org.tynamo.security.shiro.authc

Class AuthenticatingFilter

java.lang.Object

org.apache.shiro.web.servlet.ServletContextSupport

org.apache.shiro.web.servlet.AbstractFilter

org.apache.shiro.web.servlet.NameableFilter

org.apache.shiro.web.servlet.OncePerRequestFilter

org.apache.shiro.web.servlet.AdviceFilter

org.tynamo.security.shiro.AccessControlFilter

org.tynamo.security.shiro.authc.AuthenticationFilter

org.tynamo.security.shiro.authc.AuthenticatingFilter

All Implemented Interfaces:

javax.servlet.Filter, org.apache.shiro.util.Nameable

Direct Known Subclasses:

AnonymousFilter, BasicHttpAuthenticationFilter, CasFilter, FormAuthenticationFilter

public abstract class AuthenticatingFilter
extends AuthenticationFilter

An AuthenticationFilter that is capable of automatically performing an authentication attempt based on the incoming request.

Since:

0.4.0

Field Summary

Fields inherited from class org.tynamo.security.shiro.AccessControlFilter

GET_METHOD, LOGIN_URL, pathMatcher, POST_METHOD, REDIRECT_TO_SAVED_URL, SUCCESS_URL, TAPESTRY_VERSION, UNAUTHORIZED_URL

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

filterConfig

Constructor Summary

Constructors

Constructor and Description
AuthenticatingFilter(LoginContextService loginContextService)

Method Summary

Methods

Modifier and Type	Method and Description
protected abstract org.apache.shiro.authc.AuthenticationToken	createToken(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
protected org.apache.shiro.authc.AuthenticationToken	createToken(String username, String password, boolean rememberMe, String host)
protected org.apache.shiro.authc.AuthenticationToken	createToken(String username, String password, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
protected boolean	executeLogin(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
protected String	getHost(javax.servlet.ServletRequest request) Returns the host name or IP associated with the current subject.
protected boolean	isRememberMe(javax.servlet.ServletRequest request) Returns true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.
protected boolean	onLoginFailure(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.authc.AuthenticationException e, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
protected boolean	onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.subject.Subject subject, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)

Methods inherited from class org.tynamo.security.shiro.authc.AuthenticationFilter

isAccessAllowed, issueSuccessRedirect

Methods inherited from class org.tynamo.security.shiro.AccessControlFilter

addConfig, getLoginContextService, getLoginUrl, getSubject, getSuccessUrl, getUnauthorizedUrl, isLoginRequest, isRedirectToSavedUrl, onAccessDenied, onAccessDenied, onPreHandle, preHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setConfig, setLoginUrl, setRedirectToSavedUrl, setSuccessUrl, setUnauthorizedUrl

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

AuthenticatingFilter

public AuthenticatingFilter(LoginContextService loginContextService)

Method Detail

executeLogin

protected boolean executeLogin(javax.servlet.ServletRequest request,
                   javax.servlet.ServletResponse response)
                        throws Exception

Throws:

Exception

createToken

protected abstract org.apache.shiro.authc.AuthenticationToken createToken(javax.servlet.ServletRequest request,
                                                     javax.servlet.ServletResponse response)
                                                                   throws Exception

Throws:

Exception

createToken

protected org.apache.shiro.authc.AuthenticationToken createToken(String username,
                                                     String password,
                                                     javax.servlet.ServletRequest request,
                                                     javax.servlet.ServletResponse response)

createToken

protected org.apache.shiro.authc.AuthenticationToken createToken(String username,
                                                     String password,
                                                     boolean rememberMe,
                                                     String host)

onLoginSuccess

protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token,
                     org.apache.shiro.subject.Subject subject,
                     javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response)
                          throws Exception

Throws:

Exception

onLoginFailure

protected boolean onLoginFailure(org.apache.shiro.authc.AuthenticationToken token,
                     org.apache.shiro.authc.AuthenticationException e,
                     javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response)

getHost

protected String getHost(javax.servlet.ServletRequest request)

Returns the host name or IP associated with the current subject. This method is primarily provided for use during construction of an AuthenticationToken.

The default implementation merely returns ServletRequest.getRemoteHost().

Parameters:

request - the incoming ServletRequest

Returns:

the InetAddress to associate with the login attempt.

isRememberMe

protected boolean isRememberMe(javax.servlet.ServletRequest request)

Returns true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.

This implementation always returns false and is provided as a template hook to subclasses that support rememberMe logins and wish to determine rememberMe in a custom mannner based on the current request.

Parameters:

request - the incoming ServletRequest

Returns:

true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.