Class AuthenticationFilter

java.lang.Object
org.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.apache.shiro.web.filter.PathMatchingFilter
org.apache.shiro.web.filter.AccessControlFilter
org.apache.shiro.web.filter.authc.AuthenticationFilter
All Implemented Interfaces:
javax.servlet.Filter, org.apache.shiro.lang.util.Nameable, PathConfigProcessor
Direct Known Subclasses:
AuthenticatingFilter, PassThruAuthenticationFilter
public abstract class AuthenticationFilter extends AccessControlFilter
Base class for all Filters that require the current user to be authenticated. This class encapsulates the logic of checking whether a user is already authenticated in the system while subclasses are required to perform specific logic for unauthenticated requests.
Since:
0.9

  • Field Details

  • Constructor Details

  • Method Details

    • getSuccessUrl

      public String getSuccessUrl()
      Returns the success url to use as the default location a user is sent after logging in. Typically a redirect after login will redirect to the originally request URL; this property is provided mainly as a fallback in case the original request URL is not available or not specified.

      The default value is DEFAULT_SUCCESS_URL.

      Returns:
      the success url to use as the default location a user is sent after logging in.

    • setSuccessUrl

      public void setSuccessUrl(String successUrl)
      Sets the default/fallback success url to use as the default location a user is sent after logging in. Typically a redirect after login will redirect to the originally request URL; this property is provided mainly as a fallback in case the original request URL is not available or not specified.

      The default value is DEFAULT_SUCCESS_URL.

      Parameters:
      successUrl - the success URL to redirect the user to after a successful login.

    • isAccessAllowed

      protected boolean isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue)
      Determines whether the current subject is authenticated.

      The default implementation acquires the currently executing Subject and then returns subject.isAuthenticated();

      Specified by:
      isAccessAllowed in class AccessControlFilter
      Parameters:
      request - the incoming ServletRequest
      response - the outgoing ServletResponse
      mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
      Returns:
      true if the subject is authenticated; false if the subject is unauthenticated

    • issueSuccessRedirect

      protected void issueSuccessRedirect(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) throws Exception
      Redirects to user to the previously attempted URL after a successful login. This implementation simply calls WebUtils. redirectToSavedRequest using the successUrl as the fallbackUrl argument to that call.
      Parameters:
      request - the incoming request
      response - the outgoing response
      Throws:
      Exception - if there is a problem redirecting.