Class AuthenticatingFilter

java.lang.Object
org.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.apache.shiro.web.filter.PathMatchingFilter
org.apache.shiro.web.filter.AccessControlFilter
org.apache.shiro.web.filter.authc.AuthenticationFilter
org.apache.shiro.web.filter.authc.AuthenticatingFilter
All Implemented Interfaces:
javax.servlet.Filter, org.apache.shiro.lang.util.Nameable, PathConfigProcessor
Direct Known Subclasses:
BasicHttpAuthenticationFilter, BearerHttpAuthenticationFilter, FormAuthenticationFilter
public abstract class AuthenticatingFilter extends AuthenticationFilter
An AuthenticationFilter that is capable of automatically performing an authentication attempt based on the incoming request.
Since:
0.9

  • Field Details

  • Constructor Details

  • Method Details

    • executeLogin

      protected boolean executeLogin(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
      Throws:
      Exception

    • createToken

      protected abstract org.apache.shiro.authc.AuthenticationToken createToken(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
      Throws:
      Exception

    • createToken

      protected org.apache.shiro.authc.AuthenticationToken createToken(String username, String password, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)

    • createToken

      protected org.apache.shiro.authc.AuthenticationToken createToken(String username, String password, boolean rememberMe, String host)

    • onLoginSuccess

      protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.subject.Subject subject, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
      Throws:
      Exception

    • onLoginFailure

      protected boolean onLoginFailure(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.authc.AuthenticationException e, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)

    • getHost

      protected String getHost(javax.servlet.ServletRequest request)
      Returns the host name or IP associated with the current subject. This method is primarily provided for use during construction of an AuthenticationToken.

      The default implementation merely returns ServletRequest.getRemoteHost().

      Parameters:
      request - the incoming ServletRequest
      Returns:
      the InetAddress to associate with the login attempt.

    • isRememberMe

      protected boolean isRememberMe(javax.servlet.ServletRequest request)
      Returns true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.

      This implementation always returns false and is provided as a template hook to subclasses that support rememberMe logins and wish to determine rememberMe in a custom manner based on the current request.

      Parameters:
      request - the incoming ServletRequest
      Returns:
      true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.

    • isAccessAllowed

      protected boolean isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue)
      Determines whether the current subject should be allowed to make the current request.

      The default implementation returns true if the user is authenticated. Will also return true if the AccessControlFilter.isLoginRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse) returns false and the "permissive" flag is set.

      Overrides:
      isAccessAllowed in class AuthenticationFilter
      Parameters:
      request - the incoming ServletRequest
      response - the outgoing ServletResponse
      mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
      Returns:
      true if request should be allowed access

    • isPermissive

      protected boolean isPermissive(Object mappedValue)
      Returns true if the mappedValue contains the PERMISSIVE qualifier.
      Returns:
      true if this filter should be permissive

    • cleanup

      protected void cleanup(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Exception existing) throws javax.servlet.ServletException, IOException
      Overrides the default behavior to call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object) and swallow the exception if the exception is UnauthenticatedException.
      Overrides:
      cleanup in class AdviceFilter
      Parameters:
      request - the incoming ServletRequest
      response - the outgoing ServletResponse
      existing - any exception that might have occurred while executing the FilterChain or pre or post advice, or null if the pre/chain/post execution did not throw an Exception.
      Throws:
      javax.servlet.ServletException - if any exception other than an IOException is thrown.
      IOException - if the pre/chain/post execution throw an IOException