Class AnonymousFilter
-
- All Implemented Interfaces:
javax.servlet.Filter,org.apache.shiro.util.Nameable,PathConfigProcessor
public class AnonymousFilter extends PathMatchingFilter
Filter that allows access to a path immeidately without performing security checks of any kind. This filter is useful primarily in exclusionary policies, where you have defined a url pattern to require a certain security level, but maybe only subset of urls in that pattern should allow any access. For example, if you had a user-only section of a website, you might want to require that access to any url in that section must be from an authenticated user. Here is how that would look in the IniShiroFilter configuration:[urls]But if you wanted
/user/** = authc/user/signup/**to be available to anyone, you have to exclude that path since it is a subset of the first. This is where the AnonymousFilter ('anon') is useful:[urls]> Since the url pattern definitions follow a 'first match wins' paradigm, the
/user/signup/** = anon
/user/** = authcanonfilter will match the/user/signup/**paths and the/user/**path chain will not be evaluated.- Since:
- 0.9
-
-
Field Summary
-
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
-
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
-
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
-
-
Constructor Summary
Constructors Constructor Description AnonymousFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected booleanonPreHandle(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue)Always returnstrueallowing unchecked access to the underlying path or resource.-
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
-
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
-
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
-
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
-
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
-
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
-
-
-
-
Method Detail
-
onPreHandle
protected boolean onPreHandle(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue)Always returnstrueallowing unchecked access to the underlying path or resource.- Overrides:
onPreHandlein classPathMatchingFilter- Parameters:
request- the incoming ServletRequestresponse- the outgoing ServletResponsemappedValue- the filter-specific config value mapped to this filter in the URL rules mappings.- Returns:
truealways, allowing unchecked access to the underlying path or resource.- See Also:
PathMatchingFilter.isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse, String, Object)
-
-