org.tynamo.security.shiro.authc
Class AnonymousFilter

java.lang.Object
  org.apache.shiro.web.servlet.ServletContextSupport
      org.apache.shiro.web.servlet.AbstractFilter
          org.apache.shiro.web.servlet.NameableFilter
              org.apache.shiro.web.servlet.OncePerRequestFilter
                  org.apache.shiro.web.servlet.AdviceFilter
                      org.tynamo.security.shiro.AccessControlFilter
                          org.tynamo.security.shiro.authc.AuthenticationFilter
                              org.tynamo.security.shiro.authc.AuthenticatingFilter
                                  org.tynamo.security.shiro.authc.AnonymousFilter

All Implemented Interfaces:

javax.servlet.Filter, org.apache.shiro.util.Nameable

public class AnonymousFilter
extends AuthenticatingFilter

Filter that allows access to a path immeidately without performing security checks of any kind.

This filter is useful primarily in exclusionary policies, where you have defined a url pattern to require a certain security level, but maybe only subset of urls in that pattern should allow any access.

For example, if you had a user-only section of a website, you might want to require that access to any url in that section must be from an authenticated user.

Here is how that would look in the IniShiroFilter configuration:

[urls]
/user/** = authc

But if you wanted /user/signup/** to be available to anyone, you have to exclude that path since it is a subset of the first. This is where the AnonymousFilter ('anon') is useful:

[urls]
/user/signup/** = anon
/user/** = authc>

Since the url pattern definitions follow a 'first match wins' paradigm, the anon filter will match the /user/signup/** paths and the /user/** path chain will not be evaluated.

Since:

0.4.0

Field Summary

Fields inherited from class org.tynamo.security.shiro.AccessControlFilter

GET_METHOD, LOGIN_URL, pathMatcher, POST_METHOD, REDIRECT_TO_SAVED_URL, SUCCESS_URL, UNAUTHORIZED_URL

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

filterConfig

Constructor Summary

AnonymousFilter(LoginContextService loginContextService)

Method Summary

protected org.apache.shiro.authc.AuthenticationToken	createToken(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
protected boolean	onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) Processes requests where the subject was denied access as determined by the isAccessAllowed method.
boolean	onPreHandle(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, java.lang.Object mappedValue) Always returns true allowing unchecked access to the underlying path or resource.

Methods inherited from class org.tynamo.security.shiro.authc.AuthenticatingFilter

createToken, createToken, executeLogin, getHost, isRememberMe, onLoginFailure, onLoginSuccess

Methods inherited from class org.tynamo.security.shiro.authc.AuthenticationFilter

isAccessAllowed, issueSuccessRedirect

Methods inherited from class org.tynamo.security.shiro.AccessControlFilter

addConfig, getLoginContextService, getLoginUrl, getSubject, getSuccessUrl, getUnauthorizedUrl, isLoginRequest, isRedirectToSavedUrl, onAccessDenied, preHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setConfig, setLoginUrl, setRedirectToSavedUrl, setSuccessUrl, setUnauthorizedUrl

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

AnonymousFilter

public AnonymousFilter(LoginContextService loginContextService)

Method Detail

onPreHandle

public boolean onPreHandle(javax.servlet.ServletRequest request,
                           javax.servlet.ServletResponse response,
                           java.lang.Object mappedValue)

Always returns true allowing unchecked access to the underlying path or resource.

Overrides:

onPreHandle in class AccessControlFilter

Returns:

true always, allowing unchecked access to the underlying path or resource.

createToken

protected org.apache.shiro.authc.AuthenticationToken createToken(javax.servlet.ServletRequest request,
                                                                 javax.servlet.ServletResponse response)
                                                          throws java.lang.Exception

Specified by:

createToken in class AuthenticatingFilter

Throws:

java.lang.Exception

onAccessDenied

protected boolean onAccessDenied(javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)
                          throws java.lang.Exception

Description copied from class: AccessControlFilter

Processes requests where the subject was denied access as determined by the isAccessAllowed method.

Specified by:

onAccessDenied in class AccessControlFilter

Parameters:

request - the incoming ServletRequest

response - the outgoing ServletResponse

Returns:

true if the request should continue to be processed; false if the subclass will handle/render the response directly.

Throws:

java.lang.Exception - if there is an error processing the request.