Class UserFilter
- java.lang.Object
-
- All Implemented Interfaces:
Filter
,Nameable
,PathConfigProcessor
public class UserFilter extends AccessControlFilter
Filter that allows access to resources if the accessor is a known user, which is defined as having a known principal. This means that any user who is authenticated or remembered via a 'remember me' feature will be allowed access from this filter. If the accessor is not a known user, then they will be redirected to theloginUrl
- Since:
- 0.9
-
-
Field Summary
-
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
-
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
-
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
-
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
-
-
Constructor Summary
Constructors Constructor Description UserFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
Returnstrue
if the request is aloginRequest
or if the currentsubject
is notnull
,false
otherwise.protected boolean
onAccessDenied(ServletRequest request, ServletResponse response)
This default implementation simply callssaveRequestAndRedirectToLogin
and then immediately returnsfalse
, thereby preventing the chain from continuing so the redirect may execute.-
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
-
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
-
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
-
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
-
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
-
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
-
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
-
-
-
-
Constructor Detail
-
UserFilter
public UserFilter()
-
-
Method Detail
-
isAccessAllowed
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
Returnstrue
if the request is aloginRequest
or if the currentsubject
is notnull
,false
otherwise.- Specified by:
isAccessAllowed
in classAccessControlFilter
- Parameters:
request
- the incomingServletRequest
response
- the outgoingServletResponse
mappedValue
- the filter-specific config value mapped to this filter in the URL rules mappings.- Returns:
true
if the request is aloginRequest
or if the currentsubject
is notnull
,false
otherwise.
-
onAccessDenied
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception
This default implementation simply callssaveRequestAndRedirectToLogin
and then immediately returnsfalse
, thereby preventing the chain from continuing so the redirect may execute.- Specified by:
onAccessDenied
in classAccessControlFilter
- Parameters:
request
- the incomingServletRequest
response
- the outgoingServletResponse
- Returns:
true
if the request should continue to be processed; false if the subclass will handle/render the response directly.- Throws:
Exception
- if there is an error processing the request.
-
-