Class AnonymousFilter

  extended by org.apache.shiro.web.servlet.ServletContextSupport
      extended by org.apache.shiro.web.servlet.AbstractFilter
          extended by org.apache.shiro.web.servlet.NameableFilter
              extended by org.apache.shiro.web.servlet.OncePerRequestFilter
                  extended by org.apache.shiro.web.servlet.AdviceFilter
                      extended by org.apache.shiro.web.filter.PathMatchingFilter
                          extended by org.apache.shiro.web.filter.authc.AnonymousFilter
All Implemented Interfaces:
Filter, Nameable, PathConfigProcessor

public class AnonymousFilter
extends PathMatchingFilter

Filter that allows access to a path immeidately without performing security checks of any kind.

This filter is useful primarily in exclusionary policies, where you have defined a url pattern to require a certain security level, but maybe only subset of urls in that pattern should allow any access.

For example, if you had a user-only section of a website, you might want to require that access to any url in that section must be from an authenticated user.

Here is how that would look in the IniShiroFilter configuration:

/user/** = authc

But if you wanted /user/signup/** to be available to anyone, you have to exclude that path since it is a subset of the first. This is where the AnonymousFilter ('anon') is useful:

/user/signup/** = anon
/user/** = authc

Since the url pattern definitions follow a 'first match wins' paradigm, the anon filter will match the /user/signup/** paths and the /user/** path chain will not be evaluated.


Field Summary
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
Constructor Summary
Method Summary
protected  boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue)
          Always returns true allowing unchecked access to the underlying path or resource.
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail


public AnonymousFilter()
Method Detail


protected boolean onPreHandle(ServletRequest request,
                              ServletResponse response,
                              Object mappedValue)
Always returns true allowing unchecked access to the underlying path or resource.

onPreHandle in class PathMatchingFilter
request - the incoming ServletRequest
response - the outgoing ServletResponse
mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
true always, allowing unchecked access to the underlying path or resource.
See Also:
PathMatchingFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse, String, Object)

Copyright © 2004-2014 The Apache Software Foundation. All Rights Reserved.