org.apache.shiro.web.filter.authc
Class AuthenticationFilter
java.lang.Object
org.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.apache.shiro.web.filter.PathMatchingFilter
org.apache.shiro.web.filter.AccessControlFilter
org.apache.shiro.web.filter.authc.AuthenticationFilter
- All Implemented Interfaces:
- javax.servlet.Filter, Nameable, PathConfigProcessor
- Direct Known Subclasses:
- AuthenticatingFilter, PassThruAuthenticationFilter
public abstract class AuthenticationFilter
- extends AccessControlFilter
Base class for all Filters that require the current user to be authenticated. This class encapsulates the
logic of checking whether a user is already authenticated in the system while subclasses are required to perform
specific logic for unauthenticated requests.
- Since:
- 0.9
|
Method Summary |
String |
getSuccessUrl()
Returns the success url to use as the default location a user is sent after logging in. |
protected boolean |
isAccessAllowed(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
Object mappedValue)
Determines whether the current subject is authenticated. |
protected void |
issueSuccessRedirect(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
Redirects to user to the previously attempted URL after a successful login. |
void |
setSuccessUrl(String successUrl)
Sets the default/fallback success url to use as the default location a user is sent after logging in. |
DEFAULT_SUCCESS_URL
public static final String DEFAULT_SUCCESS_URL
- See Also:
- Constant Field Values
AuthenticationFilter
public AuthenticationFilter()
getSuccessUrl
public String getSuccessUrl()
- Returns the success url to use as the default location a user is sent after logging in. Typically a redirect
after login will redirect to the originally request URL; this property is provided mainly as a fallback in case
the original request URL is not available or not specified.
The default value is
DEFAULT_SUCCESS_URL.
- Returns:
- the success url to use as the default location a user is sent after logging in.
setSuccessUrl
public void setSuccessUrl(String successUrl)
- Sets the default/fallback success url to use as the default location a user is sent after logging in. Typically
a redirect after login will redirect to the originally request URL; this property is provided mainly as a
fallback in case the original request URL is not available or not specified.
The default value is
DEFAULT_SUCCESS_URL.
- Parameters:
successUrl - the success URL to redirect the user to after a successful login.
isAccessAllowed
protected boolean isAccessAllowed(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response,
Object mappedValue)
- Determines whether the current subject is authenticated.
The default implementation
acquires
the currently executing Subject and then returns
subject.isAuthenticated();
- Specified by:
isAccessAllowed in class AccessControlFilter
- Parameters:
request - the incoming ServletRequestresponse - the outgoing ServletResponsemappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
- Returns:
- true if the subject is authenticated; false if the subject is unauthenticated
issueSuccessRedirect
protected void issueSuccessRedirect(javax.servlet.ServletRequest request,
javax.servlet.ServletResponse response)
throws Exception
- Redirects to user to the previously attempted URL after a successful login. This implementation simply calls
WebUtils.redirectToSavedRequestsuccessUrl as the fallbackUrl argument to that call.
- Parameters:
request - the incoming requestresponse - the outgoing response
- Throws:
Exception - if there is a problem redirecting.
Copyright © 2004-2015 The Apache Software Foundation. All Rights Reserved.