassThruAuthenticationFilter
public abstract class AuthenticationFilter extends AccessControlFilter
Base class for all Filters that require the current user to be authenticated. This class encapsulates the logic of checking whether a user is already authenticated in the system while subclasses are required to perform specific logic for unauthenticated requests.- Since:
- 0.9
-
-
Field Summary
Fields Modifier and Type Field Description static String
DEFAULT_SUCCESS_URL
-
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
-
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
-
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
-
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
-
-
Constructor Summary
Constructors Constructor Description AuthenticationFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description String
getSuccessUrl()
Returns the success url to use as the default location a user is sent after logging in.protected boolean
isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
Determines whether the current subject is authenticated.protected void
issueSuccessRedirect(ServletRequest request, ServletResponse response)
Redirects to user to the previously attempted URL after a successful login.void
setSuccessUrl(String successUrl)
Sets the default/fallback success url to use as the default location a user is sent after logging in.-
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
-
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
-
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
-
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
-
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
-
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
-
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
-
-
-
-
Field Detail
-
DEFAULT_SUCCESS_URL
public static final String DEFAULT_SUCCESS_URL
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
AuthenticationFilter
public AuthenticationFilter()
-
-
Method Detail
-
getSuccessUrl
public String getSuccessUrl()
Returns the success url to use as the default location a user is sent after logging in. Typically a redirect after login will redirect to the originally request URL; this property is provided mainly as a fallback in case the original request URL is not available or not specified. The default value isDEFAULT_SUCCESS_URL
.- Returns:
- the success url to use as the default location a user is sent after logging in.
-
setSuccessUrl
public void setSuccessUrl(String successUrl)
Sets the default/fallback success url to use as the default location a user is sent after logging in. Typically a redirect after login will redirect to the originally request URL; this property is provided mainly as a fallback in case the original request URL is not available or not specified. The default value isDEFAULT_SUCCESS_URL
.- Parameters:
successUrl
- the success URL to redirect the user to after a successful login.
-
isAccessAllowed
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
Determines whether the current subject is authenticated. The default implementationacquires
the currently executing Subject and then returnssubject.isAuthenticated()
;- Specified by:
isAccessAllowed
in classAccessControlFilter
- Parameters:
request
- the incomingServletRequest
response
- the outgoingServletResponse
mappedValue
- the filter-specific config value mapped to this filter in the URL rules mappings.- Returns:
- true if the subject is authenticated; false if the subject is unauthenticated
-
issueSuccessRedirect
protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws Exception
Redirects to user to the previously attempted URL after a successful login. This implementation simply calls
using theWebUtils
.redirectToSavedRequest
successUrl
as thefallbackUrl
argument to that call.- Parameters:
request
- the incoming requestresponse
- the outgoing response- Throws:
Exception
- if there is a problem redirecting.
-
-