You could create a filter that would delegate to another component for each auth type you are looking for in the request.
Possible with a "boolean supportsRequest(ServletRequest request)" and "boolean handleAuthRequest(ServletRequest request)" This is more or less what happens when you have multiple realms. You could look at the pattern used by the ModularRealmAuthenticator. (that one is a little more complex as it support multiple strategies) On Fri, Jul 7, 2017 at 4:39 AM, armandoxxx <[email protected]> wrote: > Hey guys ... > > I've got a little logical problem with filters ... > > Our use case: > > we export rest services and our end points are protected by Shiro. > on our end points we have different types or filter spceified. > > > > terminateFilter code is as follows > > > > Explanation: > > All previous filters (before terminateFilter) execute login if they are > supposed to execute it (meaning .. if formAuthFilter resolves it is login > request, then login will execute and return true or false depending on the > credentials) > All previous filters will return true in case request is not meant it to > execute login. > if none of the previous filters succeeded in isAccessAllowed and all > onAccessDenied() methods return true this terminateFilter filter will > definetly throw unauthorized response. > So unless we have terminateFilter in configuration and all fitlers skip > execute login, shiro does not block user ... (try it yourself) > > question: > Does anybody have any other solution so terminateFilter does not have to be > defined ? > > Any advice would be appreciated ... > > Regards > > Armando > > > > > > -- > View this message in context: http://shiro-user.582556.n2. > nabble.com/Multiple-auth-filters-and-onAccessDenied-method-logic-question- > tp7581679.html > Sent from the Shiro User mailing list archive at Nabble.com. >
