|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectorg.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.apache.shiro.web.filter.PathMatchingFilter
org.apache.shiro.web.filter.AccessControlFilter
public abstract class AccessControlFilter
Superclass for any filter that controls access to a resource and may redirect the user to the login page
if they are not authenticated. This superclass provides the method
saveRequestAndRedirectToLogin(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
which is used by many subclasses as the behavior when a user is unauthenticated.
Field Summary | |
---|---|
static String |
DEFAULT_LOGIN_URL
Simple default login URL equal to /login.jsp , which can be overridden by calling the
setLoginUrl method. |
static String |
GET_METHOD
Constant representing the HTTP 'GET' request method, equal to GET . |
static String |
POST_METHOD
Constant representing the HTTP 'POST' request method, equal to POST . |
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter |
---|
appliedPaths, pathMatcher |
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter |
---|
ALREADY_FILTERED_SUFFIX |
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter |
---|
filterConfig |
Constructor Summary | |
---|---|
AccessControlFilter()
|
Method Summary | |
---|---|
String |
getLoginUrl()
Returns the login URL used to authenticate a user. |
protected Subject |
getSubject(ServletRequest request,
ServletResponse response)
Convenience method that acquires the Subject associated with the request. |
protected abstract boolean |
isAccessAllowed(ServletRequest request,
ServletResponse response,
Object mappedValue)
Returns true if the request is allowed to proceed through the filter normally, or false
if the request should be handled by the
onAccessDenied(request,response,mappedValue)
method instead. |
protected boolean |
isLoginRequest(ServletRequest request,
ServletResponse response)
Returns true if the incoming request is a login request, false otherwise. |
protected abstract boolean |
onAccessDenied(ServletRequest request,
ServletResponse response)
Processes requests where the subject was denied access as determined by the isAccessAllowed
method. |
protected boolean |
onAccessDenied(ServletRequest request,
ServletResponse response,
Object mappedValue)
Processes requests where the subject was denied access as determined by the isAccessAllowed
method, retaining the mappedValue that was used during configuration. |
boolean |
onPreHandle(ServletRequest request,
ServletResponse response,
Object mappedValue)
Returns true if
isAccessAllowed(Request,Response,Object) ,
otherwise returns the result of
onAccessDenied(Request,Response,Object) . |
protected void |
redirectToLogin(ServletRequest request,
ServletResponse response)
Convenience method for subclasses that merely acquires the getLoginUrl and redirects
the request to that url. |
protected void |
saveRequest(ServletRequest request)
Convenience method merely delegates to WebUtils.saveRequest(request) to save the request
state for reuse later. |
protected void |
saveRequestAndRedirectToLogin(ServletRequest request,
ServletResponse response)
Convenience method for subclasses to use when a login redirect is required. |
void |
setLoginUrl(String loginUrl)
Sets the login URL used to authenticate a user. |
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter |
---|
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig |
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter |
---|
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle |
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter |
---|
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter |
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter |
---|
getName, setName, toStringBuilder |
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter |
---|
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig |
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport |
---|
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
public static final String DEFAULT_LOGIN_URL
/login.jsp
, which can be overridden by calling the
setLoginUrl
method.
public static final String GET_METHOD
GET
.
public static final String POST_METHOD
POST
.
Constructor Detail |
---|
public AccessControlFilter()
Method Detail |
---|
public String getLoginUrl()
DEFAULT_LOGIN_URL
is assumed, which can be overridden via
setLoginUrl
.
public void setLoginUrl(String loginUrl)
DEFAULT_LOGIN_URL
is assumed.
loginUrl
- the login URL used to authenticate a user, used when redirecting users if authentication is required.protected Subject getSubject(ServletRequest request, ServletResponse response)
SecurityUtils.getSubject()
.
request
- the incoming ServletRequest
response
- the outgoing ServletResponse
protected abstract boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception
true
if the request is allowed to proceed through the filter normally, or false
if the request should be handled by the
onAccessDenied(request,response,mappedValue)
method instead.
request
- the incoming ServletRequest
response
- the outgoing ServletResponse
mappedValue
- the filter-specific config value mapped to this filter in the URL rules mappings.
true
if the request should proceed through the filter normally, false
if the
request should be processed by this filter's
onAccessDenied(ServletRequest,ServletResponse,Object)
method instead.
Exception
- if an error occurs during processing.protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception
isAccessAllowed
method, retaining the mappedValue
that was used during configuration.
This method immediately delegates to onAccessDenied(ServletRequest,ServletResponse)
as a
convenience in that most post-denial behavior does not need the mapped config again.
request
- the incoming ServletRequest
response
- the outgoing ServletResponse
mappedValue
- the config specified for the filter in the matching request's filter chain.
true
if the request should continue to be processed; false if the subclass will
handle/render the response directly.
Exception
- if there is an error processing the request.protected abstract boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception
isAccessAllowed
method.
request
- the incoming ServletRequest
response
- the outgoing ServletResponse
true
if the request should continue to be processed; false if the subclass will
handle/render the response directly.
Exception
- if there is an error processing the request.public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception
true
if
isAccessAllowed(Request,Response,Object)
,
otherwise returns the result of
onAccessDenied(Request,Response,Object)
.
onPreHandle
in class PathMatchingFilter
request
- the incoming ServletRequestresponse
- the outgoing ServletResponsemappedValue
- the filter-specific config value mapped to this filter in the URL rules mappings.
true
if
isAccessAllowed
,
otherwise returns the result of
onAccessDenied
.
Exception
- if an error occurs.PathMatchingFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse, String, Object)
protected boolean isLoginRequest(ServletRequest request, ServletResponse response)
true
if the incoming request is a login request, false
otherwise.
The default implementation merely returns true
if the incoming request matches the configured
loginUrl
by calling
pathsMatch(loginUrl, request)
.
request
- the incoming ServletRequest
response
- the outgoing ServletResponse
true
if the incoming request is a login request, false
otherwise.protected void saveRequestAndRedirectToLogin(ServletRequest request, ServletResponse response) throws IOException
saveRequest(request)
and then redirectToLogin(request,response)
.
request
- the incoming ServletRequest
response
- the outgoing ServletResponse
IOException
- if an error occurs.protected void saveRequest(ServletRequest request)
WebUtils.saveRequest(request)
to save the request
state for reuse later. This is mostly used to retain user request state when a redirect is issued to
return the user to their originally requested url/resource.
If you need to save and then immediately redirect the user to login, consider using
saveRequestAndRedirectToLogin(request,response)
directly.
request
- the incoming ServletRequest to save for re-use later (for example, after a redirect).protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException
getLoginUrl
and redirects
the request to that url.
N.B. If you want to issue a redirect with the intention of allowing the user to then return to their
originally requested URL, don't use this method directly. Instead you should call
saveRequestAndRedirectToLogin(request,response)
, which will save the current request state so that it can
be reconstructed and re-used after a successful login.
request
- the incoming ServletRequest
response
- the outgoing ServletResponse
IOException
- if an error occurs.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |