1 /* 2 * Licensed to the Apache Software Foundation (ASF) under one 3 * or more contributor license agreements. See the NOTICE file 4 * distributed with this work for additional information 5 * regarding copyright ownership. The ASF licenses this file 6 * to you under the Apache License, Version 2.0 (the 7 * "License"); you may not use this file except in compliance 8 * with the License. You may obtain a copy of the License at 9 * 10 * http://www.apache.org/licenses/LICENSE-2.0 11 * 12 * Unless required by applicable law or agreed to in writing, 13 * software distributed under the License is distributed on an 14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 15 * KIND, either express or implied. See the License for the 16 * specific language governing permissions and limitations 17 * under the License. 18 */ 19 package org.apache.shiro.web.filter.authc; 20 21 import org.apache.shiro.web.filter.PathMatchingFilter; 22 23 import javax.servlet.ServletRequest; 24 import javax.servlet.ServletResponse; 25 26 /** 27 * Filter that allows access to a path immeidately without performing security checks of any kind. 28 * <p/> 29 * This filter is useful primarily in exclusionary policies, where you have defined a url pattern 30 * to require a certain security level, but maybe only subset of urls in that pattern should allow any access. 31 * <p/> 32 * For example, if you had a user-only section of a website, you might want to require that access to 33 * any url in that section must be from an authenticated user. 34 * <p/> 35 * Here is how that would look in the IniShiroFilter configuration: 36 * <p/> 37 * <code>[urls]<br/> 38 * /user/** = authc</code> 39 * <p/> 40 * But if you wanted <code>/user/signup/**</code> to be available to anyone, you have to exclude that path since 41 * it is a subset of the first. This is where the AnonymousFilter ('anon') is useful: 42 * <p/> 43 * <code>[urls]<br/> 44 * /user/signup/** = anon<br/> 45 * /user/** = authc</code>> 46 * <p/> 47 * Since the url pattern definitions follow a 'first match wins' paradigm, the <code>anon</code> filter will 48 * match the <code>/user/signup/**</code> paths and the <code>/user/**</code> path chain will not be evaluated. 49 * 50 * @since 0.9 51 */ 52 public class AnonymousFilter extends PathMatchingFilter { 53 54 /** 55 * Always returns <code>true</code> allowing unchecked access to the underlying path or resource. 56 * 57 * @return <code>true</code> always, allowing unchecked access to the underlying path or resource. 58 */ 59 @Override 60 protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) { 61 // Always return true since we allow access to anyone 62 return true; 63 } 64 65 }