Package org.apache.shiro.web.filter.authc

Class AuthenticationFilter

  • All Implemented Interfaces:
    javax.servlet.Filter, org.apache.shiro.util.Nameable, PathConfigProcessor
    Direct Known Subclasses:
    AuthenticatingFilter, PassThruAuthenticationFilter
    public abstract class AuthenticationFilter
extends AccessControlFilter
    Base class for all Filters that require the current user to be authenticated. This class encapsulates the logic of checking whether a user is already authenticated in the system while subclasses are required to perform specific logic for unauthenticated requests.
    Since:
    0.9

    • Constructor Detail

      • AuthenticationFilter

        public AuthenticationFilter()

    • Method Detail

      • getSuccessUrl

        public String getSuccessUrl()
        Returns the success url to use as the default location a user is sent after logging in. Typically a redirect after login will redirect to the originally request URL; this property is provided mainly as a fallback in case the original request URL is not available or not specified.

        The default value is DEFAULT_SUCCESS_URL.

        Returns:
        the success url to use as the default location a user is sent after logging in.

      • setSuccessUrl

        public void setSuccessUrl​(String successUrl)
        Sets the default/fallback success url to use as the default location a user is sent after logging in. Typically a redirect after login will redirect to the originally request URL; this property is provided mainly as a fallback in case the original request URL is not available or not specified.

        The default value is DEFAULT_SUCCESS_URL.

        Parameters:
        successUrl - the success URL to redirect the user to after a successful login.

      • isAccessAllowed

        protected boolean isAccessAllowed​(javax.servlet.ServletRequest request,
                                  javax.servlet.ServletResponse response,
                                  Object mappedValue)
        Determines whether the current subject is authenticated.

        The default implementation acquires the currently executing Subject and then returns subject.isAuthenticated();

        Specified by:
        isAccessAllowed in class AccessControlFilter
        Parameters:
        request - the incoming ServletRequest
        response - the outgoing ServletResponse
        mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
        Returns:
        true if the subject is authenticated; false if the subject is unauthenticated

      • issueSuccessRedirect

        protected void issueSuccessRedirect​(javax.servlet.ServletRequest request,
                                    javax.servlet.ServletResponse response)
                             throws Exception
        Redirects to user to the previously attempted URL after a successful login. This implementation simply calls WebUtils.redirectToSavedRequest using the successUrl as the fallbackUrl argument to that call.
        Parameters:
        request - the incoming request
        response - the outgoing response
        Throws:
        Exception - if there is a problem redirecting.