Package org.apache.shiro.web.filter.authz

Class SslFilter

java.lang.Object

org.apache.shiro.web.servlet.ServletContextSupport

org.apache.shiro.web.servlet.AbstractFilter

org.apache.shiro.web.servlet.NameableFilter

org.apache.shiro.web.servlet.OncePerRequestFilter

org.apache.shiro.web.servlet.AdviceFilter

org.apache.shiro.web.filter.PathMatchingFilter

org.apache.shiro.web.filter.AccessControlFilter

org.apache.shiro.web.filter.authz.AuthorizationFilter

org.apache.shiro.web.filter.authz.PortFilter

org.apache.shiro.web.filter.authz.SslFilter

All Implemented Interfaces:

Filter, Nameable, PathConfigProcessor

public class SslFilter
extends PortFilter

Filter which requires a request to be over SSL. Access is allowed if the request is received on the configured server port and the request.isSecure(). If either condition is false, the filter chain will not continue.

The port property defaults to 443 and also additionally guarantees that the request scheme is always 'https' (except for port 80, which retains the 'http' scheme).

Example config:

 [urls]
 /secure/path/** = ssl
 

Since:

1.0

Field Summary

Fields

Modifier and Type	Field	Description
static int	DEFAULT_HTTPS_PORT
static String	HTTPS_SCHEME

Fields inherited from class org.apache.shiro.web.filter.authz.PortFilter

DEFAULT_HTTP_PORT, HTTP_SCHEME

Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

appliedPaths, pathMatcher

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

filterConfig

Constructor Summary

Constructors

Constructor	Description
SslFilter()

Method Summary

Modifier and Type	Method	Description
protected String	getScheme(String requestScheme, int port)
protected boolean	isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)	Retains the parent method's port-matching behavior but additionally guarantees that the ServletRequest.isSecure().

Methods inherited from class org.apache.shiro.web.filter.authz.PortFilter

getPort, onAccessDenied, setPort, toPort

Methods inherited from class org.apache.shiro.web.filter.authz.AuthorizationFilter

getUnauthorizedUrl, onAccessDenied, setUnauthorizedUrl

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

getLoginUrl, getSubject, isLoginRequest, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DEFAULT_HTTPS_PORT

public static final int DEFAULT_HTTPS_PORT

See Also:

Constant Field Values

HTTPS_SCHEME

public static final String HTTPS_SCHEME

See Also:

Constant Field Values

Constructor Detail

SslFilter

public SslFilter()

Method Detail

getScheme

protected String getScheme(String requestScheme,
                           int port)

Overrides:

getScheme in class PortFilter

isAccessAllowed

protected boolean isAccessAllowed(ServletRequest request,
                                  ServletResponse response,
                                  Object mappedValue)
                           throws Exception

Retains the parent method's port-matching behavior but additionally guarantees that the ServletRequest.isSecure(). If the port does not match or the request is not secure, access is denied.

Overrides:

isAccessAllowed in class PortFilter

Parameters:

request - the incoming ServletRequest

response - the outgoing ServletResponse - ignored in this implementation

mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings - ignored by this implementation.

Returns:

true if the request is received on an expected SSL port and the request.isSecure(), false otherwise.

Throws:

Exception - if the call to super.isAccessAllowed throws an exception.

Since:

1.2