public abstract class AccessControlFilter extends PathMatchingFilter
saveRequestAndRedirectToLogin(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
which is used by many subclasses as the behavior when a user is unauthenticated.Modifier and Type | Field and Description |
---|---|
static String |
DEFAULT_LOGIN_URL
Simple default login URL equal to
/login.jsp , which can be overridden by calling the
setLoginUrl method. |
static String |
GET_METHOD
Constant representing the HTTP 'GET' request method, equal to
GET . |
static String |
POST_METHOD
Constant representing the HTTP 'POST' request method, equal to
POST . |
appliedPaths, pathMatcher
ALREADY_FILTERED_SUFFIX
filterConfig
Constructor and Description |
---|
AccessControlFilter() |
Modifier and Type | Method and Description |
---|---|
String |
getLoginUrl()
Returns the login URL used to authenticate a user.
|
protected Subject |
getSubject(ServletRequest request,
ServletResponse response)
Convenience method that acquires the Subject associated with the request.
|
protected abstract boolean |
isAccessAllowed(ServletRequest request,
ServletResponse response,
Object mappedValue)
Returns
true if the request is allowed to proceed through the filter normally, or false
if the request should be handled by the
onAccessDenied(request,response,mappedValue)
method instead. |
protected boolean |
isLoginRequest(ServletRequest request,
ServletResponse response)
Returns
true if the incoming request is a login request, false otherwise. |
protected abstract boolean |
onAccessDenied(ServletRequest request,
ServletResponse response)
Processes requests where the subject was denied access as determined by the
isAccessAllowed
method. |
protected boolean |
onAccessDenied(ServletRequest request,
ServletResponse response,
Object mappedValue)
Processes requests where the subject was denied access as determined by the
isAccessAllowed
method, retaining the mappedValue that was used during configuration. |
boolean |
onPreHandle(ServletRequest request,
ServletResponse response,
Object mappedValue)
Returns
true if
isAccessAllowed(Request,Response,Object) ,
otherwise returns the result of
onAccessDenied(Request,Response,Object) . |
protected void |
redirectToLogin(ServletRequest request,
ServletResponse response)
Convenience method for subclasses that merely acquires the
getLoginUrl and redirects
the request to that url. |
protected void |
saveRequest(ServletRequest request)
Convenience method merely delegates to
WebUtils.saveRequest(request) to save the request
state for reuse later. |
protected void |
saveRequestAndRedirectToLogin(ServletRequest request,
ServletResponse response)
Convenience method for subclasses to use when a login redirect is required.
|
void |
setLoginUrl(String loginUrl)
Sets the login URL used to authenticate a user.
|
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
getName, setName, toStringBuilder
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
public static final String DEFAULT_LOGIN_URL
/login.jsp
, which can be overridden by calling the
setLoginUrl
method.public static final String GET_METHOD
GET
.public static final String POST_METHOD
POST
.public AccessControlFilter()
public String getLoginUrl()
DEFAULT_LOGIN_URL
is assumed, which can be overridden via
setLoginUrl
.public void setLoginUrl(String loginUrl)
DEFAULT_LOGIN_URL
is assumed.loginUrl
- the login URL used to authenticate a user, used when redirecting users if authentication is required.protected Subject getSubject(ServletRequest request, ServletResponse response)
SecurityUtils.getSubject()
.request
- the incoming ServletRequest
response
- the outgoing ServletResponse
protected abstract boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception
true
if the request is allowed to proceed through the filter normally, or false
if the request should be handled by the
onAccessDenied(request,response,mappedValue)
method instead.request
- the incoming ServletRequest
response
- the outgoing ServletResponse
mappedValue
- the filter-specific config value mapped to this filter in the URL rules mappings.true
if the request should proceed through the filter normally, false
if the
request should be processed by this filter's
onAccessDenied(ServletRequest,ServletResponse,Object)
method instead.Exception
- if an error occurs during processing.protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception
isAccessAllowed
method, retaining the mappedValue
that was used during configuration.
This method immediately delegates to onAccessDenied(ServletRequest,ServletResponse)
as a
convenience in that most post-denial behavior does not need the mapped config again.request
- the incoming ServletRequest
response
- the outgoing ServletResponse
mappedValue
- the config specified for the filter in the matching request's filter chain.true
if the request should continue to be processed; false if the subclass will
handle/render the response directly.Exception
- if there is an error processing the request.protected abstract boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception
isAccessAllowed
method.request
- the incoming ServletRequest
response
- the outgoing ServletResponse
true
if the request should continue to be processed; false if the subclass will
handle/render the response directly.Exception
- if there is an error processing the request.public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception
true
if
isAccessAllowed(Request,Response,Object)
,
otherwise returns the result of
onAccessDenied(Request,Response,Object)
.onPreHandle
in class PathMatchingFilter
request
- the incoming ServletRequestresponse
- the outgoing ServletResponsemappedValue
- the filter-specific config value mapped to this filter in the URL rules mappings.true
if
isAccessAllowed
,
otherwise returns the result of
onAccessDenied
.Exception
- if an error occurs.PathMatchingFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse, String, Object)
protected boolean isLoginRequest(ServletRequest request, ServletResponse response)
true
if the incoming request is a login request, false
otherwise.
The default implementation merely returns true
if the incoming request matches the configured
loginUrl
by calling
pathsMatch(loginUrl, request)
.request
- the incoming ServletRequest
response
- the outgoing ServletResponse
true
if the incoming request is a login request, false
otherwise.protected void saveRequestAndRedirectToLogin(ServletRequest request, ServletResponse response) throws IOException
saveRequest(request)
and then redirectToLogin(request,response)
.request
- the incoming ServletRequest
response
- the outgoing ServletResponse
IOException
- if an error occurs.protected void saveRequest(ServletRequest request)
WebUtils.saveRequest(request)
to save the request
state for reuse later. This is mostly used to retain user request state when a redirect is issued to
return the user to their originally requested url/resource.
If you need to save and then immediately redirect the user to login, consider using
saveRequestAndRedirectToLogin(request,response)
directly.request
- the incoming ServletRequest to save for re-use later (for example, after a redirect).protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException
getLoginUrl
and redirects
the request to that url.
N.B. If you want to issue a redirect with the intention of allowing the user to then return to their
originally requested URL, don't use this method directly. Instead you should call
saveRequestAndRedirectToLogin(request,response)
, which will save the current request state so that it can
be reconstructed and re-used after a successful login.request
- the incoming ServletRequest
response
- the outgoing ServletResponse
IOException
- if an error occurs.Copyright © 2004–2020 The Apache Software Foundation. All rights reserved.