001    /*
002     * Licensed to the Apache Software Foundation (ASF) under one
003     * or more contributor license agreements.  See the NOTICE file
004     * distributed with this work for additional information
005     * regarding copyright ownership.  The ASF licenses this file
006     * to you under the Apache License, Version 2.0 (the
007     * "License"); you may not use this file except in compliance
008     * with the License.  You may obtain a copy of the License at
009     *
010     *     http://www.apache.org/licenses/LICENSE-2.0
011     *
012     * Unless required by applicable law or agreed to in writing,
013     * software distributed under the License is distributed on an
014     * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
015     * KIND, either express or implied.  See the License for the
016     * specific language governing permissions and limitations
017     * under the License.
018     */
019    package org.tynamo.security.shiro.authc;
020    
021    import javax.servlet.ServletRequest;
022    import javax.servlet.ServletResponse;
023    
024    import org.apache.shiro.subject.Subject;
025    import org.apache.shiro.web.util.WebUtils;
026    import org.tynamo.security.shiro.AccessControlFilter;
027    
028    /**
029     * Base class for all Filters that require the current user to be authenticated. This class encapsulates the
030     * logic of checking whether a user is already authenticated in the system while subclasses are required to perform
031     * specific logic for unauthenticated requests.
032     *
033     * @since 0.9
034     */
035    public abstract class AuthenticationFilter extends AccessControlFilter {
036    
037        /**
038         * Determines whether the current subject is authenticated.
039         * <p/>
040         * The default implementation {@link #getSubject(javax.servlet.ServletRequest, javax.servlet.ServletResponse) acquires}
041         * the currently executing Subject and then returns
042         * {@link org.apache.shiro.subject.Subject#isAuthenticated() subject.isAuthenticated()};
043         *
044         * @return true if the subject is authenticated; false if the subject is unauthenticated
045         */
046        protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
047            Subject subject = getSubject(request, response);
048            return subject.isAuthenticated();
049        }
050    
051        /**
052         * Redirects to user to the previously attempted URL after a successful login.  This implementation simply calls
053         * <code>{@link org.apache.shiro.web.util.WebUtils WebUtils}.{@link WebUtils#redirectToSavedRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, String) redirectToSavedRequest}</code>
054         * using the {@link #getSuccessUrl() successUrl} as the {@code fallbackUrl} argument to that call.
055         *
056         * @param request  the incoming request
057         * @param response the outgoing response
058         * @throws Exception if there is a problem redirecting.
059         */
060        protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws Exception {
061            WebUtils.redirectToSavedRequest(request, response, getSuccessUrl());
062        }
063    
064    }