Class UserFilter
java.lang.Object
- All Implemented Interfaces:
javax.servlet.Filter,org.apache.shiro.lang.util.Nameable,PathConfigProcessor
Filter that allows access to resources if the accessor is a known user, which is defined as
having a known principal. This means that any user who is authenticated or remembered via a
'remember me' feature will be allowed access from this filter.
If the accessor is not a known user, then they will be redirected to the
loginUrl- Since:
- 0.9
-
Field Summary
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHODFields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcherFields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIXFields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionprotected booleanisAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue) Returnstrueif the request is aloginRequestor if the currentsubjectis notnull,falseotherwise.protected booleanonAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) This default implementation simply callssaveRequestAndRedirectToLoginand then immediately returnsfalse, thereby preventing the chain from continuing so the redirect may execute.Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrlMethods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfigMethods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandleMethods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilterMethods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilderMethods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfigMethods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
-
Constructor Details
-
UserFilter
public UserFilter()
-
-
Method Details
-
isAccessAllowed
protected boolean isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue) Returnstrueif the request is aloginRequestor if the currentsubjectis notnull,falseotherwise.- Specified by:
isAccessAllowedin classAccessControlFilter- Parameters:
request- the incomingServletRequestresponse- the outgoingServletResponsemappedValue- the filter-specific config value mapped to this filter in the URL rules mappings.- Returns:
trueif the request is aloginRequestor if the currentsubjectis notnull,falseotherwise.
-
onAccessDenied
protected boolean onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception This default implementation simply callssaveRequestAndRedirectToLoginand then immediately returnsfalse, thereby preventing the chain from continuing so the redirect may execute.- Specified by:
onAccessDeniedin classAccessControlFilter- Parameters:
request- the incomingServletRequestresponse- the outgoingServletResponse- Returns:
trueif the request should continue to be processed; false if the subclass will handle/render the response directly.- Throws:
Exception- if there is an error processing the request.
-