Class UserFilter
- java.lang.Object
-
- All Implemented Interfaces:
Filter,Nameable,PathConfigProcessor
public class UserFilter extends AccessControlFilter
Filter that allows access to resources if the accessor is a known user, which is defined as having a known principal. This means that any user who is authenticated or remembered via a 'remember me' feature will be allowed access from this filter. If the accessor is not a known user, then they will be redirected to theloginUrl- Since:
- 0.9
-
-
Field Summary
-
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
-
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
-
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
-
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
-
-
Constructor Summary
Constructors Constructor Description UserFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected booleanisAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)Returnstrueif the request is aloginRequestor if the currentsubjectis notnull,falseotherwise.protected booleanonAccessDenied(ServletRequest request, ServletResponse response)This default implementation simply callssaveRequestAndRedirectToLoginand then immediately returnsfalse, thereby preventing the chain from continuing so the redirect may execute.-
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
-
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
-
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
-
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
-
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
-
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
-
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
-
-
-
-
Constructor Detail
-
UserFilter
public UserFilter()
-
-
Method Detail
-
isAccessAllowed
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
Returnstrueif the request is aloginRequestor if the currentsubjectis notnull,falseotherwise.- Specified by:
isAccessAllowedin classAccessControlFilter- Parameters:
request- the incomingServletRequestresponse- the outgoingServletResponsemappedValue- the filter-specific config value mapped to this filter in the URL rules mappings.- Returns:
trueif the request is aloginRequestor if the currentsubjectis notnull,falseotherwise.
-
onAccessDenied
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception
This default implementation simply callssaveRequestAndRedirectToLoginand then immediately returnsfalse, thereby preventing the chain from continuing so the redirect may execute.- Specified by:
onAccessDeniedin classAccessControlFilter- Parameters:
request- the incomingServletRequestresponse- the outgoingServletResponse- Returns:
trueif the request should continue to be processed; false if the subclass will handle/render the response directly.- Throws:
Exception- if there is an error processing the request.
-
-