Class AnonymousFilter

  • All Implemented Interfaces:
    Filter, Nameable, PathConfigProcessor

    public class AnonymousFilter
    extends PathMatchingFilter
    Filter that allows access to a path immeidately without performing security checks of any kind.

    This filter is useful primarily in exclusionary policies, where you have defined a url pattern to require a certain security level, but maybe only subset of urls in that pattern should allow any access.

    For example, if you had a user-only section of a website, you might want to require that access to any url in that section must be from an authenticated user.

    Here is how that would look in the IniShiroFilter configuration:

    /user/** = authc

    But if you wanted /user/signup/** to be available to anyone, you have to exclude that path since it is a subset of the first. This is where the AnonymousFilter ('anon') is useful:

    /user/signup/** = anon
    /user/** = authc

    Since the url pattern definitions follow a 'first match wins' paradigm, the anon filter will match the /user/signup/** paths and the /user/** path chain will not be evaluated.