View Javadoc

1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *     http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.apache.shiro.web.servlet;
20  
21  import org.apache.shiro.web.env.WebEnvironment;
22  import org.apache.shiro.web.filter.mgt.FilterChainResolver;
23  import org.apache.shiro.web.util.WebUtils;
24  
25  /**
26   * Primary Shiro Filter for web applications configuring Shiro via Servlet <listener> in web.xml.
27   * <p/>
28   * As of Shiro 1.2, this is Shiro's preferred filter for {@code web.xml} configuration.  It expects the presence of a
29   * Shiro {@link org.apache.shiro.web.env.WebEnvironment WebEnvironment} in the {@code ServletContext}, also
30   * configured via {@code web.xml}.
31   * <h2>Usage</h2>
32   * As this Filter expects an available {@link org.apache.shiro.web.env.WebEnvironment WebEnvironment} instance to
33   * be configured, it must be defined in {@code web.xml} with the companion
34   * {@link org.apache.shiro.web.env.EnvironmentLoaderListener EnvironmentLoaderListener}, which performs the necessary
35   * environment setup.  For example:
36   * <pre>
37   * &lt;listener&gt;
38   *     &lt;listener-class&gt;{@link org.apache.shiro.web.env.EnvironmentLoaderListener}&lt;/listener-class&gt;
39   * &lt;/listener&gt;
40   * ...
41   * &lt;filter&gt;
42   *     &lt;filter-name&gt;ShiroFilter&lt;/filter-name&gt;
43   *     &lt;filter-class&gt;org.apache.shiro.web.servlet.ShiroFilter&lt;/filter-class&gt;
44   * &lt;/filter&gt;
45   *
46   * &lt;-- Filter all web requests.  This filter mapping is typically declared
47   *     before all others to ensure any other filters are secured as well: --&gt;
48   * &lt;filter-mapping&gt;
49   *     &lt;filter-name&gt;ShiroFilter&lt;/filter-name&gt;
50   *     &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
51   * &lt;/filter-mapping&gt;
52   * </pre>
53   * Configuration options (configuration file paths, etc) are specified as part of the
54   * {@code EnvironmentLoaderListener} configuration.  See the
55   * {@link org.apache.shiro.web.env.EnvironmentLoader EnvironmentLoader} JavaDoc for configuration options.
56   *
57   * @see org.apache.shiro.web.env.EnvironmentLoader EnvironmentLoader
58   * @see org.apache.shiro.web.env.EnvironmentLoaderListener EnvironmentLoaderListener
59   * @see <a href="http://shiro.apache.org/web.html">Apache Shiro Web Documentation</a>
60   * @since 1.2
61   */
62  public class ShiroFilter extends AbstractShiroFilter {
63  
64      /**
65       * Configures this instance based on the existing {@link org.apache.shiro.web.env.WebEnvironment} instance
66       * available to the currently accessible {@link #getServletContext() servletContext}.
67       *
68       * @see org.apache.shiro.web.env.EnvironmentLoaderListener
69       * @since 1.2
70       */
71      @Override
72      public void init() throws Exception {
73          WebEnvironment env = WebUtils.getRequiredWebEnvironment(getServletContext());
74  
75          setSecurityManager(env.getWebSecurityManager());
76  
77          FilterChainResolver resolver = env.getFilterChainResolver();
78          if (resolver != null) {
79              setFilterChainResolver(resolver);
80          }
81      }
82  }