public class PassThruAuthenticationFilter extends AuthenticationFilter
FormAuthenticationFilter
is that
on a login submission (by default an HTTP POST to the login URL), the FormAuthenticationFilter
filter
attempts to automatically authenticate the user by passing the username
and password
request parameter values to
Subject.login(usernamePasswordToken)
directly.
Conversely, this controller always passes all requests to the loginUrl
through, both GETs and
POSTs. This is useful in cases where the developer wants to write their own login behavior, which should include a
call to Subject.login(AuthenticationToken)
at some point. For example, if the developer has their own custom MVC login controller or validator,
this PassThruAuthenticationFilter
may be appropriate.FormAuthenticationFilter
DEFAULT_SUCCESS_URL
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
appliedPaths, pathMatcher
ALREADY_FILTERED_SUFFIX
filterConfig
Constructor and Description |
---|
PassThruAuthenticationFilter() |
Modifier and Type | Method and Description |
---|---|
protected boolean |
onAccessDenied(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
Processes requests where the subject was denied access as determined by the
isAccessAllowed
method. |
getSuccessUrl, isAccessAllowed, issueSuccessRedirect, setSuccessUrl
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
getName, setName, toStringBuilder
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
public PassThruAuthenticationFilter()
protected boolean onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
AccessControlFilter
isAccessAllowed
method.onAccessDenied
in class AccessControlFilter
request
- the incoming ServletRequest
response
- the outgoing ServletResponse
true
if the request should continue to be processed; false if the subclass will
handle/render the response directly.Exception
- if there is an error processing the request.Copyright © 2004–2019 The Apache Software Foundation. All rights reserved.