private void applyLoginUrlIfNecessary(Filter filter) { String loginUrl = getLoginUrl(); if (StringUtils.hasText(loginUrl) && (filter instanceof AccessControlFilter)) { AccessControlFilter acFilter = (AccessControlFilter) filter; //only apply the login url if they haven't explicitly configured one already: String existingLoginUrl = acFilter.getLoginUrl(); if (AccessControlFilter.DEFAULT_LOGIN_URL.equals(existingLoginUrl)) { acFilter.setLoginUrl(loginUrl); } } }
/** * Returns <code>true</code> if * {@link #isAccessAllowed(ServletRequest,ServletResponse,Object) isAccessAllowed(Request,Response,Object)}, * otherwise returns the result of * {@link #onAccessDenied(ServletRequest,ServletResponse,Object) onAccessDenied(Request,Response,Object)}. * * @return <code>true</code> if * {@link #isAccessAllowed(javax.servlet.ServletRequest, javax.servlet.ServletResponse, Object) isAccessAllowed}, * otherwise returns the result of * {@link #onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse) onAccessDenied}. * @throws Exception if an error occurs. */ public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { return isAccessAllowed(request, response, mappedValue) || onAccessDenied(request, response, mappedValue); }
/** * Returns <code>true</code> if the incoming request is a login request, <code>false</code> otherwise. * <p/> * The default implementation merely returns <code>true</code> if the incoming request matches the configured * {@link #getLoginUrl() loginUrl} by calling * <code>{@link #pathsMatch(String, String) pathsMatch(loginUrl, request)}</code>. * * @param request the incoming <code>ServletRequest</code> * @param response the outgoing <code>ServletResponse</code> * @return <code>true</code> if the incoming request is a login request, <code>false</code> otherwise. */ protected boolean isLoginRequest(ServletRequest request, ServletResponse response) { return pathsMatch(getLoginUrl(), request); }
/** * Convenience method for subclasses to use when a login redirect is required. * <p/> * This implementation simply calls {@link #saveRequest(javax.servlet.ServletRequest) saveRequest(request)} * and then {@link #redirectToLogin(javax.servlet.ServletRequest, javax.servlet.ServletResponse) redirectToLogin(request,response)}. * * @param request the incoming <code>ServletRequest</code> * @param response the outgoing <code>ServletResponse</code> * @throws IOException if an error occurs. */ protected void saveRequestAndRedirectToLogin(ServletRequest request, ServletResponse response) throws IOException { saveRequest(request); redirectToLogin(request, response); }
@Override public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { request.setAttribute("jcaptchaEbabled", jcaptchaEbabled); return super.onPreHandle(request, response, mappedValue); }
/** * Convenience method for subclasses that merely acquires the {@link #getLoginUrl() getLoginUrl} and redirects * the request to that url. * <p/> * <b>N.B.</b> If you want to issue a redirect with the intention of allowing the user to then return to their * originally requested URL, don't use this method directly. Instead you should call * {@link #saveRequestAndRedirectToLogin(javax.servlet.ServletRequest, javax.servlet.ServletResponse) * saveRequestAndRedirectToLogin(request,response)}, which will save the current request state so that it can * be reconstructed and re-used after a successful login. * * @param request the incoming <code>ServletRequest</code> * @param response the outgoing <code>ServletResponse</code> * @throws IOException if an error occurs. */ protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException { String loginUrl = getLoginUrl(); WebUtils.issueRedirect(request, response, loginUrl); }
protected void configure() { this.objects.clear(); WebSecurityManager securityManager = createWebSecurityManager(); setWebSecurityManager(securityManager); String loginUrl = conf.get(ShiroEnvStarter.PROP_URL_LOGIN, "/user/login"); String unauthorizedUrl = conf.get(ShiroEnvStarter.PROP_URL_UNAUTH, "/user/login"); String logoutUrl = conf.get(ShiroEnvStarter.PROP_URL_LOGOUT_REDIRECT, "/"); for (Map.Entry<String, Filter> en : DefaultFilter.createInstanceMap(null).entrySet()) { Filter filter = en.getValue(); if (filter instanceof LogoutFilter) { ((LogoutFilter)filter).setRedirectUrl(logoutUrl); } else if (filter instanceof AuthenticatingFilter) { ((AuthenticatingFilter)filter).setLoginUrl(loginUrl); } else if (filter instanceof AccessControlFilter) { ((AccessControlFilter)filter).setLoginUrl(unauthorizedUrl); } objects.put(en.getKey(), en.getValue()); } for (String objectName : Strings.splitIgnoreBlank(conf.get("shiro.objects", ""))) { objects.put(objectName, ioc.get(null, objectName)); } FilterChainResolver resolver = createFilterChainResolver(); if (resolver != null) { setFilterChainResolver(resolver); } NutShiro.DefaultLoginURL = loginUrl; NutShiro.DefaultNoAuthURL = unauthorizedUrl; }
/** * Processes requests where the subject was denied access as determined by the * {@link #isAccessAllowed(javax.servlet.ServletRequest, javax.servlet.ServletResponse, Object) isAccessAllowed} * method, retaining the {@code mappedValue} that was used during configuration. * <p/> * This method immediately delegates to {@link #onAccessDenied(ServletRequest,ServletResponse)} as a * convenience in that most post-denial behavior does not need the mapped config again. * * @param request the incoming <code>ServletRequest</code> * @param response the outgoing <code>ServletResponse</code> * @param mappedValue the config specified for the filter in the matching request's filter chain. * @return <code>true</code> if the request should continue to be processed; false if the subclass will * handle/render the response directly. * @throws Exception if there is an error processing the request. * @since 1.0 */ protected boolean onAccessDenied(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { return onAccessDenied(request, response); }
@Override public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { request.setAttribute("jcaptchaEbabled", jcaptchaEbabled); return super.onPreHandle(request, response, mappedValue); }
private void applyLoginUrlIfNecessary(Filter filter) { String loginUrl = getLoginUrl(); if (StringUtils.hasText(loginUrl) && (filter instanceof AccessControlFilter)) { AccessControlFilter acFilter = (AccessControlFilter) filter; //only apply the login url if they haven't explicitly configured one already: String existingLoginUrl = acFilter.getLoginUrl(); if (AccessControlFilter.DEFAULT_LOGIN_URL.equals(existingLoginUrl)) { acFilter.setLoginUrl(loginUrl); } } }
@Override public boolean onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) throws Exception { request.setAttribute(ShiroConstants.CURRENT_ENABLED, captchaEnabled); request.setAttribute(ShiroConstants.CURRENT_TYPE, captchaType); return super.onPreHandle(request, response, mappedValue); }
private void applyLoginUrlIfNecessary(Filter filter) { String loginUrl = GojaConfig.getProperty("security.loginUrl", "/login"); if (StringUtils.hasText(loginUrl) && (filter instanceof AccessControlFilter)) { AccessControlFilter acFilter = (AccessControlFilter) filter; //only apply the login url if they haven't explicitly configured one already: String existingLoginUrl = acFilter.getLoginUrl(); if (AccessControlFilter.DEFAULT_LOGIN_URL.equals(existingLoginUrl)) { acFilter.setLoginUrl(loginUrl); } } }