Class SslFilter
- java.lang.Object
-
- All Implemented Interfaces:
Filter
,Nameable
,PathConfigProcessor
public class SslFilter extends PortFilter
Filter which requires a request to be over SSL. Access is allowed if the request is received on the configured serverport
and therequest.
isSecure()
. If either condition isfalse
, the filter chain will not continue. Theport
property defaults to443
and also additionally guarantees that the request scheme is always 'https' (except for port 80, which retains the 'http' scheme). Example config:[urls] /secure/path/** = ssl
- Since:
- 1.0
-
-
Field Summary
Fields Modifier and Type Field Description static int
DEFAULT_HTTPS_PORT
static String
HTTPS_SCHEME
-
Fields inherited from class org.apache.shiro.web.filter.authz.PortFilter
DEFAULT_HTTP_PORT, HTTP_SCHEME
-
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
-
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
-
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
-
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
-
-
Constructor Summary
Constructors Constructor Description SslFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected String
getScheme(String requestScheme, int port)
protected boolean
isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
Retains the parent method's port-matching behavior but additionally guarantees that theServletRequest.
isSecure()
.-
Methods inherited from class org.apache.shiro.web.filter.authz.PortFilter
getPort, onAccessDenied, setPort, toPort
-
Methods inherited from class org.apache.shiro.web.filter.authz.AuthorizationFilter
getUnauthorizedUrl, onAccessDenied, setUnauthorizedUrl
-
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
-
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
-
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
-
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
-
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
-
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
-
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
-
-
-
-
Field Detail
-
DEFAULT_HTTPS_PORT
public static final int DEFAULT_HTTPS_PORT
- See Also:
- Constant Field Values
-
HTTPS_SCHEME
public static final String HTTPS_SCHEME
- See Also:
- Constant Field Values
-
-
Constructor Detail
-
SslFilter
public SslFilter()
-
-
Method Detail
-
getScheme
protected String getScheme(String requestScheme, int port)
- Overrides:
getScheme
in classPortFilter
-
isAccessAllowed
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception
Retains the parent method's port-matching behavior but additionally guarantees that theServletRequest.
isSecure()
. If the port does not match or the request is not secure, access is denied.- Overrides:
isAccessAllowed
in classPortFilter
- Parameters:
request
- the incomingServletRequest
response
- the outgoingServletResponse
- ignored in this implementationmappedValue
- the filter-specific config value mapped to this filter in the URL rules mappings - ignored by this implementation.- Returns:
true
if the request is received on an expected SSL port and therequest.
isSecure()
,false
otherwise.- Throws:
Exception
- if the call tosuper.isAccessAllowed
throws an exception.- Since:
- 1.2
-
-