Class PermissionsAuthorizationFilter
- java.lang.Object
-
- org.apache.shiro.web.servlet.ServletContextSupport
-
- org.apache.shiro.web.servlet.AbstractFilter
-
- org.apache.shiro.web.servlet.NameableFilter
-
- org.apache.shiro.web.servlet.OncePerRequestFilter
-
- org.apache.shiro.web.servlet.AdviceFilter
-
- org.apache.shiro.web.filter.PathMatchingFilter
-
- org.apache.shiro.web.filter.AccessControlFilter
-
- org.apache.shiro.web.filter.authz.AuthorizationFilter
-
- org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter
-
- All Implemented Interfaces:
Filter
,Nameable
,PathConfigProcessor
- Direct Known Subclasses:
HttpMethodPermissionFilter
public class PermissionsAuthorizationFilter extends AuthorizationFilter
Filter that allows access if the current user has the permissions specified by the mapped value, or denies access if the user does not have all of the permissions specified.- Since:
- 0.9
-
-
Field Summary
-
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
-
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
-
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
-
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
-
-
Constructor Summary
Constructors Constructor Description PermissionsAuthorizationFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
Returnstrue
if the request is allowed to proceed through the filter normally, orfalse
if the request should be handled by theonAccessDenied(request,response,mappedValue)
method instead.-
Methods inherited from class org.apache.shiro.web.filter.authz.AuthorizationFilter
getUnauthorizedUrl, onAccessDenied, setUnauthorizedUrl
-
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
-
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
-
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
-
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
-
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
-
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
-
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
-
-
-
-
Constructor Detail
-
PermissionsAuthorizationFilter
public PermissionsAuthorizationFilter()
-
-
Method Detail
-
isAccessAllowed
public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException
Description copied from class:AccessControlFilter
Returnstrue
if the request is allowed to proceed through the filter normally, orfalse
if the request should be handled by theonAccessDenied(request,response,mappedValue)
method instead.- Specified by:
isAccessAllowed
in classAccessControlFilter
- Parameters:
request
- the incomingServletRequest
response
- the outgoingServletResponse
mappedValue
- the filter-specific config value mapped to this filter in the URL rules mappings.- Returns:
true
if the request should proceed through the filter normally,false
if the request should be processed by this filter'sAccessControlFilter.onAccessDenied(ServletRequest,ServletResponse,Object)
method instead.- Throws:
IOException
-
-