Package org.tynamo.security.shiro.authz
Class RolesAuthorizationFilter
java.lang.Object
org.apache.shiro.web.servlet.ServletContextSupport
org.apache.shiro.web.servlet.AbstractFilter
org.apache.shiro.web.servlet.NameableFilter
org.apache.shiro.web.servlet.OncePerRequestFilter
org.apache.shiro.web.servlet.AdviceFilter
org.tynamo.security.shiro.AccessControlFilter
org.tynamo.security.shiro.authz.AuthorizationFilter
org.tynamo.security.shiro.authz.RolesAuthorizationFilter
- All Implemented Interfaces:
jakarta.servlet.Filter,org.apache.shiro.lang.util.Nameable
Filter that allows access if the current user has the roles specified by the mapped value, or denies access
if the user does not have all of the roles specified.
- Since:
- 0.4.0
-
Field Summary
Fields inherited from class org.tynamo.security.shiro.AccessControlFilter
GET_METHOD, LOGIN_URL, pathMatcher, POST_METHOD, REDIRECT_TO_SAVED_URL, SUCCESS_URL, TAPESTRY_VERSION, UNAUTHORIZED_URLFields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIXFields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbooleanisAccessAllowed(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, Object mappedValue) Returnstrueif the request is allowed to proceed through the filter normally, orfalseif the request should be handled by theonAccessDenied(request,response,mappedValue)method instead.Methods inherited from class org.tynamo.security.shiro.authz.AuthorizationFilter
getUnauthorizedUrl, onAccessDenied, setUnauthorizedUrlMethods inherited from class org.tynamo.security.shiro.AccessControlFilter
addConfig, getLoginContextService, getLoginUrl, getSubject, getSuccessUrl, isLoginRequest, isRedirectToSavedUrl, onAccessDenied, onPreHandle, preHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setConfig, setLoginUrl, setRedirectToSavedUrl, setSuccessUrlMethods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandleMethods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilterMethods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilderMethods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfigMethods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
-
Constructor Details
-
RolesAuthorizationFilter
-
-
Method Details
-
isAccessAllowed
public boolean isAccessAllowed(jakarta.servlet.ServletRequest request, jakarta.servlet.ServletResponse response, Object mappedValue) throws IOException Description copied from class:AccessControlFilterReturnstrueif the request is allowed to proceed through the filter normally, orfalseif the request should be handled by theonAccessDenied(request,response,mappedValue)method instead.- Specified by:
isAccessAllowedin classAccessControlFilter- Parameters:
request- the incomingServletRequestresponse- the outgoingServletResponsemappedValue- the filter-specific config value mapped to this filter in the URL rules mappings.- Returns:
trueif the request should proceed through the filter normally,falseif the request should be processed by this filter'sAccessControlFilter.onAccessDenied(ServletRequest,ServletResponse,Object)method instead.- Throws:
IOException
-