cn.dreampie.common.plugin.shiro

类 MyFormAuthenticationFilter

java.lang.Object

org.apache.shiro.web.servlet.ServletContextSupport

org.apache.shiro.web.servlet.AbstractFilter

org.apache.shiro.web.servlet.NameableFilter

org.apache.shiro.web.servlet.OncePerRequestFilter

org.apache.shiro.web.servlet.AdviceFilter

org.apache.shiro.web.filter.PathMatchingFilter

cn.dreampie.common.plugin.shiro.MyAccessControlFilter

cn.dreampie.common.plugin.shiro.MyAuthenticationFilter

cn.dreampie.common.plugin.shiro.MyAuthenticatingFilter

cn.dreampie.common.plugin.shiro.MyFormAuthenticationFilter

所有已实现的接口:

javax.servlet.Filter, org.apache.shiro.util.Nameable, org.apache.shiro.web.filter.PathConfigProcessor

直接已知子类:

MyAnonymousFilter

public class MyFormAuthenticationFilter
extends MyAuthenticatingFilter

Requires the requesting user to be authenticated for the request to continue, and if they are not, forces the user to login via by redirecting them to the loginUrl you configure.

This filter constructs a UsernamePasswordToken with the values found in

username, password, and rememberMe request parameters. It then calls Subject.login(usernamePasswordToken), effectively automatically performing a login attempt. Note that the login attempt will only occur when the isLoginSubmission(request,response) is true, which by default occurs when the request is for the loginUrl and is a POST request.

If the login attempt fails, the resulting AuthenticationException fully qualified class name will

be set as a request attribute under the failureKeyAttribute key. This FQCN can be used as an i18n key or lookup mechanism to explain to the user why their login attempt failed (e.g. no user, incorrect password, etc).

If you would prefer to handle the authentication validation and login in your own code, consider using the

PassThruAuthenticationFilter instead, which allows requests to the MyAccessControlFilter.loginUrl to pass through to your application's code directly.

从以下版本开始:

0.9

另请参阅:

PassThruAuthenticationFilter

字段概要

字段

限定符和类型	字段和说明
static String	DEFAULT_ERROR_KEY_ATTRIBUTE_NAME
static String	DEFAULT_PASSWORD_PARAM
static String	DEFAULT_REMEMBER_ME_PARAM
static String	DEFAULT_USERNAME_PARAM

从类继承的字段 cn.dreampie.common.plugin.shiro.MyAuthenticatingFilter

DEFAULT_CAPTCHA_PARAM, PERMISSIVE

从类继承的字段 cn.dreampie.common.plugin.shiro.MyAuthenticationFilter

DEFAULT_SUCCESS_URL

从类继承的字段 cn.dreampie.common.plugin.shiro.MyAccessControlFilter

DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

从类继承的字段 org.apache.shiro.web.filter.PathMatchingFilter

appliedPaths, pathMatcher

从类继承的字段 org.apache.shiro.web.servlet.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX

从类继承的字段 org.apache.shiro.web.servlet.AbstractFilter

filterConfig

构造器概要

构造器

构造器和说明
MyFormAuthenticationFilter()

方法概要

限定符和类型	方法和说明
protected void	clearFailureAttribute(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
protected CaptchaUsernamePasswordToken	createToken(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
String	getFailureKeyAttribute()
protected String	getPassword(javax.servlet.ServletRequest request)
String	getPasswordParam()
String	getRememberMeParam()
protected String	getUsername(javax.servlet.ServletRequest request)
String	getUsernameParam()
protected boolean	isLoginSubmission(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) This default implementation merely returns true if the request is an HTTP POST, false otherwise.
protected boolean	isRememberMe(javax.servlet.ServletRequest request) Returns true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.
protected boolean	onAccessDenied(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) Processes requests where the subject was denied access as determined by the isAccessAllowed method.
protected boolean	onLoginFailure(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.authc.AuthenticationException e, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
protected boolean	onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token, org.apache.shiro.subject.Subject subject, javax.servlet.ServletRequest request, javax.servlet.ServletResponse response)
protected void	setFailureAttribute(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response, org.apache.shiro.authc.AuthenticationException ae)
void	setFailureKeyAttribute(String failureKeyAttribute)
void	setFailureUrlMap(Map<String,String> failureUrlMap) 多个失败的跳转路径
void	setLoginUrl(String loginUrl) Sets the login URL used to authenticate a user.
void	setLoginUrlMap(Map<String,String> loginUrlMap)
void	setPasswordParam(String passwordParam) Sets the request parameter name to look for when acquiring the password.
void	setRememberMeParam(String rememberMeParam) Sets the request parameter name to look for when acquiring the rememberMe boolean value.
void	setSuccessUrlMap(Map<String,String> successUrlMap) 多个成功的跳转路径
protected void	setUserAttribute(javax.servlet.ServletRequest request, javax.servlet.ServletResponse response) 已过时。
void	setUsernameParam(String usernameParam) Sets the request parameter name to look for when acquiring the username.

从类继承的方法 cn.dreampie.common.plugin.shiro.MyAuthenticatingFilter

cleanup, createToken, createToken, createToken, doCaptchaValidate, executeLogin, getCaptcha, getHost, isAccessAllowed, isPermissive

从类继承的方法 cn.dreampie.common.plugin.shiro.MyAuthenticationFilter

dynaRedirect, getSuccessUrl, getSuccessUrlMap, issueFailureRedirect, issueSuccessRedirect, setSuccessUrl

从类继承的方法 cn.dreampie.common.plugin.shiro.MyAccessControlFilter

getFailureUrl, getFailureUrlMap, getLoginUrl, getLoginUrlMap, getRealFailureUrl, getRealLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setFailureUrl

从类继承的方法 org.apache.shiro.web.filter.PathMatchingFilter

getPathWithinApplication, isEnabled, pathsMatch, pathsMatch, preHandle, processPathConfig

从类继承的方法 org.apache.shiro.web.servlet.AdviceFilter

afterCompletion, doFilterInternal, executeChain, postHandle

从类继承的方法 org.apache.shiro.web.servlet.OncePerRequestFilter

doFilter, getAlreadyFilteredAttributeName, isEnabled, isEnabled, setEnabled, shouldNotFilter

从类继承的方法 org.apache.shiro.web.servlet.NameableFilter

getName, setName, toStringBuilder

从类继承的方法 org.apache.shiro.web.servlet.AbstractFilter

destroy, getFilterConfig, getInitParam, init, onFilterConfigSet, setFilterConfig

从类继承的方法 org.apache.shiro.web.servlet.ServletContextSupport

getContextAttribute, getContextInitParam, getServletContext, removeContextAttribute, setContextAttribute, setServletContext, toString

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

字段详细资料

DEFAULT_ERROR_KEY_ATTRIBUTE_NAME

public static final String DEFAULT_ERROR_KEY_ATTRIBUTE_NAME

另请参阅:

常量字段值

DEFAULT_USERNAME_PARAM

public static final String DEFAULT_USERNAME_PARAM

另请参阅:

常量字段值

DEFAULT_PASSWORD_PARAM

public static final String DEFAULT_PASSWORD_PARAM

另请参阅:

常量字段值

DEFAULT_REMEMBER_ME_PARAM

public static final String DEFAULT_REMEMBER_ME_PARAM

另请参阅:

常量字段值

构造器详细资料

MyFormAuthenticationFilter

public MyFormAuthenticationFilter()

方法详细资料

setLoginUrlMap

public void setLoginUrlMap(Map<String,String> loginUrlMap)

覆盖:

setLoginUrlMap 在类中 MyAccessControlFilter

setSuccessUrlMap

public void setSuccessUrlMap(Map<String,String> successUrlMap)

多个成功的跳转路径

覆盖:

setSuccessUrlMap 在类中 MyAuthenticationFilter

参数:

successUrlMap - success url map

setFailureUrlMap

public void setFailureUrlMap(Map<String,String> failureUrlMap)

多个失败的跳转路径

覆盖:

setFailureUrlMap 在类中 MyAccessControlFilter

参数:

failureUrlMap - success url map

setLoginUrl

public void setLoginUrl(String loginUrl)

从类复制的说明: MyAccessControlFilter

Sets the login URL used to authenticate a user. Most Shiro filters use this url as the location to redirect a user when the filter requires authentication. Unless overridden, the DEFAULT_LOGIN_URL is assumed.

覆盖:

setLoginUrl 在类中 MyAccessControlFilter

参数:

loginUrl - the login URL used to authenticate a user, used when redirecting users if authentication is required.

getUsernameParam

public String getUsernameParam()

setUsernameParam

public void setUsernameParam(String usernameParam)

Sets the request parameter name to look for when acquiring the username. Unless overridden by calling this method, the default is username.

参数:

usernameParam - the name of the request param to check for acquiring the username.

getPasswordParam

public String getPasswordParam()

setPasswordParam

public void setPasswordParam(String passwordParam)

Sets the request parameter name to look for when acquiring the password. Unless overridden by calling this method, the default is password.

参数:

passwordParam - the name of the request param to check for acquiring the password.

getRememberMeParam

public String getRememberMeParam()

setRememberMeParam

public void setRememberMeParam(String rememberMeParam)

Sets the request parameter name to look for when acquiring the rememberMe boolean value. Unless overridden by calling this method, the default is rememberMe. RememberMe will be true if the parameter value equals any of those supported by WebUtils.isTrue(request,value), false otherwise.

参数:

rememberMeParam - the name of the request param to check for acquiring the rememberMe boolean value.

getFailureKeyAttribute

public String getFailureKeyAttribute()

setFailureKeyAttribute

public void setFailureKeyAttribute(String failureKeyAttribute)

onAccessDenied

protected boolean onAccessDenied(javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)
                          throws Exception

从类复制的说明: MyAccessControlFilter

Processes requests where the subject was denied access as determined by the isAccessAllowed method.

指定者:

onAccessDenied 在类中 MyAccessControlFilter

参数:

request - the incoming ServletRequest

response - the outgoing ServletResponse

返回:

true if the request should continue to be processed; false if the subclass will handle/render the response directly.

抛出:

Exception - if there is an error processing the request.

isLoginSubmission

protected boolean isLoginSubmission(javax.servlet.ServletRequest request,
                                    javax.servlet.ServletResponse response)

This default implementation merely returns true if the request is an HTTP POST, false otherwise. Can be overridden by subclasses for custom login submission detection behavior.

参数:

request - the incoming ServletRequest

response - the outgoing ServletResponse.

返回:

true if the request is an HTTP POST, false otherwise.

createToken

protected CaptchaUsernamePasswordToken createToken(javax.servlet.ServletRequest request,
                                                   javax.servlet.ServletResponse response)

指定者:

createToken 在类中 MyAuthenticatingFilter

isRememberMe

protected boolean isRememberMe(javax.servlet.ServletRequest request)

从类复制的说明: MyAuthenticatingFilter

Returns true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise. This implementation always returns false and is provided as a template hook to subclasses that support rememberMe logins and wish to determine rememberMe in a custom mannner based on the current request.

覆盖:

isRememberMe 在类中 MyAuthenticatingFilter

参数:

request - the incoming ServletRequest

返回:

true if "rememberMe" should be enabled for the login attempt associated with the current request, false otherwise.

onLoginSuccess

protected boolean onLoginSuccess(org.apache.shiro.authc.AuthenticationToken token,
                                 org.apache.shiro.subject.Subject subject,
                                 javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)
                          throws Exception

覆盖:

onLoginSuccess 在类中 MyAuthenticatingFilter

抛出:

Exception

onLoginFailure

protected boolean onLoginFailure(org.apache.shiro.authc.AuthenticationToken token,
                                 org.apache.shiro.authc.AuthenticationException e,
                                 javax.servlet.ServletRequest request,
                                 javax.servlet.ServletResponse response)
                          throws Exception

覆盖:

onLoginFailure 在类中 MyAuthenticatingFilter

抛出:

Exception

setFailureAttribute

protected void setFailureAttribute(javax.servlet.ServletRequest request,
                                   javax.servlet.ServletResponse response,
                                   org.apache.shiro.authc.AuthenticationException ae)

clearFailureAttribute

protected void clearFailureAttribute(javax.servlet.ServletRequest request,
                                     javax.servlet.ServletResponse response)

setUserAttribute

@Deprecated
protected void setUserAttribute(javax.servlet.ServletRequest request,
                                            javax.servlet.ServletResponse response)

已过时。

getUsername

protected String getUsername(javax.servlet.ServletRequest request)

getPassword

protected String getPassword(javax.servlet.ServletRequest request)