src/site/assets/static/1.10.1/shiro-web/apidocs/src-html/org/apache/shiro/web/filter/authc/AuthenticatingFilter.html - shiro-site - Git at Google

 <!DOCTYPE HTML>
 <html lang="en">
 <head>
 <title>Source code</title>
 <link rel="stylesheet" type="text/css" href="../../../../../../../stylesheet.css" title="Style">
 </head>
 <body>
 <main role="main">
 <div class="sourceContainer">
 <pre><span class="sourceLineNo">001</span><a id="line.1">/*</a>
 <span class="sourceLineNo">002</span><a id="line.2"> * Licensed to the Apache Software Foundation (ASF) under one</a>
 <span class="sourceLineNo">003</span><a id="line.3"> * or more contributor license agreements.  See the NOTICE file</a>
 <span class="sourceLineNo">004</span><a id="line.4"> * distributed with this work for additional information</a>
 <span class="sourceLineNo">005</span><a id="line.5"> * regarding copyright ownership.  The ASF licenses this file</a>
 <span class="sourceLineNo">006</span><a id="line.6"> * to you under the Apache License, Version 2.0 (the</a>
 <span class="sourceLineNo">007</span><a id="line.7"> * "License"); you may not use this file except in compliance</a>
 <span class="sourceLineNo">008</span><a id="line.8"> * with the License.  You may obtain a copy of the License at</a>
 <span class="sourceLineNo">009</span><a id="line.9"> *</a>
 <span class="sourceLineNo">010</span><a id="line.10"> *     http://www.apache.org/licenses/LICENSE-2.0</a>
 <span class="sourceLineNo">011</span><a id="line.11"> *</a>
 <span class="sourceLineNo">012</span><a id="line.12"> * Unless required by applicable law or agreed to in writing,</a>
 <span class="sourceLineNo">013</span><a id="line.13"> * software distributed under the License is distributed on an</a>
 <span class="sourceLineNo">014</span><a id="line.14"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
 <span class="sourceLineNo">015</span><a id="line.15"> * KIND, either express or implied.  See the License for the</a>
 <span class="sourceLineNo">016</span><a id="line.16"> * specific language governing permissions and limitations</a>
 <span class="sourceLineNo">017</span><a id="line.17"> * under the License.</a>
 <span class="sourceLineNo">018</span><a id="line.18"> */</a>
 <span class="sourceLineNo">019</span><a id="line.19">package org.apache.shiro.web.filter.authc;</a>
 <span class="sourceLineNo">020</span><a id="line.20"></a>
 <span class="sourceLineNo">021</span><a id="line.21">import org.apache.shiro.authc.AuthenticationException;</a>
 <span class="sourceLineNo">022</span><a id="line.22">import org.apache.shiro.authc.AuthenticationToken;</a>
 <span class="sourceLineNo">023</span><a id="line.23">import org.apache.shiro.authc.UsernamePasswordToken;</a>
 <span class="sourceLineNo">024</span><a id="line.24">import org.apache.shiro.authz.UnauthenticatedException;</a>
 <span class="sourceLineNo">025</span><a id="line.25">import org.apache.shiro.subject.Subject;</a>
 <span class="sourceLineNo">026</span><a id="line.26"></a>
 <span class="sourceLineNo">027</span><a id="line.27">import javax.servlet.ServletException;</a>
 <span class="sourceLineNo">028</span><a id="line.28">import javax.servlet.ServletRequest;</a>
 <span class="sourceLineNo">029</span><a id="line.29">import javax.servlet.ServletResponse;</a>
 <span class="sourceLineNo">030</span><a id="line.30">import java.io.IOException;</a>
 <span class="sourceLineNo">031</span><a id="line.31">import java.util.Arrays;</a>
 <span class="sourceLineNo">032</span><a id="line.32"></a>
 <span class="sourceLineNo">033</span><a id="line.33">/**</a>
 <span class="sourceLineNo">034</span><a id="line.34"> * An &lt;code&gt;AuthenticationFilter&lt;/code&gt; that is capable of automatically performing an authentication attempt</a>
 <span class="sourceLineNo">035</span><a id="line.35"> * based on the incoming request.</a>
 <span class="sourceLineNo">036</span><a id="line.36"> *</a>
 <span class="sourceLineNo">037</span><a id="line.37"> * @since 0.9</a>
 <span class="sourceLineNo">038</span><a id="line.38"> */</a>
 <span class="sourceLineNo">039</span><a id="line.39">public abstract class AuthenticatingFilter extends AuthenticationFilter {</a>
 <span class="sourceLineNo">040</span><a id="line.40">    public static final String PERMISSIVE = "permissive";</a>
 <span class="sourceLineNo">041</span><a id="line.41"></a>
 <span class="sourceLineNo">042</span><a id="line.42">    //TODO - complete JavaDoc</a>
 <span class="sourceLineNo">043</span><a id="line.43"></a>
 <span class="sourceLineNo">044</span><a id="line.44">    protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {</a>
 <span class="sourceLineNo">045</span><a id="line.45">        AuthenticationToken token = createToken(request, response);</a>
 <span class="sourceLineNo">046</span><a id="line.46">        if (token == null) {</a>
 <span class="sourceLineNo">047</span><a id="line.47">            String msg = "createToken method implementation returned null. A valid non-null AuthenticationToken " +</a>
 <span class="sourceLineNo">048</span><a id="line.48">                    "must be created in order to execute a login attempt.";</a>
 <span class="sourceLineNo">049</span><a id="line.49">            throw new IllegalStateException(msg);</a>
 <span class="sourceLineNo">050</span><a id="line.50">        }</a>
 <span class="sourceLineNo">051</span><a id="line.51">        try {</a>
 <span class="sourceLineNo">052</span><a id="line.52">            Subject subject = getSubject(request, response);</a>
 <span class="sourceLineNo">053</span><a id="line.53">            subject.login(token);</a>
 <span class="sourceLineNo">054</span><a id="line.54">            return onLoginSuccess(token, subject, request, response);</a>
 <span class="sourceLineNo">055</span><a id="line.55">        } catch (AuthenticationException e) {</a>
 <span class="sourceLineNo">056</span><a id="line.56">            return onLoginFailure(token, e, request, response);</a>
 <span class="sourceLineNo">057</span><a id="line.57">        }</a>
 <span class="sourceLineNo">058</span><a id="line.58">    }</a>
 <span class="sourceLineNo">059</span><a id="line.59"></a>
 <span class="sourceLineNo">060</span><a id="line.60">    protected abstract AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception;</a>
 <span class="sourceLineNo">061</span><a id="line.61"></a>
 <span class="sourceLineNo">062</span><a id="line.62">    protected AuthenticationToken createToken(String username, String password,</a>
 <span class="sourceLineNo">063</span><a id="line.63">                                              ServletRequest request, ServletResponse response) {</a>
 <span class="sourceLineNo">064</span><a id="line.64">        boolean rememberMe = isRememberMe(request);</a>
 <span class="sourceLineNo">065</span><a id="line.65">        String host = getHost(request);</a>
 <span class="sourceLineNo">066</span><a id="line.66">        return createToken(username, password, rememberMe, host);</a>
 <span class="sourceLineNo">067</span><a id="line.67">    }</a>
 <span class="sourceLineNo">068</span><a id="line.68"></a>
 <span class="sourceLineNo">069</span><a id="line.69">    protected AuthenticationToken createToken(String username, String password,</a>
 <span class="sourceLineNo">070</span><a id="line.70">                                              boolean rememberMe, String host) {</a>
 <span class="sourceLineNo">071</span><a id="line.71">        return new UsernamePasswordToken(username, password, rememberMe, host);</a>
 <span class="sourceLineNo">072</span><a id="line.72">    }</a>
 <span class="sourceLineNo">073</span><a id="line.73"></a>
 <span class="sourceLineNo">074</span><a id="line.74">    protected boolean onLoginSuccess(AuthenticationToken token, Subject subject,</a>
 <span class="sourceLineNo">075</span><a id="line.75">                                     ServletRequest request, ServletResponse response) throws Exception {</a>
 <span class="sourceLineNo">076</span><a id="line.76">        return true;</a>
 <span class="sourceLineNo">077</span><a id="line.77">    }</a>
 <span class="sourceLineNo">078</span><a id="line.78"></a>
 <span class="sourceLineNo">079</span><a id="line.79">    protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e,</a>
 <span class="sourceLineNo">080</span><a id="line.80">                                     ServletRequest request, ServletResponse response) {</a>
 <span class="sourceLineNo">081</span><a id="line.81">        return false;</a>
 <span class="sourceLineNo">082</span><a id="line.82">    }</a>
 <span class="sourceLineNo">083</span><a id="line.83"></a>
 <span class="sourceLineNo">084</span><a id="line.84">    /**</a>
 <span class="sourceLineNo">085</span><a id="line.85">     * Returns the host name or IP associated with the current subject.  This method is primarily provided for use</a>
 <span class="sourceLineNo">086</span><a id="line.86">     * during construction of an &lt;code&gt;AuthenticationToken&lt;/code&gt;.</a>
 <span class="sourceLineNo">087</span><a id="line.87">     * &lt;p/&gt;</a>
 <span class="sourceLineNo">088</span><a id="line.88">     * The default implementation merely returns {@link ServletRequest#getRemoteHost()}.</a>
 <span class="sourceLineNo">089</span><a id="line.89">     *</a>
 <span class="sourceLineNo">090</span><a id="line.90">     * @param request the incoming ServletRequest</a>
 <span class="sourceLineNo">091</span><a id="line.91">     * @return the &lt;code&gt;InetAddress&lt;/code&gt; to associate with the login attempt.</a>
 <span class="sourceLineNo">092</span><a id="line.92">     */</a>
 <span class="sourceLineNo">093</span><a id="line.93">    protected String getHost(ServletRequest request) {</a>
 <span class="sourceLineNo">094</span><a id="line.94">        return request.getRemoteHost();</a>
 <span class="sourceLineNo">095</span><a id="line.95">    }</a>
 <span class="sourceLineNo">096</span><a id="line.96"></a>
 <span class="sourceLineNo">097</span><a id="line.97">    /**</a>
 <span class="sourceLineNo">098</span><a id="line.98">     * Returns &lt;code&gt;true&lt;/code&gt; if &amp;quot;rememberMe&amp;quot; should be enabled for the login attempt associated with the</a>
 <span class="sourceLineNo">099</span><a id="line.99">     * current &lt;code&gt;request&lt;/code&gt;, &lt;code&gt;false&lt;/code&gt; otherwise.</a>
 <span class="sourceLineNo">100</span><a id="line.100">     * &lt;p/&gt;</a>
 <span class="sourceLineNo">101</span><a id="line.101">     * This implementation always returns &lt;code&gt;false&lt;/code&gt; and is provided as a template hook to subclasses that</a>
 <span class="sourceLineNo">102</span><a id="line.102">     * support &lt;code&gt;rememberMe&lt;/code&gt; logins and wish to determine &lt;code&gt;rememberMe&lt;/code&gt; in a custom mannner</a>
 <span class="sourceLineNo">103</span><a id="line.103">     * based on the current &lt;code&gt;request&lt;/code&gt;.</a>
 <span class="sourceLineNo">104</span><a id="line.104">     *</a>
 <span class="sourceLineNo">105</span><a id="line.105">     * @param request the incoming ServletRequest</a>
 <span class="sourceLineNo">106</span><a id="line.106">     * @return &lt;code&gt;true&lt;/code&gt; if &amp;quot;rememberMe&amp;quot; should be enabled for the login attempt associated with the</a>
 <span class="sourceLineNo">107</span><a id="line.107">     *         current &lt;code&gt;request&lt;/code&gt;, &lt;code&gt;false&lt;/code&gt; otherwise.</a>
 <span class="sourceLineNo">108</span><a id="line.108">     */</a>
 <span class="sourceLineNo">109</span><a id="line.109">    protected boolean isRememberMe(ServletRequest request) {</a>
 <span class="sourceLineNo">110</span><a id="line.110">        return false;</a>
 <span class="sourceLineNo">111</span><a id="line.111">    }</a>
 <span class="sourceLineNo">112</span><a id="line.112"></a>
 <span class="sourceLineNo">113</span><a id="line.113">    /**</a>
 <span class="sourceLineNo">114</span><a id="line.114">     * Determines whether the current subject should be allowed to make the current request.</a>
 <span class="sourceLineNo">115</span><a id="line.115">     * &lt;p/&gt;</a>
 <span class="sourceLineNo">116</span><a id="line.116">     * The default implementation returns &lt;code&gt;true&lt;/code&gt; if the user is authenticated.  Will also return</a>
 <span class="sourceLineNo">117</span><a id="line.117">     * &lt;code&gt;true&lt;/code&gt; if the {@link #isLoginRequest} returns false and the &amp;quot;permissive&amp;quot; flag is set.</a>
 <span class="sourceLineNo">118</span><a id="line.118">     *</a>
 <span class="sourceLineNo">119</span><a id="line.119">     * @return &lt;code&gt;true&lt;/code&gt; if request should be allowed access</a>
 <span class="sourceLineNo">120</span><a id="line.120">     */</a>
 <span class="sourceLineNo">121</span><a id="line.121">    @Override</a>
 <span class="sourceLineNo">122</span><a id="line.122">    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {</a>
 <span class="sourceLineNo">123</span><a id="line.123">        return super.isAccessAllowed(request, response, mappedValue) ||</a>
 <span class="sourceLineNo">124</span><a id="line.124">                (!isLoginRequest(request, response) &amp;&amp; isPermissive(mappedValue));</a>
 <span class="sourceLineNo">125</span><a id="line.125">    }</a>
 <span class="sourceLineNo">126</span><a id="line.126"></a>
 <span class="sourceLineNo">127</span><a id="line.127">    /**</a>
 <span class="sourceLineNo">128</span><a id="line.128">     * Returns &lt;code&gt;true&lt;/code&gt; if the mappedValue contains the {@link #PERMISSIVE} qualifier.</a>
 <span class="sourceLineNo">129</span><a id="line.129">     *</a>
 <span class="sourceLineNo">130</span><a id="line.130">     * @return &lt;code&gt;true&lt;/code&gt; if this filter should be permissive</a>
 <span class="sourceLineNo">131</span><a id="line.131">     */</a>
 <span class="sourceLineNo">132</span><a id="line.132">    protected boolean isPermissive(Object mappedValue) {</a>
 <span class="sourceLineNo">133</span><a id="line.133">        if(mappedValue != null) {</a>
 <span class="sourceLineNo">134</span><a id="line.134">            String[] values = (String[]) mappedValue;</a>
 <span class="sourceLineNo">135</span><a id="line.135">            return Arrays.binarySearch(values, PERMISSIVE) &gt;= 0;</a>
 <span class="sourceLineNo">136</span><a id="line.136">        }</a>
 <span class="sourceLineNo">137</span><a id="line.137">        return false;</a>
 <span class="sourceLineNo">138</span><a id="line.138">    }</a>
 <span class="sourceLineNo">139</span><a id="line.139"></a>
 <span class="sourceLineNo">140</span><a id="line.140">    /**</a>
 <span class="sourceLineNo">141</span><a id="line.141">     * Overrides the default behavior to call {@link #onAccessDenied} and swallow the exception if the exception is</a>
 <span class="sourceLineNo">142</span><a id="line.142">     * {@link UnauthenticatedException}.</a>
 <span class="sourceLineNo">143</span><a id="line.143">     */</a>
 <span class="sourceLineNo">144</span><a id="line.144">    @Override</a>
 <span class="sourceLineNo">145</span><a id="line.145">    protected void cleanup(ServletRequest request, ServletResponse response, Exception existing) throws ServletException, IOException {</a>
 <span class="sourceLineNo">146</span><a id="line.146">        if (existing instanceof UnauthenticatedException || (existing instanceof ServletException &amp;&amp; existing.getCause() instanceof UnauthenticatedException))</a>
 <span class="sourceLineNo">147</span><a id="line.147">        {</a>
 <span class="sourceLineNo">148</span><a id="line.148">            try {</a>
 <span class="sourceLineNo">149</span><a id="line.149">                onAccessDenied(request, response);</a>
 <span class="sourceLineNo">150</span><a id="line.150">                existing = null;</a>
 <span class="sourceLineNo">151</span><a id="line.151">            } catch (Exception e) {</a>
 <span class="sourceLineNo">152</span><a id="line.152">                existing = e;</a>
 <span class="sourceLineNo">153</span><a id="line.153">            }</a>
 <span class="sourceLineNo">154</span><a id="line.154">        }</a>
 <span class="sourceLineNo">155</span><a id="line.155">        super.cleanup(request, response, existing);</a>
 <span class="sourceLineNo">156</span><a id="line.156"></a>
 <span class="sourceLineNo">157</span><a id="line.157">    }</a>
 <span class="sourceLineNo">158</span><a id="line.158">}</a>


 </pre>
 </div>
 </main>
 </body>
 </html>
	<!DOCTYPE HTML>
	<html lang="en">
	<head>
	<title>Source code</title>
	<link rel="stylesheet" type="text/css" href="../../../../../../../stylesheet.css" title="Style">
	</head>
	<body>
	<main role="main">
	<div class="sourceContainer">
	<pre><span class="sourceLineNo">001</span><a id="line.1">/*</a>
	<span class="sourceLineNo">002</span><a id="line.2"> * Licensed to the Apache Software Foundation (ASF) under one</a>
	<span class="sourceLineNo">003</span><a id="line.3"> * or more contributor license agreements. See the NOTICE file</a>
	<span class="sourceLineNo">004</span><a id="line.4"> * distributed with this work for additional information</a>
	<span class="sourceLineNo">005</span><a id="line.5"> * regarding copyright ownership. The ASF licenses this file</a>
	<span class="sourceLineNo">006</span><a id="line.6"> * to you under the Apache License, Version 2.0 (the</a>
	<span class="sourceLineNo">007</span><a id="line.7"> * "License"); you may not use this file except in compliance</a>
	<span class="sourceLineNo">008</span><a id="line.8"> * with the License. You may obtain a copy of the License at</a>
	<span class="sourceLineNo">009</span><a id="line.9"> *</a>
	<span class="sourceLineNo">010</span><a id="line.10"> * http://www.apache.org/licenses/LICENSE-2.0</a>
	<span class="sourceLineNo">011</span><a id="line.11"> *</a>
	<span class="sourceLineNo">012</span><a id="line.12"> * Unless required by applicable law or agreed to in writing,</a>
	<span class="sourceLineNo">013</span><a id="line.13"> * software distributed under the License is distributed on an</a>
	<span class="sourceLineNo">014</span><a id="line.14"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
	<span class="sourceLineNo">015</span><a id="line.15"> * KIND, either express or implied. See the License for the</a>
	<span class="sourceLineNo">016</span><a id="line.16"> * specific language governing permissions and limitations</a>
	<span class="sourceLineNo">017</span><a id="line.17"> * under the License.</a>
	<span class="sourceLineNo">018</span><a id="line.18"> */</a>
	<span class="sourceLineNo">019</span><a id="line.19">package org.apache.shiro.web.filter.authc;</a>
	<span class="sourceLineNo">020</span><a id="line.20"></a>
	<span class="sourceLineNo">021</span><a id="line.21">import org.apache.shiro.authc.AuthenticationException;</a>
	<span class="sourceLineNo">022</span><a id="line.22">import org.apache.shiro.authc.AuthenticationToken;</a>
	<span class="sourceLineNo">023</span><a id="line.23">import org.apache.shiro.authc.UsernamePasswordToken;</a>
	<span class="sourceLineNo">024</span><a id="line.24">import org.apache.shiro.authz.UnauthenticatedException;</a>
	<span class="sourceLineNo">025</span><a id="line.25">import org.apache.shiro.subject.Subject;</a>
	<span class="sourceLineNo">026</span><a id="line.26"></a>
	<span class="sourceLineNo">027</span><a id="line.27">import javax.servlet.ServletException;</a>
	<span class="sourceLineNo">028</span><a id="line.28">import javax.servlet.ServletRequest;</a>
	<span class="sourceLineNo">029</span><a id="line.29">import javax.servlet.ServletResponse;</a>
	<span class="sourceLineNo">030</span><a id="line.30">import java.io.IOException;</a>
	<span class="sourceLineNo">031</span><a id="line.31">import java.util.Arrays;</a>
	<span class="sourceLineNo">032</span><a id="line.32"></a>
	<span class="sourceLineNo">033</span><a id="line.33">/**</a>
	<span class="sourceLineNo">034</span><a id="line.34"> * An <code>AuthenticationFilter</code> that is capable of automatically performing an authentication attempt</a>
	<span class="sourceLineNo">035</span><a id="line.35"> * based on the incoming request.</a>
	<span class="sourceLineNo">036</span><a id="line.36"> *</a>
	<span class="sourceLineNo">037</span><a id="line.37"> * @since 0.9</a>
	<span class="sourceLineNo">038</span><a id="line.38"> */</a>
	<span class="sourceLineNo">039</span><a id="line.39">public abstract class AuthenticatingFilter extends AuthenticationFilter {</a>
	<span class="sourceLineNo">040</span><a id="line.40"> public static final String PERMISSIVE = "permissive";</a>
	<span class="sourceLineNo">041</span><a id="line.41"></a>
	<span class="sourceLineNo">042</span><a id="line.42"> //TODO - complete JavaDoc</a>
	<span class="sourceLineNo">043</span><a id="line.43"></a>
	<span class="sourceLineNo">044</span><a id="line.44"> protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {</a>
	<span class="sourceLineNo">045</span><a id="line.45"> AuthenticationToken token = createToken(request, response);</a>
	<span class="sourceLineNo">046</span><a id="line.46"> if (token == null) {</a>
	<span class="sourceLineNo">047</span><a id="line.47"> String msg = "createToken method implementation returned null. A valid non-null AuthenticationToken " +</a>
	<span class="sourceLineNo">048</span><a id="line.48"> "must be created in order to execute a login attempt.";</a>
	<span class="sourceLineNo">049</span><a id="line.49"> throw new IllegalStateException(msg);</a>
	<span class="sourceLineNo">050</span><a id="line.50"> }</a>
	<span class="sourceLineNo">051</span><a id="line.51"> try {</a>
	<span class="sourceLineNo">052</span><a id="line.52"> Subject subject = getSubject(request, response);</a>
	<span class="sourceLineNo">053</span><a id="line.53"> subject.login(token);</a>
	<span class="sourceLineNo">054</span><a id="line.54"> return onLoginSuccess(token, subject, request, response);</a>
	<span class="sourceLineNo">055</span><a id="line.55"> } catch (AuthenticationException e) {</a>
	<span class="sourceLineNo">056</span><a id="line.56"> return onLoginFailure(token, e, request, response);</a>
	<span class="sourceLineNo">057</span><a id="line.57"> }</a>
	<span class="sourceLineNo">058</span><a id="line.58"> }</a>
	<span class="sourceLineNo">059</span><a id="line.59"></a>
	<span class="sourceLineNo">060</span><a id="line.60"> protected abstract AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception;</a>
	<span class="sourceLineNo">061</span><a id="line.61"></a>
	<span class="sourceLineNo">062</span><a id="line.62"> protected AuthenticationToken createToken(String username, String password,</a>
	<span class="sourceLineNo">063</span><a id="line.63"> ServletRequest request, ServletResponse response) {</a>
	<span class="sourceLineNo">064</span><a id="line.64"> boolean rememberMe = isRememberMe(request);</a>
	<span class="sourceLineNo">065</span><a id="line.65"> String host = getHost(request);</a>
	<span class="sourceLineNo">066</span><a id="line.66"> return createToken(username, password, rememberMe, host);</a>
	<span class="sourceLineNo">067</span><a id="line.67"> }</a>
	<span class="sourceLineNo">068</span><a id="line.68"></a>
	<span class="sourceLineNo">069</span><a id="line.69"> protected AuthenticationToken createToken(String username, String password,</a>
	<span class="sourceLineNo">070</span><a id="line.70"> boolean rememberMe, String host) {</a>
	<span class="sourceLineNo">071</span><a id="line.71"> return new UsernamePasswordToken(username, password, rememberMe, host);</a>
	<span class="sourceLineNo">072</span><a id="line.72"> }</a>
	<span class="sourceLineNo">073</span><a id="line.73"></a>
	<span class="sourceLineNo">074</span><a id="line.74"> protected boolean onLoginSuccess(AuthenticationToken token, Subject subject,</a>
	<span class="sourceLineNo">075</span><a id="line.75"> ServletRequest request, ServletResponse response) throws Exception {</a>
	<span class="sourceLineNo">076</span><a id="line.76"> return true;</a>
	<span class="sourceLineNo">077</span><a id="line.77"> }</a>
	<span class="sourceLineNo">078</span><a id="line.78"></a>
	<span class="sourceLineNo">079</span><a id="line.79"> protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e,</a>
	<span class="sourceLineNo">080</span><a id="line.80"> ServletRequest request, ServletResponse response) {</a>
	<span class="sourceLineNo">081</span><a id="line.81"> return false;</a>
	<span class="sourceLineNo">082</span><a id="line.82"> }</a>
	<span class="sourceLineNo">083</span><a id="line.83"></a>
	<span class="sourceLineNo">084</span><a id="line.84"> /**</a>
	<span class="sourceLineNo">085</span><a id="line.85"> * Returns the host name or IP associated with the current subject. This method is primarily provided for use</a>
	<span class="sourceLineNo">086</span><a id="line.86"> * during construction of an <code>AuthenticationToken</code>.</a>
	<span class="sourceLineNo">087</span><a id="line.87"> * <p/></a>
	<span class="sourceLineNo">088</span><a id="line.88"> * The default implementation merely returns {@link ServletRequest#getRemoteHost()}.</a>
	<span class="sourceLineNo">089</span><a id="line.89"> *</a>
	<span class="sourceLineNo">090</span><a id="line.90"> * @param request the incoming ServletRequest</a>
	<span class="sourceLineNo">091</span><a id="line.91"> * @return the <code>InetAddress</code> to associate with the login attempt.</a>
	<span class="sourceLineNo">092</span><a id="line.92"> */</a>
	<span class="sourceLineNo">093</span><a id="line.93"> protected String getHost(ServletRequest request) {</a>
	<span class="sourceLineNo">094</span><a id="line.94"> return request.getRemoteHost();</a>
	<span class="sourceLineNo">095</span><a id="line.95"> }</a>
	<span class="sourceLineNo">096</span><a id="line.96"></a>
	<span class="sourceLineNo">097</span><a id="line.97"> /**</a>
	<span class="sourceLineNo">098</span><a id="line.98"> * Returns <code>true</code> if &quot;rememberMe&quot; should be enabled for the login attempt associated with the</a>
	<span class="sourceLineNo">099</span><a id="line.99"> * current <code>request</code>, <code>false</code> otherwise.</a>
	<span class="sourceLineNo">100</span><a id="line.100"> * <p/></a>
	<span class="sourceLineNo">101</span><a id="line.101"> * This implementation always returns <code>false</code> and is provided as a template hook to subclasses that</a>
	<span class="sourceLineNo">102</span><a id="line.102"> * support <code>rememberMe</code> logins and wish to determine <code>rememberMe</code> in a custom mannner</a>
	<span class="sourceLineNo">103</span><a id="line.103"> * based on the current <code>request</code>.</a>
	<span class="sourceLineNo">104</span><a id="line.104"> *</a>
	<span class="sourceLineNo">105</span><a id="line.105"> * @param request the incoming ServletRequest</a>
	<span class="sourceLineNo">106</span><a id="line.106"> * @return <code>true</code> if &quot;rememberMe&quot; should be enabled for the login attempt associated with the</a>
	<span class="sourceLineNo">107</span><a id="line.107"> * current <code>request</code>, <code>false</code> otherwise.</a>
	<span class="sourceLineNo">108</span><a id="line.108"> */</a>
	<span class="sourceLineNo">109</span><a id="line.109"> protected boolean isRememberMe(ServletRequest request) {</a>
	<span class="sourceLineNo">110</span><a id="line.110"> return false;</a>
	<span class="sourceLineNo">111</span><a id="line.111"> }</a>
	<span class="sourceLineNo">112</span><a id="line.112"></a>
	<span class="sourceLineNo">113</span><a id="line.113"> /**</a>
	<span class="sourceLineNo">114</span><a id="line.114"> * Determines whether the current subject should be allowed to make the current request.</a>
	<span class="sourceLineNo">115</span><a id="line.115"> * <p/></a>
	<span class="sourceLineNo">116</span><a id="line.116"> * The default implementation returns <code>true</code> if the user is authenticated. Will also return</a>
	<span class="sourceLineNo">117</span><a id="line.117"> * <code>true</code> if the {@link #isLoginRequest} returns false and the &quot;permissive&quot; flag is set.</a>
	<span class="sourceLineNo">118</span><a id="line.118"> *</a>
	<span class="sourceLineNo">119</span><a id="line.119"> * @return <code>true</code> if request should be allowed access</a>
	<span class="sourceLineNo">120</span><a id="line.120"> */</a>
	<span class="sourceLineNo">121</span><a id="line.121"> @Override</a>
	<span class="sourceLineNo">122</span><a id="line.122"> protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {</a>
	<span class="sourceLineNo">123</span><a id="line.123"> return super.isAccessAllowed(request, response, mappedValue) \|\|</a>
	<span class="sourceLineNo">124</span><a id="line.124"> (!isLoginRequest(request, response) && isPermissive(mappedValue));</a>
	<span class="sourceLineNo">125</span><a id="line.125"> }</a>
	<span class="sourceLineNo">126</span><a id="line.126"></a>
	<span class="sourceLineNo">127</span><a id="line.127"> /**</a>
	<span class="sourceLineNo">128</span><a id="line.128"> * Returns <code>true</code> if the mappedValue contains the {@link #PERMISSIVE} qualifier.</a>
	<span class="sourceLineNo">129</span><a id="line.129"> *</a>
	<span class="sourceLineNo">130</span><a id="line.130"> * @return <code>true</code> if this filter should be permissive</a>
	<span class="sourceLineNo">131</span><a id="line.131"> */</a>
	<span class="sourceLineNo">132</span><a id="line.132"> protected boolean isPermissive(Object mappedValue) {</a>
	<span class="sourceLineNo">133</span><a id="line.133"> if(mappedValue != null) {</a>
	<span class="sourceLineNo">134</span><a id="line.134"> String[] values = (String[]) mappedValue;</a>
	<span class="sourceLineNo">135</span><a id="line.135"> return Arrays.binarySearch(values, PERMISSIVE) >= 0;</a>
	<span class="sourceLineNo">136</span><a id="line.136"> }</a>
	<span class="sourceLineNo">137</span><a id="line.137"> return false;</a>
	<span class="sourceLineNo">138</span><a id="line.138"> }</a>
	<span class="sourceLineNo">139</span><a id="line.139"></a>
	<span class="sourceLineNo">140</span><a id="line.140"> /**</a>
	<span class="sourceLineNo">141</span><a id="line.141"> * Overrides the default behavior to call {@link #onAccessDenied} and swallow the exception if the exception is</a>
	<span class="sourceLineNo">142</span><a id="line.142"> * {@link UnauthenticatedException}.</a>
	<span class="sourceLineNo">143</span><a id="line.143"> */</a>
	<span class="sourceLineNo">144</span><a id="line.144"> @Override</a>
	<span class="sourceLineNo">145</span><a id="line.145"> protected void cleanup(ServletRequest request, ServletResponse response, Exception existing) throws ServletException, IOException {</a>
	<span class="sourceLineNo">146</span><a id="line.146"> if (existing instanceof UnauthenticatedException \|\| (existing instanceof ServletException && existing.getCause() instanceof UnauthenticatedException))</a>
	<span class="sourceLineNo">147</span><a id="line.147"> {</a>
	<span class="sourceLineNo">148</span><a id="line.148"> try {</a>
	<span class="sourceLineNo">149</span><a id="line.149"> onAccessDenied(request, response);</a>
	<span class="sourceLineNo">150</span><a id="line.150"> existing = null;</a>
	<span class="sourceLineNo">151</span><a id="line.151"> } catch (Exception e) {</a>
	<span class="sourceLineNo">152</span><a id="line.152"> existing = e;</a>
	<span class="sourceLineNo">153</span><a id="line.153"> }</a>
	<span class="sourceLineNo">154</span><a id="line.154"> }</a>
	<span class="sourceLineNo">155</span><a id="line.155"> super.cleanup(request, response, existing);</a>
	<span class="sourceLineNo">156</span><a id="line.156"></a>
	<span class="sourceLineNo">157</span><a id="line.157"> }</a>
	<span class="sourceLineNo">158</span><a id="line.158">}</a>




























































	</pre>
	</div>
	</main>
	</body>
	</html>