001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    package org.tynamo.security.shiro.authc;
020    
021    import javax.servlet.ServletRequest;
022    import javax.servlet.ServletResponse;
023    
024    import org.apache.shiro.authc.AuthenticationToken;
025    
026    /**
027     * Filter that allows access to a path immeidately without performing security checks of any kind.
028     * <p/>
029     * This filter is useful primarily in exclusionary policies, where you have defined a url pattern
030     * to require a certain security level, but maybe only subset of urls in that pattern should allow any access.
031     * <p/>
032     * For example, if you had a user-only section of a website, you might want to require that access to
033     * any url in that section must be from an authenticated user.
034     * <p/>
035     * Here is how that would look in the IniShiroFilter configuration:
036     * <p/>
037     * <code>[urls]<br/>
038     * /user/** = authc</code>
039     * <p/>
040     * But if you wanted <code>/user/signup/**</code> to be available to anyone, you have to exclude that path since
041     * it is a subset of the first.  This is where the AnonymousFilter ('anon') is useful:
042     * <p/>
043     * <code>[urls]<br/>
044     * /user/signup/** = anon<br/>
045     * /user/** = authc</code>>
046     * <p/>
047     * Since the url pattern definitions follow a 'first match wins' paradigm, the <code>anon</code> filter will
048     * match the <code>/user/signup/**</code> paths and the <code>/user/**</code> path chain will not be evaluated.
049     *
050     * @since 0.4.0
051     */
052    public class AnonymousFilter extends AuthenticatingFilter {
053    
054        /**
055         * Always returns <code>true</code> allowing unchecked access to the underlying path or resource.
056         *
057         * @return <code>true</code> always, allowing unchecked access to the underlying path or resource.
058         */
059        @Override
060        public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) {
061            // Always return true since we allow access to anyone
062            return true;
063        }
064    
065                    @Override
066                    protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception {
067                            // TODO Auto-generated method stub
068                            return null;
069                    }
070    
071                    @Override
072                    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
073                            // TODO Auto-generated method stub
074                            return false;
075                    }
076    
077    }