Author: jbunting
Date: Sat Aug 13 13:34:44 2011
New Revision: 1157377
URL: http://svn.apache.org/viewvc?rev=1157377&view=rev
Log:
SHIRO-283: adding ability to specify "permissive" for authc and authcBasic
filters. This will cause unauthenticated users to not be blocked, but will
perform appropriate login request (redirect or challenge response) when an
UnauthenticatedException is thrown.
Modified:
shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticatingFilter.java
shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
Modified:
shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticatingFilter.java
URL:
http://svn.apache.org/viewvc/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticatingFilter.java?rev=1157377&r1=1157376&r2=1157377&view=diff
==============================================================================
---
shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticatingFilter.java
(original)
+++
shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/AuthenticatingFilter.java
Sat Aug 13 13:34:44 2011
@@ -21,10 +21,14 @@ package org.apache.shiro.web.filter.auth
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
+import org.apache.shiro.authz.UnauthenticatedException;
import org.apache.shiro.subject.Subject;
+import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
+import java.io.IOException;
+import java.util.Arrays;
/**
* An <code>AuthenticationFilter</code> that is capable of automatically
performing an authentication attempt
@@ -33,6 +37,7 @@ import javax.servlet.ServletResponse;
* @since 0.9
*/
public abstract class AuthenticatingFilter extends AuthenticationFilter {
+ public static final String PERMISSIVE = "permissive";
//TODO - complete JavaDoc
@@ -104,4 +109,50 @@ public abstract class AuthenticatingFilt
protected boolean isRememberMe(ServletRequest request) {
return false;
}
+
+ /**
+ * Determines whether the current subject should be allowed to make the
current request.
+ * <p/>
+ * The default implementation returns <code>true</code> if the user is
authenticated. Will also return
+ * <code>true</code> if the {@link #isLoginRequest} returns false and the
"permissive" flag is set.
+ *
+ * @return <code>true</code> if request should be allowed access
+ */
+ @Override
+ protected boolean isAccessAllowed(ServletRequest request, ServletResponse
response, Object mappedValue) {
+ return super.isAccessAllowed(request, response, mappedValue) ||
+ (!isLoginRequest(request, response) &&
isPermissive(mappedValue));
+ }
+
+ /**
+ * Returns <code>true</code> if the mappedValue contains the {@link
#PERMISSIVE} qualifier.
+ *
+ * @return <code>true</code> if this filter should be permissive
+ */
+ protected boolean isPermissive(Object mappedValue) {
+ if(mappedValue != null) {
+ String[] values = (String[]) mappedValue;
+ return Arrays.binarySearch(values, PERMISSIVE) >= 0;
+ }
+ return false;
+ }
+
+ /**
+ * Overrides the default behavior to call {@link #onAccessDenied} and
swallow the exception if the exception is
+ * {@link UnauthenticatedException}.
+ */
+ @Override
+ protected void cleanup(ServletRequest request, ServletResponse response,
Exception existing) throws ServletException, IOException {
+ if (existing instanceof UnauthenticatedException || (existing
instanceof ServletException && existing.getCause() instanceof
UnauthenticatedException))
+ {
+ try {
+ onAccessDenied(request, response);
+ existing = null;
+ } catch (Exception e) {
+ existing = e;
+ }
+ }
+ super.cleanup(request, response, existing);
+
+ }
}
Modified:
shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
URL:
http://svn.apache.org/viewvc/shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java?rev=1157377&r1=1157376&r2=1157377&view=diff
==============================================================================
---
shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
(original)
+++
shiro/trunk/web/src/main/java/org/apache/shiro/web/filter/authc/BasicHttpAuthenticationFilter.java
Sat Aug 13 13:34:44 2011
@@ -212,6 +212,14 @@ public class BasicHttpAuthenticationFilt
}
/**
+ * Delegates to {@link #isLoginAttempt(javax.servlet.ServletRequest,
javax.servlet.ServletResponse) isLoginAttempt}.
+ */
+ @Override
+ protected final boolean isLoginRequest(ServletRequest request,
ServletResponse response) {
+ return this.isLoginAttempt(request, response);
+ }
+
+ /**
* Returns the {@link #AUTHORIZATION_HEADER AUTHORIZATION_HEADER} from the
specified ServletRequest.
* <p/>
* This implementation merely casts the request to an
<code>HttpServletRequest</code> and returns the header:
