public abstract class AuthenticatingFilter extends AuthenticationFilter
AuthenticationFilter
that is capable of automatically performing an authentication attempt
based on the incoming request.Modifier and Type | Field and Description |
---|---|
static String |
PERMISSIVE |
DEFAULT_SUCCESS_URL
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
appliedPaths, pathMatcher
ALREADY_FILTERED_SUFFIX
filterConfig
Constructor and Description |
---|
AuthenticatingFilter() |
Modifier and Type | Method and Description |
---|---|
protected void |
cleanup(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
Exception existing)
Overrides the default behavior to call
AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object) and swallow the exception if the exception is
UnauthenticatedException . |
protected abstract AuthenticationToken |
createToken(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response) |
protected AuthenticationToken |
createToken(String username,
String password,
boolean rememberMe,
String host) |
protected AuthenticationToken |
createToken(String username,
String password,
javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response) |
protected boolean |
executeLogin(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response) |
protected String |
getHost(javax.servlet.ServletRequest request)
Returns the host name or IP associated with the current subject.
|
protected boolean |
isAccessAllowed(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
Object mappedValue)
Determines whether the current subject should be allowed to make the current request.
|
protected boolean |
isPermissive(Object mappedValue)
Returns
true if the mappedValue contains the PERMISSIVE qualifier. |
protected boolean |
isRememberMe(javax.servlet.ServletRequest request)
Returns
true if "rememberMe" should be enabled for the login attempt associated with the
current request , false otherwise. |
protected boolean |
onLoginFailure(AuthenticationToken token,
AuthenticationException e,
javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response) |
protected boolean |
onLoginSuccess(AuthenticationToken token,
Subject subject,
javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response) |
getSuccessUrl, issueSuccessRedirect, setSuccessUrl
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
afterCompletion, doFilterInternal, executeChain, postHandle
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
getName, setName, toStringBuilder
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
public static final String PERMISSIVE
public AuthenticatingFilter()
protected boolean executeLogin(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
Exception
protected abstract AuthenticationToken createToken(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
Exception
protected AuthenticationToken createToken(String username, String password, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
protected AuthenticationToken createToken(String username, String password, boolean rememberMe, String host)
protected boolean onLoginSuccess(AuthenticationToken token, Subject subject, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
Exception
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
protected String getHost(javax.servlet.ServletRequest request)
AuthenticationToken
.
The default implementation merely returns ServletRequest.getRemoteHost()
.request
- the incoming ServletRequestInetAddress
to associate with the login attempt.protected boolean isRememberMe(javax.servlet.ServletRequest request)
true
if "rememberMe" should be enabled for the login attempt associated with the
current request
, false
otherwise.
This implementation always returns false
and is provided as a template hook to subclasses that
support rememberMe
logins and wish to determine rememberMe
in a custom mannner
based on the current request
.request
- the incoming ServletRequesttrue
if "rememberMe" should be enabled for the login attempt associated with the
current request
, false
otherwise.protected boolean isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue)
true
if the user is authenticated. Will also return
true
if the AccessControlFilter.isLoginRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
returns false and the "permissive" flag is set.isAccessAllowed
in class AuthenticationFilter
request
- the incoming ServletRequest
response
- the outgoing ServletResponse
mappedValue
- the filter-specific config value mapped to this filter in the URL rules mappings.true
if request should be allowed accessprotected boolean isPermissive(Object mappedValue)
true
if the mappedValue contains the PERMISSIVE
qualifier.true
if this filter should be permissiveprotected void cleanup(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Exception existing) throws javax.servlet.ServletException, IOException
AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object)
and swallow the exception if the exception is
UnauthenticatedException
.cleanup
in class AdviceFilter
request
- the incoming ServletRequest
response
- the outgoing ServletResponse
existing
- any exception that might have occurred while executing the FilterChain
or
pre or post advice, or null
if the pre/chain/post execution did not throw an Exception
.javax.servlet.ServletException
- if any exception other than an IOException
is thrown.IOException
- if the pre/chain/post execution throw an IOException
Copyright © 2004–2019 The Apache Software Foundation. All rights reserved.