Package org.apache.shiro.web.filter.authc

Class AuthenticatingFilter

    • Constructor Detail

      • AuthenticatingFilter

        public AuthenticatingFilter()

    • Method Detail

      • executeLogin

        protected boolean executeLogin​(javax.servlet.ServletRequest request,
                               javax.servlet.ServletResponse response)
                        throws Exception
        Throws:
        Exception

      • createToken

        protected abstract org.apache.shiro.authc.AuthenticationToken createToken​(javax.servlet.ServletRequest request,
                                                                          javax.servlet.ServletResponse response)
                                                                   throws Exception
        Throws:
        Exception

      • createToken

        protected org.apache.shiro.authc.AuthenticationToken createToken​(String username,
                                                                 String password,
                                                                 javax.servlet.ServletRequest request,
                                                                 javax.servlet.ServletResponse response)

      • createToken

        protected org.apache.shiro.authc.AuthenticationToken createToken​(String username,
                                                                 String password,
                                                                 boolean rememberMe,
                                                                 String host)

      • onLoginSuccess

        protected boolean onLoginSuccess​(org.apache.shiro.authc.AuthenticationToken token,
                                 org.apache.shiro.subject.Subject subject,
                                 javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)
                          throws Exception
        Throws:
        Exception

      • onLoginFailure

        protected boolean onLoginFailure​(org.apache.shiro.authc.AuthenticationToken token,
                                 org.apache.shiro.authc.AuthenticationException e,
                                 javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)

      • getHost

        protected String getHost​(javax.servlet.ServletRequest request)
        Returns the host name or IP associated with the current subject. This method is primarily provided for use during construction of an AuthenticationToken.

        The default implementation merely returns ServletRequest.getRemoteHost().

        Parameters:
        request - the incoming ServletRequest
        Returns:
        the InetAddress to associate with the login attempt.

      • isRememberMe

        protected boolean isRememberMe​(javax.servlet.ServletRequest request)
        Returns true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.

        This implementation always returns false and is provided as a template hook to subclasses that support rememberMe logins and wish to determine rememberMe in a custom mannner based on the current request.

        Parameters:
        request - the incoming ServletRequest
        Returns:
        true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.

      • isAccessAllowed

        protected boolean isAccessAllowed​(javax.servlet.ServletRequest request,
                                  javax.servlet.ServletResponse response,
                                  Object mappedValue)
        Determines whether the current subject should be allowed to make the current request.

        The default implementation returns true if the user is authenticated. Will also return true if the AccessControlFilter.isLoginRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse) returns false and the "permissive" flag is set.

        Overrides:
        isAccessAllowed in class AuthenticationFilter
        Parameters:
        request - the incoming ServletRequest
        response - the outgoing ServletResponse
        mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
        Returns:
        true if request should be allowed access

      • isPermissive

        protected boolean isPermissive​(Object mappedValue)
        Returns true if the mappedValue contains the PERMISSIVE qualifier.
        Returns:
        true if this filter should be permissive

      • cleanup

        protected void cleanup​(javax.servlet.ServletRequest request,
                       javax.servlet.ServletResponse response,
                       Exception existing)
                throws javax.servlet.ServletException,
                       IOException
        Overrides the default behavior to call AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse, java.lang.Object) and swallow the exception if the exception is UnauthenticatedException.
        Overrides:
        cleanup in class AdviceFilter
        Parameters:
        request - the incoming ServletRequest
        response - the outgoing ServletResponse
        existing - any exception that might have occurred while executing the FilterChain or pre or post advice, or null if the pre/chain/post execution did not throw an Exception.
        Throws:
        javax.servlet.ServletException - if any exception other than an IOException is thrown.
        IOException - if the pre/chain/post execution throw an IOException