src/site/assets/static/1.4.0/shiro-test-coverage/jacoco-aggregate/shiro-web/org.apache.shiro.web.filter.authc/AuthenticatingFilter.java.html - shiro-site - Git at Google

 <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../../jacoco-resources/report.gif" type="image/gif"/><title>AuthenticatingFilter.java</title><link rel="stylesheet" href="../../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../../index.html" class="el_report">Apache Shiro :: Test Coverage</a> &gt; <a href="../index.html" class="el_bundle">shiro-web</a> &gt; <a href="index.source.html" class="el_package">org.apache.shiro.web.filter.authc</a> &gt; <span class="el_source">AuthenticatingFilter.java</span></div><h1>AuthenticatingFilter.java</h1><pre class="source lang-java linenums">/*
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
  * distributed with this work for additional information
  * regarding copyright ownership.  The ASF licenses this file
  * to you under the Apache License, Version 2.0 (the
  * &quot;License&quot;); you may not use this file except in compliance
  * with the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing,
  * software distributed under the License is distributed on an
  * &quot;AS IS&quot; BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  * KIND, either express or implied.  See the License for the
  * specific language governing permissions and limitations
  * under the License.
  */
 package org.apache.shiro.web.filter.authc;

 import org.apache.shiro.authc.AuthenticationException;
 import org.apache.shiro.authc.AuthenticationToken;
 import org.apache.shiro.authc.UsernamePasswordToken;
 import org.apache.shiro.authz.UnauthenticatedException;
 import org.apache.shiro.subject.Subject;

 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import java.io.IOException;
 import java.util.Arrays;

 /**
  * An &lt;code&gt;AuthenticationFilter&lt;/code&gt; that is capable of automatically performing an authentication attempt
  * based on the incoming request.
  *
  * @since 0.9
  */
 <span class="fc" id="L39">public abstract class AuthenticatingFilter extends AuthenticationFilter {</span>
     public static final String PERMISSIVE = &quot;permissive&quot;;

     //TODO - complete JavaDoc

     protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
 <span class="fc" id="L45">        AuthenticationToken token = createToken(request, response);</span>
 <span class="pc bpc" id="L46" title="1 of 2 branches missed.">        if (token == null) {</span>
 <span class="nc" id="L47">            String msg = &quot;createToken method implementation returned null. A valid non-null AuthenticationToken &quot; +</span>
                     &quot;must be created in order to execute a login attempt.&quot;;
 <span class="nc" id="L49">            throw new IllegalStateException(msg);</span>
         }
         try {
 <span class="fc" id="L52">            Subject subject = getSubject(request, response);</span>
 <span class="fc" id="L53">            subject.login(token);</span>
 <span class="fc" id="L54">            return onLoginSuccess(token, subject, request, response);</span>
 <span class="nc" id="L55">        } catch (AuthenticationException e) {</span>
 <span class="nc" id="L56">            return onLoginFailure(token, e, request, response);</span>
         }
     }

     protected abstract AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception;

     protected AuthenticationToken createToken(String username, String password,
                                               ServletRequest request, ServletResponse response) {
 <span class="fc" id="L64">        boolean rememberMe = isRememberMe(request);</span>
 <span class="fc" id="L65">        String host = getHost(request);</span>
 <span class="fc" id="L66">        return createToken(username, password, rememberMe, host);</span>
     }

     protected AuthenticationToken createToken(String username, String password,
                                               boolean rememberMe, String host) {
 <span class="fc" id="L71">        return new UsernamePasswordToken(username, password, rememberMe, host);</span>
     }

     protected boolean onLoginSuccess(AuthenticationToken token, Subject subject,
                                      ServletRequest request, ServletResponse response) throws Exception {
 <span class="fc" id="L76">        return true;</span>
     }

     protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e,
                                      ServletRequest request, ServletResponse response) {
 <span class="nc" id="L81">        return false;</span>
     }

     /**
      * Returns the host name or IP associated with the current subject.  This method is primarily provided for use
      * during construction of an &lt;code&gt;AuthenticationToken&lt;/code&gt;.
      * &lt;p/&gt;
      * The default implementation merely returns {@link ServletRequest#getRemoteHost()}.
      *
      * @param request the incoming ServletRequest
      * @return the &lt;code&gt;InetAddress&lt;/code&gt; to associate with the login attempt.
      */
     protected String getHost(ServletRequest request) {
 <span class="fc" id="L94">        return request.getRemoteHost();</span>
     }

     /**
      * Returns &lt;code&gt;true&lt;/code&gt; if &amp;quot;rememberMe&amp;quot; should be enabled for the login attempt associated with the
      * current &lt;code&gt;request&lt;/code&gt;, &lt;code&gt;false&lt;/code&gt; otherwise.
      * &lt;p/&gt;
      * This implementation always returns &lt;code&gt;false&lt;/code&gt; and is provided as a template hook to subclasses that
      * support &lt;code&gt;rememberMe&lt;/code&gt; logins and wish to determine &lt;code&gt;rememberMe&lt;/code&gt; in a custom mannner
      * based on the current &lt;code&gt;request&lt;/code&gt;.
      *
      * @param request the incoming ServletRequest
      * @return &lt;code&gt;true&lt;/code&gt; if &amp;quot;rememberMe&amp;quot; should be enabled for the login attempt associated with the
      *         current &lt;code&gt;request&lt;/code&gt;, &lt;code&gt;false&lt;/code&gt; otherwise.
      */
     protected boolean isRememberMe(ServletRequest request) {
 <span class="fc" id="L110">        return false;</span>
     }

     /**
      * Determines whether the current subject should be allowed to make the current request.
      * &lt;p/&gt;
      * The default implementation returns &lt;code&gt;true&lt;/code&gt; if the user is authenticated.  Will also return
      * &lt;code&gt;true&lt;/code&gt; if the {@link #isLoginRequest} returns false and the &amp;quot;permissive&amp;quot; flag is set.
      *
      * @return &lt;code&gt;true&lt;/code&gt; if request should be allowed access
      */
     @Override
     protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
 <span class="pc bpc" id="L123" title="1 of 2 branches missed.">        return super.isAccessAllowed(request, response, mappedValue) ||</span>
 <span class="fc bfc" id="L124" title="All 4 branches covered.">                (!isLoginRequest(request, response) &amp;&amp; isPermissive(mappedValue));</span>
     }

     /**
      * Returns &lt;code&gt;true&lt;/code&gt; if the mappedValue contains the {@link #PERMISSIVE} qualifier.
      *
      * @return &lt;code&gt;true&lt;/code&gt; if this filter should be permissive
      */
     protected boolean isPermissive(Object mappedValue) {
 <span class="fc bfc" id="L133" title="All 2 branches covered.">        if(mappedValue != null) {</span>
 <span class="fc" id="L134">            String[] values = (String[]) mappedValue;</span>
 <span class="pc bpc" id="L135" title="1 of 2 branches missed.">            return Arrays.binarySearch(values, PERMISSIVE) &gt;= 0;</span>
         }
 <span class="fc" id="L137">        return false;</span>
     }

     /**
      * Overrides the default behavior to call {@link #onAccessDenied} and swallow the exception if the exception is
      * {@link UnauthenticatedException}.
      */
     @Override
     protected void cleanup(ServletRequest request, ServletResponse response, Exception existing) throws ServletException, IOException {
 <span class="pc bpc" id="L146" title="4 of 6 branches missed.">        if (existing instanceof UnauthenticatedException || (existing instanceof ServletException &amp;&amp; existing.getCause() instanceof UnauthenticatedException))</span>
         {
             try {
 <span class="nc" id="L149">                onAccessDenied(request, response);</span>
 <span class="nc" id="L150">                existing = null;</span>
 <span class="nc" id="L151">            } catch (Exception e) {</span>
 <span class="nc" id="L152">                existing = e;</span>
 <span class="nc" id="L153">            }</span>
         }
 <span class="fc" id="L155">        super.cleanup(request, response, existing);</span>

 <span class="fc" id="L157">    }</span>
 }
 </pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.7.7.201606060606</span></div></body></html>
	<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en"><head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"/><link rel="stylesheet" href="../../jacoco-resources/report.css" type="text/css"/><link rel="shortcut icon" href="../../jacoco-resources/report.gif" type="image/gif"/><title>AuthenticatingFilter.java</title><link rel="stylesheet" href="../../jacoco-resources/prettify.css" type="text/css"/><script type="text/javascript" src="../../jacoco-resources/prettify.js"></script></head><body onload="window['PR_TAB_WIDTH']=4;prettyPrint()"><div class="breadcrumb" id="breadcrumb"><span class="info"><a href="../../jacoco-sessions.html" class="el_session">Sessions</a></span><a href="../../index.html" class="el_report">Apache Shiro :: Test Coverage</a> > <a href="../index.html" class="el_bundle">shiro-web</a> > <a href="index.source.html" class="el_package">org.apache.shiro.web.filter.authc</a> > <span class="el_source">AuthenticatingFilter.java</span></div><h1>AuthenticatingFilter.java</h1><pre class="source lang-java linenums">/*
	* Licensed to the Apache Software Foundation (ASF) under one
	* or more contributor license agreements. See the NOTICE file
	* distributed with this work for additional information
	* regarding copyright ownership. The ASF licenses this file
	* to you under the Apache License, Version 2.0 (the
	* "License"); you may not use this file except in compliance
	* with the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing,
	* software distributed under the License is distributed on an
	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	* KIND, either express or implied. See the License for the
	* specific language governing permissions and limitations
	* under the License.
	*/
	package org.apache.shiro.web.filter.authc;

	import org.apache.shiro.authc.AuthenticationException;
	import org.apache.shiro.authc.AuthenticationToken;
	import org.apache.shiro.authc.UsernamePasswordToken;
	import org.apache.shiro.authz.UnauthenticatedException;
	import org.apache.shiro.subject.Subject;

	import javax.servlet.ServletException;
	import javax.servlet.ServletRequest;
	import javax.servlet.ServletResponse;
	import java.io.IOException;
	import java.util.Arrays;

	/**
	* An <code>AuthenticationFilter</code> that is capable of automatically performing an authentication attempt
	* based on the incoming request.
	*
	* @since 0.9
	*/
	<span class="fc" id="L39">public abstract class AuthenticatingFilter extends AuthenticationFilter {</span>
	public static final String PERMISSIVE = "permissive";

	//TODO - complete JavaDoc

	protected boolean executeLogin(ServletRequest request, ServletResponse response) throws Exception {
	<span class="fc" id="L45"> AuthenticationToken token = createToken(request, response);</span>
	<span class="pc bpc" id="L46" title="1 of 2 branches missed."> if (token == null) {</span>
	<span class="nc" id="L47"> String msg = "createToken method implementation returned null. A valid non-null AuthenticationToken " +</span>
	"must be created in order to execute a login attempt.";
	<span class="nc" id="L49"> throw new IllegalStateException(msg);</span>
	}
	try {
	<span class="fc" id="L52"> Subject subject = getSubject(request, response);</span>
	<span class="fc" id="L53"> subject.login(token);</span>
	<span class="fc" id="L54"> return onLoginSuccess(token, subject, request, response);</span>
	<span class="nc" id="L55"> } catch (AuthenticationException e) {</span>
	<span class="nc" id="L56"> return onLoginFailure(token, e, request, response);</span>
	}
	}

	protected abstract AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception;

	protected AuthenticationToken createToken(String username, String password,
	ServletRequest request, ServletResponse response) {
	<span class="fc" id="L64"> boolean rememberMe = isRememberMe(request);</span>
	<span class="fc" id="L65"> String host = getHost(request);</span>
	<span class="fc" id="L66"> return createToken(username, password, rememberMe, host);</span>
	}

	protected AuthenticationToken createToken(String username, String password,
	boolean rememberMe, String host) {
	<span class="fc" id="L71"> return new UsernamePasswordToken(username, password, rememberMe, host);</span>
	}

	protected boolean onLoginSuccess(AuthenticationToken token, Subject subject,
	ServletRequest request, ServletResponse response) throws Exception {
	<span class="fc" id="L76"> return true;</span>
	}

	protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e,
	ServletRequest request, ServletResponse response) {
	<span class="nc" id="L81"> return false;</span>
	}

	/**
	* Returns the host name or IP associated with the current subject. This method is primarily provided for use
	* during construction of an <code>AuthenticationToken</code>.
	* <p/>
	* The default implementation merely returns {@link ServletRequest#getRemoteHost()}.
	*
	* @param request the incoming ServletRequest
	* @return the <code>InetAddress</code> to associate with the login attempt.
	*/
	protected String getHost(ServletRequest request) {
	<span class="fc" id="L94"> return request.getRemoteHost();</span>
	}

	/**
	* Returns <code>true</code> if &quot;rememberMe&quot; should be enabled for the login attempt associated with the
	* current <code>request</code>, <code>false</code> otherwise.
	* <p/>
	* This implementation always returns <code>false</code> and is provided as a template hook to subclasses that
	* support <code>rememberMe</code> logins and wish to determine <code>rememberMe</code> in a custom mannner
	* based on the current <code>request</code>.
	*
	* @param request the incoming ServletRequest
	* @return <code>true</code> if &quot;rememberMe&quot; should be enabled for the login attempt associated with the
	* current <code>request</code>, <code>false</code> otherwise.
	*/
	protected boolean isRememberMe(ServletRequest request) {
	<span class="fc" id="L110"> return false;</span>
	}

	/**
	* Determines whether the current subject should be allowed to make the current request.
	* <p/>
	* The default implementation returns <code>true</code> if the user is authenticated. Will also return
	* <code>true</code> if the {@link #isLoginRequest} returns false and the &quot;permissive&quot; flag is set.
	*
	* @return <code>true</code> if request should be allowed access
	*/
	@Override
	protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
	<span class="pc bpc" id="L123" title="1 of 2 branches missed."> return super.isAccessAllowed(request, response, mappedValue) \|\|</span>
	<span class="fc bfc" id="L124" title="All 4 branches covered."> (!isLoginRequest(request, response) && isPermissive(mappedValue));</span>
	}

	/**
	* Returns <code>true</code> if the mappedValue contains the {@link #PERMISSIVE} qualifier.
	*
	* @return <code>true</code> if this filter should be permissive
	*/
	protected boolean isPermissive(Object mappedValue) {
	<span class="fc bfc" id="L133" title="All 2 branches covered."> if(mappedValue != null) {</span>
	<span class="fc" id="L134"> String[] values = (String[]) mappedValue;</span>
	<span class="pc bpc" id="L135" title="1 of 2 branches missed."> return Arrays.binarySearch(values, PERMISSIVE) >= 0;</span>
	}
	<span class="fc" id="L137"> return false;</span>
	}

	/**
	* Overrides the default behavior to call {@link #onAccessDenied} and swallow the exception if the exception is
	* {@link UnauthenticatedException}.
	*/
	@Override
	protected void cleanup(ServletRequest request, ServletResponse response, Exception existing) throws ServletException, IOException {
	<span class="pc bpc" id="L146" title="4 of 6 branches missed."> if (existing instanceof UnauthenticatedException \|\| (existing instanceof ServletException && existing.getCause() instanceof UnauthenticatedException))</span>
	{
	try {
	<span class="nc" id="L149"> onAccessDenied(request, response);</span>
	<span class="nc" id="L150"> existing = null;</span>
	<span class="nc" id="L151"> } catch (Exception e) {</span>
	<span class="nc" id="L152"> existing = e;</span>
	<span class="nc" id="L153"> }</span>
	}
	<span class="fc" id="L155"> super.cleanup(request, response, existing);</span>

	<span class="fc" id="L157"> }</span>
	}
	</pre><div class="footer"><span class="right">Created with <a href="http://www.eclemma.org/jacoco">JaCoCo</a> 0.7.7.201606060606</span></div></body></html>