Class AnonymousFilter
-
- All Implemented Interfaces:
Filter
,Nameable
,PathConfigProcessor
public class AnonymousFilter extends PathMatchingFilter
Filter that allows access to a path immeidately without performing security checks of any kind. This filter is useful primarily in exclusionary policies, where you have defined a url pattern to require a certain security level, but maybe only subset of urls in that pattern should allow any access. For example, if you had a user-only section of a website, you might want to require that access to any url in that section must be from an authenticated user. Here is how that would look in the IniShiroFilter configuration:[urls]
But if you wanted
/user/** = authc/user/signup/**
to be available to anyone, you have to exclude that path since it is a subset of the first. This is where the AnonymousFilter ('anon') is useful:[urls]
> Since the url pattern definitions follow a 'first match wins' paradigm, the
/user/signup/** = anon
/user/** = authcanon
filter will match the/user/signup/**
paths and the/user/**
path chain will not be evaluated.- Since:
- 0.9
-
-
Field Summary
-
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
-
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
-
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
-
-
Constructor Summary
Constructors Constructor Description AnonymousFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue)
Always returnstrue
allowing unchecked access to the underlying path or resource.-
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
-
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
-
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter
-
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
-
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
-
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
-
-
-
-
Constructor Detail
-
AnonymousFilter
public AnonymousFilter()
-
-
Method Detail
-
onPreHandle
protected boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue)
Always returnstrue
allowing unchecked access to the underlying path or resource.- Overrides:
onPreHandle
in classPathMatchingFilter
- Parameters:
request
- the incoming ServletRequestresponse
- the outgoing ServletResponsemappedValue
- the filter-specific config value mapped to this filter in the URL rules mappings.- Returns:
true
always, allowing unchecked access to the underlying path or resource.- See Also:
PathMatchingFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse, String, Object)
-
-