001/* 002 * Licensed to the Apache Software Foundation (ASF) under one 003 * or more contributor license agreements. See the NOTICE file 004 * distributed with this work for additional information 005 * regarding copyright ownership. The ASF licenses this file 006 * to you under the Apache License, Version 2.0 (the 007 * "License"); you may not use this file except in compliance 008 * with the License. You may obtain a copy of the License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, 013 * software distributed under the License is distributed on an 014 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 015 * KIND, either express or implied. See the License for the 016 * specific language governing permissions and limitations 017 * under the License. 018 */ 019package org.apache.shiro.web.filter.authc; 020 021import org.apache.shiro.web.filter.PathMatchingFilter; 022 023import javax.servlet.ServletRequest; 024import javax.servlet.ServletResponse; 025 026/** 027 * Filter that allows access to a path immeidately without performing security checks of any kind. 028 * <p/> 029 * This filter is useful primarily in exclusionary policies, where you have defined a url pattern 030 * to require a certain security level, but maybe only subset of urls in that pattern should allow any access. 031 * <p/> 032 * For example, if you had a user-only section of a website, you might want to require that access to 033 * any url in that section must be from an authenticated user. 034 * <p/> 035 * Here is how that would look in the IniShiroFilter configuration: 036 * <p/> 037 * <code>[urls]<br/> 038 * /user/** = authc</code> 039 * <p/> 040 * But if you wanted <code>/user/signup/**</code> to be available to anyone, you have to exclude that path since 041 * it is a subset of the first. This is where the AnonymousFilter ('anon') is useful: 042 * <p/> 043 * <code>[urls]<br/> 044 * /user/signup/** = anon<br/> 045 * /user/** = authc</code>> 046 * <p/> 047 * Since the url pattern definitions follow a 'first match wins' paradigm, the <code>anon</code> filter will 048 * match the <code>/user/signup/**</code> paths and the <code>/user/**</code> path chain will not be evaluated. 049 * 050 * @since 0.9 051 */ 052public class AnonymousFilter extends PathMatchingFilter { 053 054 /** 055 * Always returns <code>true</code> allowing unchecked access to the underlying path or resource. 056 * 057 * @return <code>true</code> always, allowing unchecked access to the underlying path or resource. 058 */ 059 @Override 060 protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) { 061 // Always return true since we allow access to anyone 062 return true; 063 } 064 065}