org.apache.shiro.web.filter.authc

Class AuthenticationFilter

java.lang.Object

org.apache.shiro.web.servlet.ServletContextSupport

org.apache.shiro.web.servlet.AbstractFilter

org.apache.shiro.web.servlet.NameableFilter

org.apache.shiro.web.servlet.OncePerRequestFilter

org.apache.shiro.web.servlet.AdviceFilter

org.apache.shiro.web.filter.PathMatchingFilter

org.apache.shiro.web.filter.AccessControlFilter

org.apache.shiro.web.filter.authc.AuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, Nameable, PathConfigProcessor

Direct Known Subclasses:

AuthenticatingFilter, PassThruAuthenticationFilter

public abstract class AuthenticationFilter
extends AccessControlFilter

Base class for all Filters that require the current user to be authenticated. This class encapsulates the logic of checking whether a user is already authenticated in the system while subclasses are required to perform specific logic for unauthenticated requests.

Since:

0.9

Field Summary

Fields

Modifier and Type	Field and Description
static String	DEFAULT_SUCCESS_URL

Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

appliedPaths, pathMatcher

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

filterConfig

Constructor Summary

Constructors

Constructor and Description
AuthenticationFilter()

Method Summary

Modifier and Type	Method and Description
String	getSuccessUrl() Returns the success url to use as the default location a user is sent after logging in.
protected boolean	isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue) Determines whether the current subject is authenticated.
protected void	issueSuccessRedirect(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) Redirects to user to the previously attempted URL after a successful login.
void	setSuccessUrl(String successUrl) Sets the default/fallback success url to use as the default location a user is sent after logging in.

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

DEFAULT_SUCCESS_URL

public static final String DEFAULT_SUCCESS_URL

See Also:

Constant Field Values

Constructor Detail

AuthenticationFilter

public AuthenticationFilter()

Method Detail

getSuccessUrl

public String getSuccessUrl()

Returns the success url to use as the default location a user is sent after logging in. Typically a redirect after login will redirect to the originally request URL; this property is provided mainly as a fallback in case the original request URL is not available or not specified.

The default value is DEFAULT_SUCCESS_URL.

Returns:

the success url to use as the default location a user is sent after logging in.

setSuccessUrl

public void setSuccessUrl(String successUrl)

Sets the default/fallback success url to use as the default location a user is sent after logging in. Typically a redirect after login will redirect to the originally request URL; this property is provided mainly as a fallback in case the original request URL is not available or not specified.

The default value is DEFAULT_SUCCESS_URL.

Parameters:

successUrl - the success URL to redirect the user to after a successful login.

isAccessAllowed

protected boolean isAccessAllowed(javax.servlet.ServletRequest request,
                                  javax.servlet.ServletResponse response,
                                  Object mappedValue)

Determines whether the current subject is authenticated.

The default implementation acquires the currently executing Subject and then returns subject.isAuthenticated();

Specified by:

isAccessAllowed in class AccessControlFilter

Parameters:

request - the incoming ServletRequest

response - the outgoing ServletResponse

mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.

Returns:

true if the subject is authenticated; false if the subject is unauthenticated

issueSuccessRedirect

protected void issueSuccessRedirect(javax.servlet.ServletRequest request,
                                    javax.servlet.ServletResponse response)
                             throws Exception

Redirects to user to the previously attempted URL after a successful login. This implementation simply calls WebUtils.redirectToSavedRequest using the successUrl as the fallbackUrl argument to that call.

Parameters:

request - the incoming request

response - the outgoing response

Throws:

Exception - if there is a problem redirecting.