Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.tynamo.security.shiro
Class AccessControlFilter

java.lang.Object
  extended by org.apache.shiro.web.servlet.ServletContextSupport
      extended by org.apache.shiro.web.servlet.AbstractFilter
          extended by org.apache.shiro.web.servlet.NameableFilter
              extended by org.apache.shiro.web.servlet.OncePerRequestFilter
                  extended by org.apache.shiro.web.servlet.AdviceFilter
                      extended by org.tynamo.security.shiro.AccessControlFilter
All Implemented Interfaces:
javax.servlet.Filter, org.apache.shiro.util.Nameable
Direct Known Subclasses:
AuthenticationFilter, AuthorizationFilter, UserFilter
public abstract class AccessControlFilter
extends org.apache.shiro.web.servlet.AdviceFilter

Superclass for any filter that controls access to a resource and may redirect the user to the login page if they are not authenticated. This superclass provides the method saveRequestAndRedirectToLogin(javax.servlet.ServletRequest, javax.servlet.ServletResponse) which is used by many subclasses as the behavior when a user is unauthenticated. This class and the subclasses that are used as Shiro's built-in filters were copied from Shiro 1.1.0 and modified locally to implement same behavior as specified in https://issues.apache.org/jira/browse/SHIRO-256 We'll revert to using Shiro's filters if the feature gets implemented in Shiro 2.x

Since:
0.4.0

Field Summary
static java.lang.String GET_METHOD
          Constant representing the HTTP 'GET' request method, equal to GET.
static java.lang.String LOGIN_URL
           
protected  org.apache.shiro.util.PatternMatcher pathMatcher
           
static java.lang.String POST_METHOD
          Constant representing the HTTP 'POST' request method, equal to POST.
static boolean REDIRECT_TO_SAVED_URL
           
static java.lang.String SUCCESS_URL
           
static java.lang.String UNAUTHORIZED_URL
           
 
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
 
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
 
Constructor Summary
AccessControlFilter(PageService pageService)
           
 
Method Summary
 void addConfig(java.lang.String config)
           
 java.lang.String getLoginUrl()
          Returns the login URL used to authenticate a user.
protected  PageService getPageService()
           
protected  org.apache.shiro.subject.Subject getSubject(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
          Convenience method that acquires the Subject associated with the request.
 java.lang.String getSuccessUrl()
          Returns the success url to use as the default location a user is sent after logging in.
 java.lang.String getUnauthorizedUrl()
           
protected abstract  boolean isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, java.lang.Object mappedValue)
          Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response,mappedValue) method instead.
protected  boolean isLoginRequest(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
          Returns true if the incoming request is a login request, false otherwise.
 boolean isRedirectToSavedUrl()
           
protected abstract  boolean onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
          Processes requests where the subject was denied access as determined by the isAccessAllowed method.
protected  boolean onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, java.lang.Object mappedValue)
          Processes requests where the subject was denied access as determined by the isAccessAllowed method, retaining the mappedValue that was used during configuration.
 boolean onPreHandle(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, java.lang.Object mappedValue)
          Returns true if isAccessAllowed(Request,Response,Object), otherwise returns the result of onAccessDenied(Request,Response,Object).
protected  boolean preHandle(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
           
protected  void redirectToLogin(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
          Convenience method for subclasses that merely acquires the getLoginUrl and redirects the request to that url.
protected  void saveRequest(javax.servlet.ServletRequest request)
          Convenience method merely delegates to WebUtils.saveRequest(request) to save the request state for reuse later.
protected  void saveRequestAndRedirectToLogin(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
          Convenience method for subclasses to use when a login redirect is required.
 void setConfig(java.lang.String config)
           
 void setLoginUrl(java.lang.String loginUrl)
          Sets the login URL used to authenticate a user.
 void setRedirectToSavedUrl(boolean redirectToSavedUrl)
           
 void setSuccessUrl(java.lang.String successUrl)
          Sets the default/fallback success url to use as the default location a user is sent after logging in.
 void setUnauthorizedUrl(java.lang.String unauthorizedUrl)
           
 
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
 
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
 
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
 
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
 
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

LOGIN_URL

public static java.lang.String LOGIN_URL

SUCCESS_URL

public static java.lang.String SUCCESS_URL

UNAUTHORIZED_URL

public static java.lang.String UNAUTHORIZED_URL

REDIRECT_TO_SAVED_URL

public static boolean REDIRECT_TO_SAVED_URL

pathMatcher

protected org.apache.shiro.util.PatternMatcher pathMatcher

GET_METHOD

public static final java.lang.String GET_METHOD
Constant representing the HTTP 'GET' request method, equal to GET.

See Also:
Constant Field Values

POST_METHOD

public static final java.lang.String POST_METHOD
Constant representing the HTTP 'POST' request method, equal to POST.

See Also:
Constant Field Values
Constructor Detail

AccessControlFilter

public AccessControlFilter(PageService pageService)
Method Detail

addConfig

public void addConfig(java.lang.String config)

setConfig

public void setConfig(java.lang.String config)

getSuccessUrl

public java.lang.String getSuccessUrl()
Returns the success url to use as the default location a user is sent after logging in. Typically a redirect after login will redirect to the originally request URL; this property is provided mainly as a fallback in case the original request URL is not available or not specified.

The default value is #DEFAULT_SUCCESS_URL.

Returns:
the success url to use as the default location a user is sent after logging in.

setSuccessUrl

public void setSuccessUrl(java.lang.String successUrl)
Sets the default/fallback success url to use as the default location a user is sent after logging in. Typically a redirect after login will redirect to the originally request URL; this property is provided mainly as a fallback in case the original request URL is not available or not specified.

The default value is #DEFAULT_SUCCESS_URL.

Parameters:
successUrl - the success URL to redirect the user to after a successful login.

getLoginUrl

public java.lang.String getLoginUrl()
Returns the login URL used to authenticate a user.

Most Shiro filters use this url as the location to redirect a user when the filter requires authentication. Unless overridden, the DEFAULT_LOGIN_URL is assumed, which can be overridden via setLoginUrl.

Returns:
the login URL used to authenticate a user, used when redirecting users if authentication is required.

setLoginUrl

public void setLoginUrl(java.lang.String loginUrl)
Sets the login URL used to authenticate a user.

Most Shiro filters use this url as the location to redirect a user when the filter requires authentication. Unless overridden, the DEFAULT_LOGIN_URL is assumed.

Parameters:
loginUrl - the login URL used to authenticate a user, used when redirecting users if authentication is required.

getUnauthorizedUrl

public java.lang.String getUnauthorizedUrl()

setUnauthorizedUrl

public void setUnauthorizedUrl(java.lang.String unauthorizedUrl)

getSubject

protected org.apache.shiro.subject.Subject getSubject(javax.servlet.ServletRequest request,
                                                      javax.servlet.ServletResponse response)
Convenience method that acquires the Subject associated with the request.

The default implementation simply returns SecurityUtils.getSubject().

Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
Returns:
the Subject associated with the request.

isAccessAllowed

protected abstract boolean isAccessAllowed(javax.servlet.ServletRequest request,
                                           javax.servlet.ServletResponse response,
                                           java.lang.Object mappedValue)
                                    throws java.lang.Exception
Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response,mappedValue) method instead.

Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
Returns:
true if the request should proceed through the filter normally, false if the request should be processed by this filter's onAccessDenied(ServletRequest,ServletResponse,Object) method instead.
Throws:
java.lang.Exception - if an error occurs during processing.

onAccessDenied

protected boolean onAccessDenied(javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response,
                                 java.lang.Object mappedValue)
                          throws java.lang.Exception
Processes requests where the subject was denied access as determined by the isAccessAllowed method, retaining the mappedValue that was used during configuration.

This method immediately delegates to onAccessDenied(ServletRequest,ServletResponse) as a convenience in that most post-denial behavior does not need the mapped config again.

Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
mappedValue - the config specified for the filter in the matching request's filter chain.
Returns:
true if the request should continue to be processed; false if the subclass will handle/render the response directly.
Throws:
java.lang.Exception - if there is an error processing the request.
Since:
1.0

onAccessDenied

protected abstract boolean onAccessDenied(javax.servlet.ServletRequest request,
                                          javax.servlet.ServletResponse response)
                                   throws java.lang.Exception
Processes requests where the subject was denied access as determined by the isAccessAllowed method.

Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
Returns:
true if the request should continue to be processed; false if the subclass will handle/render the response directly.
Throws:
java.lang.Exception - if there is an error processing the request.

onPreHandle

public boolean onPreHandle(javax.servlet.ServletRequest request,
                           javax.servlet.ServletResponse response,
                           java.lang.Object mappedValue)
                    throws java.lang.Exception
Returns true if isAccessAllowed(Request,Response,Object), otherwise returns the result of onAccessDenied(Request,Response,Object).

Returns:
true if isAccessAllowed, otherwise returns the result of onAccessDenied.
Throws:
java.lang.Exception - if an error occurs.

preHandle

protected boolean preHandle(javax.servlet.ServletRequest request,
                            javax.servlet.ServletResponse response)
                     throws java.lang.Exception
Overrides:
preHandle in class org.apache.shiro.web.servlet.AdviceFilter
Throws:
java.lang.Exception

isLoginRequest

protected boolean isLoginRequest(javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)
Returns true if the incoming request is a login request, false otherwise.

The default implementation merely returns true if the incoming request matches the configured loginUrl by calling pathsMatch(loginUrl, request).

Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
Returns:
true if the incoming request is a login request, false otherwise.

saveRequestAndRedirectToLogin

protected void saveRequestAndRedirectToLogin(javax.servlet.ServletRequest request,
                                             javax.servlet.ServletResponse response)
                                      throws java.io.IOException
Convenience method for subclasses to use when a login redirect is required.

This implementation simply calls saveRequest(request) and then redirectToLogin(request,response).

Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
Throws:
java.io.IOException - if an error occurs.

saveRequest

protected void saveRequest(javax.servlet.ServletRequest request)
Convenience method merely delegates to WebUtils.saveRequest(request) to save the request state for reuse later. This is mostly used to retain user request state when a redirect is issued to return the user to their originally requested url/resource.

If you need to save and then immediately redirect the user to login, consider using saveRequestAndRedirectToLogin(request,response) directly.

Parameters:
request - the incoming ServletRequest to save for re-use later (for example, after a redirect).

redirectToLogin

protected void redirectToLogin(javax.servlet.ServletRequest request,
                               javax.servlet.ServletResponse response)
                        throws java.io.IOException
Convenience method for subclasses that merely acquires the getLoginUrl and redirects the request to that url.

N.B. If you want to issue a redirect with the intention of allowing the user to then return to their originally requested URL, don't use this method directly. Instead you should call saveRequestAndRedirectToLogin(request,response), which will save the current request state so that it can be reconstructed and re-used after a successful login.

Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
Throws:
java.io.IOException - if an error occurs.

isRedirectToSavedUrl

public boolean isRedirectToSavedUrl()

setRedirectToSavedUrl

public void setRedirectToSavedUrl(boolean redirectToSavedUrl)

getPageService

protected PageService getPageService()
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2012. All Rights Reserved.