org.apache.shiro.web.filter.authc
Class PassThruAuthenticationFilter
java.lang.Object
org.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.apache.shiro.web.filter.PathMatchingFilter
org.apache.shiro.web.filter.AccessControlFilter
org.apache.shiro.web.filter.authc.AuthenticationFilter
org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter
- All Implemented Interfaces:
- Filter, Nameable, PathConfigProcessor
public class PassThruAuthenticationFilter
- extends AuthenticationFilter
An authentication filter that redirects the user to the login page when they are trying to access
a protected resource. However, if the user is trying to access the login page, the filter lets
the request pass through to the application code.
The difference between this filter and the FormAuthenticationFilter
is that
on a login submission (by default an HTTP POST to the login URL), the FormAuthenticationFilter
filter
attempts to automatically authenticate the user by passing the username
and password
request parameter values to
Subject.login(usernamePasswordToken)
directly.
Conversely, this controller always passes all requests to the loginUrl
through, both GETs and
POSTs. This is useful in cases where the developer wants to write their own login behavior, which should include a
call to Subject.login(AuthenticationToken)
at some point. For example, if the developer has their own custom MVC login controller or validator,
this PassThruAuthenticationFilter
may be appropriate.
- Since:
- 0.9
- See Also:
FormAuthenticationFilter
PassThruAuthenticationFilter
public PassThruAuthenticationFilter()
onAccessDenied
protected boolean onAccessDenied(ServletRequest request,
ServletResponse response)
throws Exception
- Description copied from class:
AccessControlFilter
- Processes requests where the subject was denied access as determined by the
isAccessAllowed
method.
- Specified by:
onAccessDenied
in class AccessControlFilter
- Parameters:
request
- the incoming ServletRequest
response
- the outgoing ServletResponse
- Returns:
true
if the request should continue to be processed; false if the subclass will
handle/render the response directly.
- Throws:
Exception
- if there is an error processing the request.
Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.