shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jbunt...@apache.org
Subject svn commit: r1157377 - in /shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc: AuthenticatingFilter.java BasicHttpAuthenticationFilter.java
Date Sat, 13 Aug 2011 13:34:44 GMT
Author: jbunting
Date: Sat Aug 13 13:34:44 2011
New Revision: 1157377

URL: http://svn.apache.org/viewvc?rev=1157377&view=rev
Log:
SHIRO-283: adding ability to specify "permissive" for authc and authcBasic filters.  This
will cause unauthenticated users to not be blocked, but will perform appropriate login request
(redirect or challenge response) when an UnauthenticatedException is thrown.

Modified:
    shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticatingFilter.java
    shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java

Modified: shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticatingFilter.java
URL: http://svn.apache.org/viewvc/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticatingFilter.java?rev=1157377&r1=1157376&r2=1157377&view=diff
==============================================================================
--- shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticatingFilter.java
(original)
+++ shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticatingFilter.java
Sat Aug 13 13:34:44 2011
@@ -21,10 +21,14 @@ package org.apache.shiro.web.filter.auth
 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authz.UnauthenticatedException;
 import org.apache.shiro.subject.Subject;
 
+import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
+import java.io.IOException;
+import java.util.Arrays;
 
 /**
  * An <code>AuthenticationFilter</code> that is capable of automatically performing
an authentication attempt
@@ -33,6 +37,7 @@ import javax.servlet.ServletResponse;
  * @since 0.9
  */
 public abstract class AuthenticatingFilter extends AuthenticationFilter {
+    public static final String PERMISSIVE = "permissive";
 
     //TODO - complete JavaDoc
 
@@ -104,4 +109,50 @@ public abstract class AuthenticatingFilt
     protected boolean isRememberMe(ServletRequest request) {
         return false;
     }
+
+    /**
+     * Determines whether the current subject should be allowed to make the current request.
+     * <p/>
+     * The default implementation returns <code>true</code> if the user is authenticated.
 Will also return
+     * <code>true</code> if the {@link #isLoginRequest} returns false and the
&quot;permissive&quot; flag is set.
+     *
+     * @return <code>true</code> if request should be allowed access
+     */
+    @Override
+    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object
mappedValue) {
+        return super.isAccessAllowed(request, response, mappedValue) ||
+                (!isLoginRequest(request, response) && isPermissive(mappedValue));
+    }
+
+    /**
+     * Returns <code>true</code> if the mappedValue contains the {@link #PERMISSIVE}
qualifier.
+     *
+     * @return <code>true</code> if this filter should be permissive
+     */
+    protected boolean isPermissive(Object mappedValue) {
+        if(mappedValue != null) {
+            String[] values = (String[]) mappedValue;
+            return Arrays.binarySearch(values, PERMISSIVE) >= 0;
+        }
+        return false;
+    }
+
+    /**
+     * Overrides the default behavior to call {@link #onAccessDenied} and swallow the exception
if the exception is
+     * {@link UnauthenticatedException}.
+     */
+    @Override
+    protected void cleanup(ServletRequest request, ServletResponse response, Exception existing)
throws ServletException, IOException {
+        if (existing instanceof UnauthenticatedException || (existing instanceof ServletException
&& existing.getCause() instanceof UnauthenticatedException))
+        {
+            try {
+                onAccessDenied(request, response);
+                existing = null;
+            } catch (Exception e) {
+                existing = e;
+            }
+        }
+        super.cleanup(request, response, existing);
+
+    }
 }

Modified: shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
URL: http://svn.apache.org/viewvc/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java?rev=1157377&r1=1157376&r2=1157377&view=diff
==============================================================================
--- shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
(original)
+++ shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
Sat Aug 13 13:34:44 2011
@@ -212,6 +212,14 @@ public class BasicHttpAuthenticationFilt
     }
 
     /**
+     * Delegates to {@link #isLoginAttempt(javax.servlet.ServletRequest, javax.servlet.ServletResponse)
isLoginAttempt}.
+     */
+    @Override
+    protected final boolean isLoginRequest(ServletRequest request, ServletResponse response)
{
+        return this.isLoginAttempt(request, response);
+    }
+
+    /**
      * Returns the {@link #AUTHORIZATION_HEADER AUTHORIZATION_HEADER} from the specified
ServletRequest.
      * <p/>
      * This implementation merely casts the request to an <code>HttpServletRequest</code>
and returns the header:



Mime
View raw message