org.apache.shiro.web.filter.authz
Class SslFilter

java.lang.Object
  extended by org.apache.shiro.web.servlet.ServletContextSupport
      extended by org.apache.shiro.web.servlet.AbstractFilter
          extended by org.apache.shiro.web.servlet.NameableFilter
              extended by org.apache.shiro.web.servlet.OncePerRequestFilter
                  extended by org.apache.shiro.web.servlet.AdviceFilter
                      extended by org.apache.shiro.web.filter.PathMatchingFilter
                          extended by org.apache.shiro.web.filter.AccessControlFilter
                              extended by org.apache.shiro.web.filter.authz.AuthorizationFilter
                                  extended by org.apache.shiro.web.filter.authz.PortFilter
                                      extended by org.apache.shiro.web.filter.authz.SslFilter
All Implemented Interfaces:
Filter, Nameable, PathConfigProcessor

public class SslFilter
extends PortFilter

Filter which requires a request to be over SSL. Access is allowed if the request is received on the configured server port and the request.isSecure(). If either condition is false, the filter chain will not continue.

The port property defaults to 443 and also additionally guarantees that the request scheme is always 'https' (except for port 80, which retains the 'http' scheme).

Example config:

 [urls]
 /secure/path/** = ssl
 

Since:
1.0

Field Summary
static int DEFAULT_HTTPS_PORT
           
static String HTTPS_SCHEME
           
 
Fields inherited from class org.apache.shiro.web.filter.authz.PortFilter
DEFAULT_HTTP_PORT, HTTP_SCHEME
 
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
 
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
 
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
 
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
 
Constructor Summary
SslFilter()
           
 
Method Summary
protected  String getScheme(String requestScheme, int port)
           
protected  boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
          Retains the parent method's port-matching behavior but additionally guarantees that the ServletRequest.isSecure().
 
Methods inherited from class org.apache.shiro.web.filter.authz.PortFilter
getPort, onAccessDenied, setPort, toPort
 
Methods inherited from class org.apache.shiro.web.filter.authz.AuthorizationFilter
getUnauthorizedUrl, onAccessDenied, setUnauthorizedUrl
 
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
 
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
 
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
 
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
 
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
 
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
 
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

DEFAULT_HTTPS_PORT

public static final int DEFAULT_HTTPS_PORT
See Also:
Constant Field Values

HTTPS_SCHEME

public static final String HTTPS_SCHEME
See Also:
Constant Field Values
Constructor Detail

SslFilter

public SslFilter()
Method Detail

getScheme

protected String getScheme(String requestScheme,
                           int port)
Overrides:
getScheme in class PortFilter

isAccessAllowed

protected boolean isAccessAllowed(ServletRequest request,
                                  ServletResponse response,
                                  Object mappedValue)
                           throws Exception
Retains the parent method's port-matching behavior but additionally guarantees that the ServletRequest.isSecure(). If the port does not match or the request is not secure, access is denied.

Overrides:
isAccessAllowed in class PortFilter
Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse - ignored in this implementation
mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings - ignored by this implementation.
Returns:
true if the request is received on an expected SSL port and the request.isSecure(), false otherwise.
Throws:
Exception - if the call to super.isAccessAllowed throws an exception.
Since:
1.2


Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.