Class PassThruAuthenticationFilter
- java.lang.Object
-
- org.apache.shiro.web.servlet.ServletContextSupport
-
- org.apache.shiro.web.servlet.AbstractFilter
-
- org.apache.shiro.web.servlet.NameableFilter
-
- org.apache.shiro.web.servlet.OncePerRequestFilter
-
- org.apache.shiro.web.servlet.AdviceFilter
-
- org.apache.shiro.web.filter.PathMatchingFilter
-
- org.apache.shiro.web.filter.AccessControlFilter
-
- org.apache.shiro.web.filter.authc.AuthenticationFilter
-
- org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
-
- All Implemented Interfaces:
Filter
,Nameable
,PathConfigProcessor
public class PassThruAuthenticationFilter extends AuthenticationFilter
An authentication filter that redirects the user to the login page when they are trying to access a protected resource. However, if the user is trying to access the login page, the filter lets the request pass through to the application code. The difference between this filter and theFormAuthenticationFilter
is that on a login submission (by default an HTTP POST to the login URL), theFormAuthenticationFilter
filter attempts to automatically authenticate the user by passing theusername
andpassword
request parameter values toSubject.login(usernamePasswordToken)
directly. Conversely, this controller always passes all requests to theloginUrl
through, both GETs and POSTs. This is useful in cases where the developer wants to write their own login behavior, which should include a call toSubject.login(AuthenticationToken)
at some point. For example, if the developer has their own custom MVC login controller or validator, thisPassThruAuthenticationFilter
may be appropriate.- Since:
- 0.9
- See Also:
FormAuthenticationFilter
-
-
Field Summary
-
Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
DEFAULT_SUCCESS_URL
-
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
-
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
-
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
-
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
-
-
Constructor Summary
Constructors Constructor Description PassThruAuthenticationFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
onAccessDenied(ServletRequest request, ServletResponse response)
Processes requests where the subject was denied access as determined by theisAccessAllowed
method.-
Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
getSuccessUrl, isAccessAllowed, issueSuccessRedirect, setSuccessUrl
-
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
-
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
-
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
-
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
-
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
-
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
-
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
-
-
-
-
Constructor Detail
-
PassThruAuthenticationFilter
public PassThruAuthenticationFilter()
-
-
Method Detail
-
onAccessDenied
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception
Description copied from class:AccessControlFilter
Processes requests where the subject was denied access as determined by theisAccessAllowed
method.- Specified by:
onAccessDenied
in classAccessControlFilter
- Parameters:
request
- the incomingServletRequest
response
- the outgoingServletResponse
- Returns:
true
if the request should continue to be processed; false if the subclass will handle/render the response directly.- Throws:
Exception
- if there is an error processing the request.
-
-