UserFilter (Tapestry Security 0.7.1 API)

java.lang.Object
- org.apache.shiro.web.servlet.ServletContextSupport
- - org.apache.shiro.web.servlet.AbstractFilter
  - - org.apache.shiro.web.servlet.NameableFilter
    - - org.apache.shiro.web.servlet.OncePerRequestFilter
      - org.apache.shiro.web.servlet.AdviceFilter
        
        org.tynamo.security.shiro.AccessControlFilter
        
        org.tynamo.security.shiro.authc.UserFilter

All Implemented Interfaces:

javax.servlet.Filter, org.apache.shiro.util.Nameable
```
public class UserFilter
extends AccessControlFilter
```
Filter that allows access to resources if the accessor is a known user, which is defined as having a known principal. This means that any user who is authenticated or remembered via a 'remember me' feature will be allowed access from this filter.
If the accessor is not a known user, then they will be redirected to the loginUrl

Since:

0.4.0

Field Summary
- Fields inherited from class org.tynamo.security.shiro.AccessControlFilter
  GET_METHOD, LOGIN_URL, pathMatcher, POST_METHOD, REDIRECT_TO_SAVED_URL, SUCCESS_URL, TAPESTRY_VERSION, UNAUTHORIZED_URL
- Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
  ALREADY_FILTERED_SUFFIX
- Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
  filterConfig

Constructor Summary

Constructors
Constructor and Description

UserFilter(LoginContextService loginContextService)

Constructors
Constructor and Description
`UserFilter(LoginContextService loginContextService)`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected boolean`	`isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue)` Returns `true` if the request is a `loginRequest` or if the current `subject` is not `null`, `false` otherwise.
`protected boolean`	`onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)` This default implementation simply calls `saveRequestAndRedirectToLogin` and then immediately returns `false`, thereby preventing the chain from continuing so the redirect may execute.

Methods inherited from class org.tynamo.security.shiro.AccessControlFilter
addConfig, getLoginContextService, getLoginUrl, getSubject, getSuccessUrl, getUnauthorizedUrl, isLoginRequest, isRedirectToSavedUrl, onAccessDenied, onPreHandle, preHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setConfig, setLoginUrl, setRedirectToSavedUrl, setSuccessUrl, setUnauthorizedUrl

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - UserFilter
```
public UserFilter(LoginContextService loginContextService)
```
- Method Detail
  - isAccessAllowed
```
protected boolean isAccessAllowed(javax.servlet.ServletRequest request,
                                  javax.servlet.ServletResponse response,
                                  Object mappedValue)
```
    Returns true if the request is a loginRequest or if the current subject is not null, false otherwise.
    
    Specified by:
    
    isAccessAllowed in class AccessControlFilter
    
    Parameters:
    
    request - the incoming ServletRequest
    
    response - the outgoing ServletResponse
    
    mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
    
    Returns:
    
    true if the request is a loginRequest or if the current subject is not null, false otherwise.
  - onAccessDenied
```
protected boolean onAccessDenied(javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)
                          throws Exception
```
    This default implementation simply calls saveRequestAndRedirectToLogin and then immediately returns false, thereby preventing the chain from continuing so the redirect may execute.
    
    Specified by:
    
    onAccessDenied in class AccessControlFilter
    
    Parameters:
    
    request - the incoming ServletRequest
    
    response - the outgoing ServletResponse
    
    Returns:
    
    true if the request should continue to be processed; false if the subclass will handle/render the response directly.
    
    Throws:
    
    Exception - if there is an error processing the request.

Class UserFilter

Field Summary

Fields inherited from class org.tynamo.security.shiro.AccessControlFilter

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

Constructor Summary

Method Summary

Methods inherited from class org.tynamo.security.shiro.AccessControlFilter

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

Methods inherited from class java.lang.Object

Constructor Detail

UserFilter

Method Detail

isAccessAllowed

onAccessDenied