org.apache.shiro.web.filter.authc
Class AuthenticationFilter

java.lang.Object
  extended by org.apache.shiro.web.servlet.ServletContextSupport
      extended by org.apache.shiro.web.servlet.AbstractFilter
          extended by org.apache.shiro.web.servlet.NameableFilter
              extended by org.apache.shiro.web.servlet.OncePerRequestFilter
                  extended by org.apache.shiro.web.servlet.AdviceFilter
                      extended by org.apache.shiro.web.filter.PathMatchingFilter
                          extended by org.apache.shiro.web.filter.AccessControlFilter
                              extended by org.apache.shiro.web.filter.authc.AuthenticationFilter
All Implemented Interfaces:
Filter, Nameable, PathConfigProcessor
Direct Known Subclasses:
AuthenticatingFilter, PassThruAuthenticationFilter

public abstract class AuthenticationFilter
extends AccessControlFilter

Base class for all Filters that require the current user to be authenticated. This class encapsulates the logic of checking whether a user is already authenticated in the system while subclasses are required to perform specific logic for unauthenticated requests.

Since:
0.9

Field Summary
static String DEFAULT_SUCCESS_URL
           
 
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
 
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
 
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
 
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
 
Constructor Summary
AuthenticationFilter()
           
 
Method Summary
 String getSuccessUrl()
          Returns the success url to use as the default location a user is sent after logging in.
protected  boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
          Determines whether the current subject is authenticated.
protected  void issueSuccessRedirect(ServletRequest request, ServletResponse response)
          Redirects to user to the previously attempted URL after a successful login.
 void setSuccessUrl(String successUrl)
          Sets the default/fallback success url to use as the default location a user is sent after logging in.
 
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
 
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
 
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
 
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
 
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
 
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
 
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

DEFAULT_SUCCESS_URL

public static final String DEFAULT_SUCCESS_URL
See Also:
Constant Field Values
Constructor Detail

AuthenticationFilter

public AuthenticationFilter()
Method Detail

getSuccessUrl

public String getSuccessUrl()
Returns the success url to use as the default location a user is sent after logging in. Typically a redirect after login will redirect to the originally request URL; this property is provided mainly as a fallback in case the original request URL is not available or not specified.

The default value is DEFAULT_SUCCESS_URL.

Returns:
the success url to use as the default location a user is sent after logging in.

setSuccessUrl

public void setSuccessUrl(String successUrl)
Sets the default/fallback success url to use as the default location a user is sent after logging in. Typically a redirect after login will redirect to the originally request URL; this property is provided mainly as a fallback in case the original request URL is not available or not specified.

The default value is DEFAULT_SUCCESS_URL.

Parameters:
successUrl - the success URL to redirect the user to after a successful login.

isAccessAllowed

protected boolean isAccessAllowed(ServletRequest request,
                                  ServletResponse response,
                                  Object mappedValue)
Determines whether the current subject is authenticated.

The default implementation acquires the currently executing Subject and then returns subject.isAuthenticated();

Specified by:
isAccessAllowed in class AccessControlFilter
Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
Returns:
true if the subject is authenticated; false if the subject is unauthenticated

issueSuccessRedirect

protected void issueSuccessRedirect(ServletRequest request,
                                    ServletResponse response)
                             throws Exception
Redirects to user to the previously attempted URL after a successful login. This implementation simply calls WebUtils.redirectToSavedRequest using the successUrl as the fallbackUrl argument to that call.

Parameters:
request - the incoming request
response - the outgoing response
Throws:
Exception - if there is a problem redirecting.


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.