PassThruAuthenticationFilter (Apache Shiro :: Web 1.10.0 API)

java.lang.Object
- org.apache.shiro.web.servlet.ServletContextSupport
- - org.apache.shiro.web.servlet.AbstractFilter
  - - org.apache.shiro.web.servlet.NameableFilter
    - - org.apache.shiro.web.servlet.OncePerRequestFilter
      - org.apache.shiro.web.servlet.AdviceFilter
        
        org.apache.shiro.web.filter.PathMatchingFilter
        
        org.apache.shiro.web.filter.AccessControlFilter
        
        org.apache.shiro.web.filter.authc.AuthenticationFilter
        
        org.apache.shiro.web.filter.authc.PassThruAuthenticationFilter

All Implemented Interfaces:

javax.servlet.Filter, org.apache.shiro.util.Nameable, PathConfigProcessor
```
public class PassThruAuthenticationFilter
extends AuthenticationFilter
```
An authentication filter that redirects the user to the login page when they are trying to access a protected resource. However, if the user is trying to access the login page, the filter lets the request pass through to the application code.
The difference between this filter and the FormAuthenticationFilter is that on a login submission (by default an HTTP POST to the login URL), the FormAuthenticationFilter filter attempts to automatically authenticate the user by passing the username and password request parameter values to Subject.login(usernamePasswordToken) directly.
Conversely, this controller always passes all requests to the loginUrl through, both GETs and POSTs. This is useful in cases where the developer wants to write their own login behavior, which should include a call to Subject.login(AuthenticationToken) at some point. For example, if the developer has their own custom MVC login controller or validator, this PassThruAuthenticationFilter may be appropriate.

Since:

0.9

See Also:

FormAuthenticationFilter

Field Summary
- Fields inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
  DEFAULT_SUCCESS_URL
- Fields inherited from class org.apache.shiro.web.filter.AccessControlFilter
  DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
- Fields inherited from class org.apache.shiro.web.filter.PathMatchingFilter
  appliedPaths, pathMatcher
- Fields inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
  ALREADY_FILTERED_SUFFIX
- Fields inherited from class org.apache.shiro.web.servlet.AbstractFilter
  filterConfig

Constructor Summary

Constructors
Constructor Description

PassThruAuthenticationFilter()

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected boolean`	`onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)`	Processes requests where the subject was denied access as determined by the `isAccessAllowed` method.

Methods inherited from class org.apache.shiro.web.filter.authc.AuthenticationFilter
getSuccessUrl, isAccessAllowed, issueSuccessRedirect, setSuccessUrl

Methods inherited from class org.apache.shiro.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl

Methods inherited from class org.apache.shiro.web.filter.PathMatchingFilter
getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

Methods inherited from class org.apache.shiro.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.apache.shiro.web.servlet.OncePerRequestFilter
doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, isFilterOncePerRequest, setEnabled, setFilterOncePerRequest, shouldNotFilter

Methods inherited from class org.apache.shiro.web.servlet.NameableFilter
getName, setName, toStringBuilder

Methods inherited from class org.apache.shiro.web.servlet.AbstractFilter
destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

Methods inherited from class org.apache.shiro.web.servlet.ServletContextSupport
getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

- Constructor Detail
  - PassThruAuthenticationFilter
```
public PassThruAuthenticationFilter()
```
- Method Detail
  - onAccessDenied
```
protected boolean onAccessDenied(javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)
                          throws Exception
```
    Description copied from class: AccessControlFilter
    
    Processes requests where the subject was denied access as determined by the isAccessAllowed method.
    
    Specified by:
    
    onAccessDenied in class AccessControlFilter
    
    Parameters:
    
    request - the incoming ServletRequest
    
    response - the outgoing ServletResponse
    
    Returns:
    
    true if the request should continue to be processed; false if the subclass will handle/render the response directly.
    
    Throws:
    
    Exception - if there is an error processing the request.