org.apache.shiro.web.filter.authc
Class AuthenticatingFilter

java.lang.Object
  extended by org.apache.shiro.web.servlet.ServletContextSupport
      extended by org.apache.shiro.web.servlet.AbstractFilter
          extended by org.apache.shiro.web.servlet.NameableFilter
              extended by org.apache.shiro.web.servlet.OncePerRequestFilter
                  extended by org.apache.shiro.web.servlet.AdviceFilter
                      extended by org.apache.shiro.web.filter.PathMatchingFilter
                          extended by org.apache.shiro.web.filter.AccessControlFilter
                              extended by org.apache.shiro.web.filter.authc.AuthenticationFilter
                                  extended by org.apache.shiro.web.filter.authc.AuthenticatingFilter
All Implemented Interfaces:
Filter, Nameable, PathConfigProcessor
Direct Known Subclasses:
BasicHttpAuthenticationFilter, CasFilter, FormAuthenticationFilter

public abstract class AuthenticatingFilter
extends AuthenticationFilter

An AuthenticationFilter that is capable of automatically performing an authentication attempt based on the incoming request.

Since:
0.9

Field Summary
static String PERMISSIVE
           
 
Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
DEFAULT_SUCCESS_URL
 
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
 
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
 
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
 
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
 
Constructor Summary
AuthenticatingFilter()
           
 
Method Summary
protected  void cleanup(ServletRequest request, ServletResponse response, Exception existing)
          Overrides the default behavior to call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object) and swallow the exception if the exception is UnauthenticatedException.
protected abstract  AuthenticationToken createToken(ServletRequest request, ServletResponse response)
           
protected  AuthenticationToken createToken(String username, String password, boolean rememberMe, String host)
           
protected  AuthenticationToken createToken(String username, String password, ServletRequest request, ServletResponse response)
           
protected  boolean executeLogin(ServletRequest request, ServletResponse response)
           
protected  String getHost(ServletRequest request)
          Returns the host name or IP associated with the current subject.
protected  boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
          Determines whether the current subject should be allowed to make the current request.
protected  boolean isPermissive(Object mappedValue)
          Returns true if the mappedValue contains the PERMISSIVE qualifier.
protected  boolean isRememberMe(ServletRequest request)
          Returns true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.
protected  boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request, ServletResponse response)
           
protected  boolean onLoginSuccess(AuthenticationToken token, Subject subject, ServletRequest request, ServletResponse response)
           
 
Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
getSuccessUrl, issueSuccessRedirect, setSuccessUrl
 
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
 
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
 
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, doFilterInternal, executeChain, postHandle
 
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
 
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
 
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
 
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

PERMISSIVE

public static final String PERMISSIVE
See Also:
Constant Field Values
Constructor Detail

AuthenticatingFilter

public AuthenticatingFilter()
Method Detail

executeLogin

protected boolean executeLogin(ServletRequest request,
                               ServletResponse response)
                        throws Exception
Throws:
Exception

createToken

protected abstract AuthenticationToken createToken(ServletRequest request,
                                                   ServletResponse response)
                                            throws Exception
Throws:
Exception

createToken

protected AuthenticationToken createToken(String username,
                                          String password,
                                          ServletRequest request,
                                          ServletResponse response)

createToken

protected AuthenticationToken createToken(String username,
                                          String password,
                                          boolean rememberMe,
                                          String host)

onLoginSuccess

protected boolean onLoginSuccess(AuthenticationToken token,
                                 Subject subject,
                                 ServletRequest request,
                                 ServletResponse response)
                          throws Exception
Throws:
Exception

onLoginFailure

protected boolean onLoginFailure(AuthenticationToken token,
                                 AuthenticationException e,
                                 ServletRequest request,
                                 ServletResponse response)

getHost

protected String getHost(ServletRequest request)
Returns the host name or IP associated with the current subject. This method is primarily provided for use during construction of an AuthenticationToken.

The default implementation merely returns ServletRequest.getRemoteHost().

Parameters:
request - the incoming ServletRequest
Returns:
the InetAddress to associate with the login attempt.

isRememberMe

protected boolean isRememberMe(ServletRequest request)
Returns true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.

This implementation always returns false and is provided as a template hook to subclasses that support rememberMe logins and wish to determine rememberMe in a custom mannner based on the current request.

Parameters:
request - the incoming ServletRequest
Returns:
true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.

isAccessAllowed

protected boolean isAccessAllowed(ServletRequest request,
                                  ServletResponse response,
                                  Object mappedValue)
Determines whether the current subject should be allowed to make the current request.

The default implementation returns true if the user is authenticated. Will also return true if the AccessControlFilter.isLoginRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse) returns false and the "permissive" flag is set.

Overrides:
isAccessAllowed in class AuthenticationFilter
Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
Returns:
true if request should be allowed access

isPermissive

protected boolean isPermissive(Object mappedValue)
Returns true if the mappedValue contains the PERMISSIVE qualifier.

Returns:
true if this filter should be permissive

cleanup

protected void cleanup(ServletRequest request,
                       ServletResponse response,
                       Exception existing)
                throws ServletException,
                       IOException
Overrides the default behavior to call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object) and swallow the exception if the exception is UnauthenticatedException.

Overrides:
cleanup in class AdviceFilter
Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
existing - any exception that might have occurred while executing the FilterChain or pre or post advice, or null if the pre/chain/post execution did not throw an Exception.
Throws:
ServletException - if any exception other than an IOException is thrown.
IOException - if the pre/chain/post execution throw an IOException


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.