org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

All Implemented Interfaces:: javax.servlet.Filter, org.apache.shiro.lang.util.Nameable, PathConfigProcessor

public class PassThruAuthenticationFilter extends AuthenticationFilter

An authentication filter that redirects the user to the login page when they are trying to access a protected resource. However, if the user is trying to access the login page, the filter lets the request pass through to the application code.

The difference between this filter and the FormAuthenticationFilter is that on a login submission (by default an HTTP POST to the login URL), the FormAuthenticationFilter filter attempts to automatically authenticate the user by passing the username and password request parameter values to Subject.login(usernamePasswordToken) directly.

Conversely, this controller always passes all requests to the loginUrl through, both GETs and POSTs. This is useful in cases where the developer wants to write their own login behavior, which should include a call to Subject.login(AuthenticationToken) at some point. For example, if the developer has their own custom MVC login controller or validator, this PassThruAuthenticationFilter may be appropriate.

Since:

0.9

See Also:

Field Summary

Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
DEFAULT_SUCCESS_URL

Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
Constructor Summary

Constructors

Constructor

Description

PassThruAuthenticationFilter()
Method Summary

Modifier and Type

Method

Description

protected boolean

onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)

Processes requests where the subject was denied access as determined by the isAccessAllowed method.

Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
getSuccessUrl, isAccessAllowed, issueSuccessRedirect, setSuccessUrl

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details
- PassThruAuthenticationFilter
  
  public PassThruAuthenticationFilter()
Method Details
- onAccessDenied
  
  protected boolean onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
  
  Description copied from class: AccessControlFilter
  
  Processes requests where the subject was denied access as determined by the isAccessAllowed method.
  
  Specified by:
  
  onAccessDenied in class AccessControlFilter
  
  Parameters:
  
  request - the incoming ServletRequest
  
  response - the outgoing ServletResponse
  
  Returns:
  
  true if the request should continue to be processed; false if the subclass will handle/render the response directly.
  
  Throws:
  
  Exception - if there is an error processing the request.

Class PassThruAuthenticationFilter

Field Summary

Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter

Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

Constructor Summary

Method Summary

Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

Methods inherited from class java.lang.Object

Constructor Details

PassThruAuthenticationFilter

Method Details

onAccessDenied