1 /*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19 package org.apache.shiro.web.filter.authc;
20
21 import org.apache.shiro.subject.Subject;
22 import org.apache.shiro.web.filter.AccessControlFilter;
23 import org.apache.shiro.web.util.WebUtils;
24
25 import javax.servlet.ServletRequest;
26 import javax.servlet.ServletResponse;
27
28 /**
29 * Base class for all Filters that require the current user to be authenticated. This class encapsulates the
30 * logic of checking whether a user is already authenticated in the system while subclasses are required to perform
31 * specific logic for unauthenticated requests.
32 *
33 * @since 0.9
34 */
35 public abstract class AuthenticationFilter extends AccessControlFilter {
36
37 //TODO - complete JavaDoc
38
39 public static final String DEFAULT_SUCCESS_URL = "/";
40
41 private String successUrl = DEFAULT_SUCCESS_URL;
42
43 /**
44 * Returns the success url to use as the default location a user is sent after logging in. Typically a redirect
45 * after login will redirect to the originally request URL; this property is provided mainly as a fallback in case
46 * the original request URL is not available or not specified.
47 * <p/>
48 * The default value is {@link #DEFAULT_SUCCESS_URL}.
49 *
50 * @return the success url to use as the default location a user is sent after logging in.
51 */
52 public String getSuccessUrl() {
53 return successUrl;
54 }
55
56 /**
57 * Sets the default/fallback success url to use as the default location a user is sent after logging in. Typically
58 * a redirect after login will redirect to the originally request URL; this property is provided mainly as a
59 * fallback in case the original request URL is not available or not specified.
60 * <p/>
61 * The default value is {@link #DEFAULT_SUCCESS_URL}.
62 *
63 * @param successUrl the success URL to redirect the user to after a successful login.
64 */
65 public void setSuccessUrl(String successUrl) {
66 this.successUrl = successUrl;
67 }
68
69
70 /**
71 * Determines whether the current subject is authenticated.
72 * <p/>
73 * The default implementation {@link #getSubject(javax.servlet.ServletRequest, javax.servlet.ServletResponse) acquires}
74 * the currently executing Subject and then returns
75 * {@link org.apache.shiro.subject.Subject#isAuthenticated() subject.isAuthenticated()};
76 *
77 * @return true if the subject is authenticated; false if the subject is unauthenticated
78 */
79 protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
80 Subject subject = getSubject(request, response);
81 return subject.isAuthenticated();
82 }
83
84 /**
85 * Redirects to user to the previously attempted URL after a successful login. This implementation simply calls
86 * <code>{@link org.apache.shiro.web.util.WebUtils WebUtils}.{@link WebUtils#redirectToSavedRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, String) redirectToSavedRequest}</code>
87 * using the {@link #getSuccessUrl() successUrl} as the {@code fallbackUrl} argument to that call.
88 *
89 * @param request the incoming request
90 * @param response the outgoing response
91 * @throws Exception if there is a problem redirecting.
92 */
93 protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws Exception {
94 WebUtils.redirectToSavedRequest(request, response, getSuccessUrl());
95 }
96
97 }