Package org.tynamo.security.shiro.authc

Class UserFilter

java.lang.Object

org.apache.shiro.web.servlet.ServletContextSupport

org.apache.shiro.web.servlet.AbstractFilter

org.apache.shiro.web.servlet.NameableFilter

org.apache.shiro.web.servlet.OncePerRequestFilter

org.apache.shiro.web.servlet.AdviceFilter

org.tynamo.security.shiro.AccessControlFilter

org.tynamo.security.shiro.authc.UserFilter

All Implemented Interfaces:

jakarta.servlet.Filter, org.apache.shiro.lang.util.Nameable

public class UserFilter
extends AccessControlFilter

Filter that allows access to resources if the accessor is a known user, which is defined as having a known principal. This means that any user who is authenticated or remembered via a 'remember me' feature will be allowed access from this filter.

If the accessor is not a known user, then they will be redirected to the loginUrl

Since:

0.4.0

Field Summary

Fields inherited from class org.tynamo.security.shiro.AccessControlFilter

GET_METHOD, LOGIN_URL, pathMatcher, POST_METHOD, REDIRECT_TO_SAVED_URL, SUCCESS_URL, TAPESTRY_VERSION, UNAUTHORIZED_URL

Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter

filterConfig

Constructor Summary

Constructors

Constructor	Description
UserFilter(LoginContextService loginContextService)

Method Summary

Modifier and Type	Method	Description
protected boolean	isAccessAllowed(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, Object mappedValue)	Returns true if the request is a loginRequest or if the current subject is not null, false otherwise.
protected boolean	onAccessDenied(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response)	This default implementation simply calls saveRequestAndRedirectToLogin and then immediately returns false, thereby preventing the chain from continuing so the redirect may execute.

Methods inherited from class org.tynamo.security.shiro.AccessControlFilter

addConfig, getLoginContextService, getLoginUrl, getSubject, getSuccessUrl, getUnauthorizedUrl, isLoginRequest, isRedirectToSavedUrl, onAccessDenied, onPreHandle, preHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setConfig, setLoginUrl, setRedirectToSavedUrl, setSuccessUrl, setUnauthorizedUrl

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter

afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter

getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter

destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport

getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

UserFilter

public UserFilter(LoginContextService loginContextService)

Method Details

isAccessAllowed

protected boolean isAccessAllowed(jakarta.servlet.ServletRequest request,
 jakarta.servlet.ServletResponse response,
 Object mappedValue)

Returns true if the request is a loginRequest or if the current subject is not null, false otherwise.

Specified by:

isAccessAllowed in class AccessControlFilter

Parameters:

request - the incoming ServletRequest

response - the outgoing ServletResponse

mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.

Returns:

true if the request is a loginRequest or if the current subject is not null, false otherwise.

onAccessDenied

protected boolean onAccessDenied(jakarta.servlet.ServletRequest request,
 jakarta.servlet.ServletResponse response)
                          throws Exception

This default implementation simply calls saveRequestAndRedirectToLogin and then immediately returns false, thereby preventing the chain from continuing so the redirect may execute.

Specified by:

onAccessDenied in class AccessControlFilter

Parameters:

request - the incoming ServletRequest

response - the outgoing ServletResponse

Returns:

true if the request should continue to be processed; false if the subclass will handle/render the response directly.

Throws:

Exception - if there is an error processing the request.