Class RolesAuthorizationFilter
- java.lang.Object
-
- org.apache.shiro.web.servlet.ServletContextSupport
-
- org.apache.shiro.web.servlet.AbstractFilter
-
- org.apache.shiro.web.servlet.NameableFilter
-
- org.apache.shiro.web.servlet.OncePerRequestFilter
-
- org.apache.shiro.web.servlet.AdviceFilter
-
- org.apache.shiro.web.filter.PathMatchingFilter
-
- org.apache.shiro.web.filter.AccessControlFilter
-
- org.apache.shiro.web.filter.authz.AuthorizationFilter
-
- org.apache.shiro.web.filter.authz.RolesAuthorizationFilter
-
- All Implemented Interfaces:
javax.servlet.Filter,org.apache.shiro.util.Nameable,PathConfigProcessor
public class RolesAuthorizationFilter extends AuthorizationFilter
Filter that allows access if the current user has the roles specified by the mapped value, or denies access if the user does not have all of the roles specified.- Since:
- 0.9
-
-
Field Summary
-
Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
-
Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
-
Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX
-
Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
filterConfig
-
-
Constructor Summary
Constructors Constructor Description RolesAuthorizationFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description booleanisAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue)Returnstrueif the request is allowed to proceed through the filter normally, orfalseif the request should be handled by theonAccessDenied(request,response,mappedValue)method instead.-
Methods inherited from class org.apache.shiro.web.filter.authz.AuthorizationFilter
getUnauthorizedUrl, onAccessDenied, setUnauthorizedUrl
-
Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
-
Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig
-
Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
-
Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter
-
Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder
-
Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig
-
Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString
-
-
-
-
Method Detail
-
isAccessAllowed
public boolean isAccessAllowed(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, Object mappedValue) throws IOExceptionDescription copied from class:AccessControlFilterReturnstrueif the request is allowed to proceed through the filter normally, orfalseif the request should be handled by theonAccessDenied(request,response,mappedValue)method instead.- Specified by:
isAccessAllowedin classAccessControlFilter- Parameters:
request- the incomingServletRequestresponse- the outgoingServletResponsemappedValue- the filter-specific config value mapped to this filter in the URL rules mappings.- Returns:
trueif the request should proceed through the filter normally,falseif the request should be processed by this filter'sAccessControlFilter.onAccessDenied(ServletRequest,ServletResponse,Object)method instead.- Throws:
IOException
-
-