View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.web.filter.authc;
20  
21  import org.apache.shiro.subject.Subject;
22  import org.apache.shiro.web.filter.AccessControlFilter;
23  import org.apache.shiro.web.util.WebUtils;
24  
25  import javax.servlet.ServletRequest;
26  import javax.servlet.ServletResponse;
27  
28  /**
29   * Base class for all Filters that require the current user to be authenticated. This class encapsulates the
30   * logic of checking whether a user is already authenticated in the system while subclasses are required to perform
31   * specific logic for unauthenticated requests.
32   *
33   * @since 0.9
34   */
35  public abstract class AuthenticationFilter extends AccessControlFilter {
36  
37      //TODO - complete JavaDoc
38  
39      public static final String DEFAULT_SUCCESS_URL = "/";
40  
41      private String successUrl = DEFAULT_SUCCESS_URL;
42  
43      /**
44       * Returns the success url to use as the default location a user is sent after logging in.  Typically a redirect
45       * after login will redirect to the originally request URL; this property is provided mainly as a fallback in case
46       * the original request URL is not available or not specified.
47       * <p/>
48       * The default value is {@link #DEFAULT_SUCCESS_URL}.
49       *
50       * @return the success url to use as the default location a user is sent after logging in.
51       */
52      public String getSuccessUrl() {
53          return successUrl;
54      }
55  
56      /**
57       * Sets the default/fallback success url to use as the default location a user is sent after logging in.  Typically
58       * a redirect after login will redirect to the originally request URL; this property is provided mainly as a
59       * fallback in case the original request URL is not available or not specified.
60       * <p/>
61       * The default value is {@link #DEFAULT_SUCCESS_URL}.
62       *
63       * @param successUrl the success URL to redirect the user to after a successful login.
64       */
65      public void setSuccessUrl(String successUrl) {
66          this.successUrl = successUrl;
67      }
68  
69  
70      /**
71       * Determines whether the current subject is authenticated.
72       * <p/>
73       * The default implementation {@link #getSubject(javax.servlet.ServletRequest, javax.servlet.ServletResponse) acquires}
74       * the currently executing Subject and then returns
75       * {@link org.apache.shiro.subject.Subject#isAuthenticated() subject.isAuthenticated()};
76       *
77       * @return true if the subject is authenticated; false if the subject is unauthenticated
78       */
79      protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
80          Subject subject = getSubject(request, response);
81          return subject.isAuthenticated() && subject.getPrincipal() != null;
82      }
83  
84      /**
85       * Redirects to user to the previously attempted URL after a successful login.  This implementation simply calls
86       * <code>{@link org.apache.shiro.web.util.WebUtils WebUtils}.{@link WebUtils#redirectToSavedRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, String) redirectToSavedRequest}</code>
87       * using the {@link #getSuccessUrl() successUrl} as the {@code fallbackUrl} argument to that call.
88       *
89       * @param request  the incoming request
90       * @param response the outgoing response
91       * @throws Exception if there is a problem redirecting.
92       */
93      protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws Exception {
94          WebUtils.redirectToSavedRequest(request, response, getSuccessUrl());
95      }
96  
97  }