View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.web.filter.authc;
20  
21  import org.apache.shiro.web.filter.PathMatchingFilter;
22  
23  import javax.servlet.ServletRequest;
24  import javax.servlet.ServletResponse;
25  
26  /**
27   * Filter that allows access to a path immeidately without performing security checks of any kind.
28   * <p/>
29   * This filter is useful primarily in exclusionary policies, where you have defined a url pattern
30   * to require a certain security level, but maybe only subset of urls in that pattern should allow any access.
31   * <p/>
32   * For example, if you had a user-only section of a website, you might want to require that access to
33   * any url in that section must be from an authenticated user.
34   * <p/>
35   * Here is how that would look in the IniShiroFilter configuration:
36   * <p/>
37   * <code>[urls]<br/>
38   * /user/** = authc</code>
39   * <p/>
40   * But if you wanted <code>/user/signup/**</code> to be available to anyone, you have to exclude that path since
41   * it is a subset of the first.  This is where the AnonymousFilter ('anon') is useful:
42   * <p/>
43   * <code>[urls]<br/>
44   * /user/signup/** = anon<br/>
45   * /user/** = authc</code>>
46   * <p/>
47   * Since the url pattern definitions follow a 'first match wins' paradigm, the <code>anon</code> filter will
48   * match the <code>/user/signup/**</code> paths and the <code>/user/**</code> path chain will not be evaluated.
49   *
50   * @since 0.9
51   */
52  public class AnonymousFilter extends PathMatchingFilter {
53  
54      /**
55       * Always returns <code>true</code> allowing unchecked access to the underlying path or resource.
56       *
57       * @return <code>true</code> always, allowing unchecked access to the underlying path or resource.
58       */
59      @Override
60      protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) {
61          // Always return true since we allow access to anyone
62          return true;
63      }
64  
65  }