Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.5.2 / shiro-web / apidocs / org / apache / shiro / web / filter / authc / BearerHttpAuthenticationFilter.html
blob: c9571cfe4252d4376f2f563719f46639df64dc59 [file] [log] [blame]
<!DOCTYPE HTML>
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (11.0.6) on Mon Mar 23 13:35:05 EDT 2020 -->
<title>BearerHttpAuthenticationFilter (Apache Shiro :: Web 1.5.2 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="dc.created" content="2020-03-23">
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../../../script.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../../../jquery/jquery-3.3.1.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jquery-migrate-3.0.1.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
try {
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="BearerHttpAuthenticationFilter (Apache Shiro :: Web 1.5.2 API)";
}
}
catch(err) {
}
//-->
var data = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10,"i6":10,"i7":10,"i8":10,"i9":10,"i10":10,"i11":10,"i12":10,"i13":10,"i14":10,"i15":10,"i16":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav">
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a id="navbar.top">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/BearerHttpAuthenticationFilter.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li><a href="#field.detail">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>
<!-- ======== START OF CLASS DATA ======== -->
<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.apache.shiro.web.filter.authc</a></div>
<h2 title="Class BearerHttpAuthenticationFilter" class="title">Class BearerHttpAuthenticationFilter</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">java.lang.Object</a></li>
<li>
<ul class="inheritance">
<li><a href="../../servlet/ServletContextSupport.html" title="class in org.apache.shiro.web.servlet">org.apache.shiro.web.servlet.ServletContextSupport</a></li>
<li>
<ul class="inheritance">
<li><a href="../../servlet/AbstractFilter.html" title="class in org.apache.shiro.web.servlet">org.apache.shiro.web.servlet.AbstractFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="../../servlet/NameableFilter.html" title="class in org.apache.shiro.web.servlet">org.apache.shiro.web.servlet.NameableFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="../../servlet/OncePerRequestFilter.html" title="class in org.apache.shiro.web.servlet">org.apache.shiro.web.servlet.OncePerRequestFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="../../servlet/AdviceFilter.html" title="class in org.apache.shiro.web.servlet">org.apache.shiro.web.servlet.AdviceFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="../PathMatchingFilter.html" title="class in org.apache.shiro.web.filter">org.apache.shiro.web.filter.PathMatchingFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="../AccessControlFilter.html" title="class in org.apache.shiro.web.filter">org.apache.shiro.web.filter.AccessControlFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="AuthenticationFilter.html" title="class in org.apache.shiro.web.filter.authc">org.apache.shiro.web.filter.authc.AuthenticationFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="AuthenticatingFilter.html" title="class in org.apache.shiro.web.filter.authc">org.apache.shiro.web.filter.authc.AuthenticatingFilter</a></li>
<li>
<ul class="inheritance">
<li>org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><code><a href="https://docs.oracle.com/javaee/5/api/javax/servlet/Filter.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">Filter</a></code>, <code>org.apache.shiro.util.Nameable</code>, <code><a href="../PathConfigProcessor.html" title="interface in org.apache.shiro.web.filter">PathConfigProcessor</a></code></dd>
</dl>
<hr>
<pre>public class <a href="../../../../../../src-html/org/apache/shiro/web/filter/authc/BearerHttpAuthenticationFilter.html#line.43">BearerHttpAuthenticationFilter</a>
extends <a href="AuthenticatingFilter.html" title="class in org.apache.shiro.web.filter.authc">AuthenticatingFilter</a></pre>
<div class="block">Requires the requesting user to be <code>authenticated</code> for the
request to continue, and if they're not, requires the user to login via the HTTP Bearer protocol-specific challenge.
Upon successful login, they're allowed to continue on to the requested resource/url.
<p/>
The <a href="../AccessControlFilter.html#onAccessDenied(javax.servlet.ServletRequest,javax.servlet.ServletResponse)"><code>AccessControlFilter.onAccessDenied(ServletRequest, ServletResponse)</code></a> method will
only be called if the subject making the request is not
<code>authenticated</code></div>
<dl>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>1.5</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="https://tools.ietf.org/html/rfc2617">RFC 2617</a>,
<a href="https://tools.ietf.org/html/rfc6750#section-2.1">OAuth2 Authorization Request Header Field</a></dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- =========== FIELD SUMMARY =========== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="field.summary">
<!-- -->
</a>
<h3>Field Summary</h3>
<table class="memberSummary">
<caption><span>Fields</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Field</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<td class="colFirst"><code>protected static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#AUTHENTICATE_HEADER">AUTHENTICATE_HEADER</a></span></code></th>
<td class="colLast">
<div class="block">HTTP Authentication header, equal to <code>WWW-Authenticate</code></div>
</td>
</tr>
<tr class="rowColor">
<td class="colFirst"><code>protected static <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#AUTHORIZATION_HEADER">AUTHORIZATION_HEADER</a></span></code></th>
<td class="colLast">
<div class="block">HTTP Authorization header, equal to <code>Authorization</code></div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="fields.inherited.from.class.org.apache.shiro.web.filter.authc.AuthenticatingFilter">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.shiro.web.filter.authc.<a href="AuthenticatingFilter.html" title="class in org.apache.shiro.web.filter.authc">AuthenticatingFilter</a></h3>
<code><a href="AuthenticatingFilter.html#PERMISSIVE">PERMISSIVE</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="fields.inherited.from.class.org.apache.shiro.web.filter.authc.AuthenticationFilter">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.shiro.web.filter.authc.<a href="AuthenticationFilter.html" title="class in org.apache.shiro.web.filter.authc">AuthenticationFilter</a></h3>
<code><a href="AuthenticationFilter.html#DEFAULT_SUCCESS_URL">DEFAULT_SUCCESS_URL</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="fields.inherited.from.class.org.apache.shiro.web.filter.AccessControlFilter">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.shiro.web.filter.<a href="../AccessControlFilter.html" title="class in org.apache.shiro.web.filter">AccessControlFilter</a></h3>
<code><a href="../AccessControlFilter.html#DEFAULT_LOGIN_URL">DEFAULT_LOGIN_URL</a>, <a href="../AccessControlFilter.html#GET_METHOD">GET_METHOD</a>, <a href="../AccessControlFilter.html#POST_METHOD">POST_METHOD</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="fields.inherited.from.class.org.apache.shiro.web.filter.PathMatchingFilter">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.shiro.web.filter.<a href="../PathMatchingFilter.html" title="class in org.apache.shiro.web.filter">PathMatchingFilter</a></h3>
<code><a href="../PathMatchingFilter.html#appliedPaths">appliedPaths</a>, <a href="../PathMatchingFilter.html#pathMatcher">pathMatcher</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="fields.inherited.from.class.org.apache.shiro.web.servlet.OncePerRequestFilter">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/OncePerRequestFilter.html" title="class in org.apache.shiro.web.servlet">OncePerRequestFilter</a></h3>
<code><a href="../../servlet/OncePerRequestFilter.html#ALREADY_FILTERED_SUFFIX">ALREADY_FILTERED_SUFFIX</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="fields.inherited.from.class.org.apache.shiro.web.servlet.AbstractFilter">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/AbstractFilter.html" title="class in org.apache.shiro.web.servlet">AbstractFilter</a></h3>
<code><a href="../../servlet/AbstractFilter.html#filterConfig">filterConfig</a></code></li>
</ul>
</li>
</ul>
</section>
<!-- ======== CONSTRUCTOR SUMMARY ======== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.summary">
<!-- -->
</a>
<h3>Constructor Summary</h3>
<table class="memberSummary">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Constructor</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="#%3Cinit%3E()">BearerHttpAuthenticationFilter</a></span>()</code></th>
<td class="colLast">&nbsp;</td>
</tr>
</table>
</li>
</ul>
</section>
<!-- ========== METHOD SUMMARY =========== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>protected org.apache.shiro.authc.AuthenticationToken</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#createBearerToken(java.lang.String,javax.servlet.ServletRequest)">createBearerToken</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;token,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request)</code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>protected org.apache.shiro.authc.AuthenticationToken</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#createToken(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">createToken</a></span>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response)</code></th>
<td class="colLast">
<div class="block">Creates an AuthenticationToken for use during login attempt with the provided credentials in the http header.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getApplicationName()">getApplicationName</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns the name to use in the ServletResponse's <b><code>WWW-Authenticate</code></b> header.</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getAuthcScheme()">getAuthcScheme</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns the HTTP <b><code>WWW-Authenticate</code></b> header scheme that this filter will use when sending
the HTTP Basic challenge response.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getAuthzHeader(javax.servlet.ServletRequest)">getAuthzHeader</a></span>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request)</code></th>
<td class="colLast">
<div class="block">Returns the <a href="#AUTHORIZATION_HEADER"><code>AUTHORIZATION_HEADER</code></a> from the specified ServletRequest.</div>
</td>
</tr>
<tr id="i5" class="rowColor">
<td class="colFirst"><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getAuthzScheme()">getAuthzScheme</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns the HTTP <b><code>Authorization</code></b> header value that this filter will respond to as indicating
a login request.</div>
</td>
</tr>
<tr id="i6" class="altColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>[]</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getPrincipalsAndCredentials(java.lang.String,java.lang.String)">getPrincipalsAndCredentials</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;scheme,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;token)</code></th>
<td class="colLast">&nbsp;</td>
</tr>
<tr id="i7" class="rowColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>[]</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getPrincipalsAndCredentials(java.lang.String,javax.servlet.ServletRequest)">getPrincipalsAndCredentials</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;authorizationHeader,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request)</code></th>
<td class="colLast">
<div class="block">Returns the username obtained from the
<a href="#getAuthzHeader(javax.servlet.ServletRequest)"><code>authorizationHeader</code></a>.</div>
</td>
</tr>
<tr id="i8" class="altColor">
<td class="colFirst"><code>protected boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#isAccessAllowed(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)">isAccessAllowed</a></span>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;mappedValue)</code></th>
<td class="colLast">
<div class="block">The Basic authentication filter can be configured with a list of HTTP methods to which it should apply.</div>
</td>
</tr>
<tr id="i9" class="rowColor">
<td class="colFirst"><code>protected boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#isLoginAttempt(java.lang.String)">isLoginAttempt</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;authzHeader)</code></th>
<td class="colLast">
<div class="block">Default implementation that returns <code>true</code> if the specified <code>authzHeader</code>
starts with the same (case-insensitive) characters specified by the
<a href="#getAuthzScheme()"><code>authzScheme</code></a>, <code>false</code> otherwise.</div>
</td>
</tr>
<tr id="i10" class="altColor">
<td class="colFirst"><code>protected boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#isLoginAttempt(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">isLoginAttempt</a></span>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response)</code></th>
<td class="colLast">
<div class="block">Determines whether the incoming request is an attempt to log in.</div>
</td>
</tr>
<tr id="i11" class="rowColor">
<td class="colFirst"><code>protected boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#isLoginRequest(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">isLoginRequest</a></span>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response)</code></th>
<td class="colLast">
<div class="block">Delegates to <a href="#isLoginAttempt(javax.servlet.ServletRequest,javax.servlet.ServletResponse)"><code>isLoginAttempt</code></a>.</div>
</td>
</tr>
<tr id="i12" class="altColor">
<td class="colFirst"><code>protected boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#onAccessDenied(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">onAccessDenied</a></span>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response)</code></th>
<td class="colLast">
<div class="block">Processes unauthenticated requests.</div>
</td>
</tr>
<tr id="i13" class="rowColor">
<td class="colFirst"><code>protected boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#sendChallenge(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">sendChallenge</a></span>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response)</code></th>
<td class="colLast">
<div class="block">Builds the challenge for authorization by setting a HTTP <code>401</code> (Unauthorized) status as well as the
response's <a href="#AUTHENTICATE_HEADER"><code>AUTHENTICATE_HEADER</code></a>.</div>
</td>
</tr>
<tr id="i14" class="altColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setApplicationName(java.lang.String)">setApplicationName</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;applicationName)</code></th>
<td class="colLast">
<div class="block">Sets the name to use in the ServletResponse's <b><code>WWW-Authenticate</code></b> header.</div>
</td>
</tr>
<tr id="i15" class="rowColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setAuthcScheme(java.lang.String)">setAuthcScheme</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;authcScheme)</code></th>
<td class="colLast">
<div class="block">Sets the HTTP <b><code>WWW-Authenticate</code></b> header scheme that this filter will use when sending the
HTTP Basic challenge response.</div>
</td>
</tr>
<tr id="i16" class="altColor">
<td class="colFirst"><code>void</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#setAuthzScheme(java.lang.String)">setAuthzScheme</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;authzScheme)</code></th>
<td class="colLast">
<div class="block">Sets the HTTP <b><code>Authorization</code></b> header value that this filter will respond to as indicating a
login request.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.filter.authc.AuthenticatingFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.filter.authc.<a href="AuthenticatingFilter.html" title="class in org.apache.shiro.web.filter.authc">AuthenticatingFilter</a></h3>
<code><a href="AuthenticatingFilter.html#cleanup(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Exception)">cleanup</a>, <a href="AuthenticatingFilter.html#createToken(java.lang.String,java.lang.String,boolean,java.lang.String)">createToken</a>, <a href="AuthenticatingFilter.html#createToken(java.lang.String,java.lang.String,javax.servlet.ServletRequest,javax.servlet.ServletResponse)">createToken</a>, <a href="AuthenticatingFilter.html#executeLogin(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">executeLogin</a>, <a href="AuthenticatingFilter.html#getHost(javax.servlet.ServletRequest)">getHost</a>, <a href="AuthenticatingFilter.html#isPermissive(java.lang.Object)">isPermissive</a>, <a href="AuthenticatingFilter.html#isRememberMe(javax.servlet.ServletRequest)">isRememberMe</a>, <a href="AuthenticatingFilter.html#onLoginFailure(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.authc.AuthenticationException,javax.servlet.ServletRequest,javax.servlet.ServletResponse)">onLoginFailure</a>, <a href="AuthenticatingFilter.html#onLoginSuccess(org.apache.shiro.authc.AuthenticationToken,org.apache.shiro.subject.Subject,javax.servlet.ServletRequest,javax.servlet.ServletResponse)">onLoginSuccess</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.filter.authc.AuthenticationFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.filter.authc.<a href="AuthenticationFilter.html" title="class in org.apache.shiro.web.filter.authc">AuthenticationFilter</a></h3>
<code><a href="AuthenticationFilter.html#getSuccessUrl()">getSuccessUrl</a>, <a href="AuthenticationFilter.html#issueSuccessRedirect(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">issueSuccessRedirect</a>, <a href="AuthenticationFilter.html#setSuccessUrl(java.lang.String)">setSuccessUrl</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.filter.AccessControlFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.filter.<a href="../AccessControlFilter.html" title="class in org.apache.shiro.web.filter">AccessControlFilter</a></h3>
<code><a href="../AccessControlFilter.html#getLoginUrl()">getLoginUrl</a>, <a href="../AccessControlFilter.html#getSubject(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">getSubject</a>, <a href="../AccessControlFilter.html#onAccessDenied(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)">onAccessDenied</a>, <a href="../AccessControlFilter.html#onPreHandle(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)">onPreHandle</a>, <a href="../AccessControlFilter.html#redirectToLogin(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">redirectToLogin</a>, <a href="../AccessControlFilter.html#saveRequest(javax.servlet.ServletRequest)">saveRequest</a>, <a href="../AccessControlFilter.html#saveRequestAndRedirectToLogin(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">saveRequestAndRedirectToLogin</a>, <a href="../AccessControlFilter.html#setLoginUrl(java.lang.String)">setLoginUrl</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.filter.PathMatchingFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.filter.<a href="../PathMatchingFilter.html" title="class in org.apache.shiro.web.filter">PathMatchingFilter</a></h3>
<code><a href="../PathMatchingFilter.html#getPathWithinApplication(javax.servlet.ServletRequest)">getPathWithinApplication</a>, <a href="../PathMatchingFilter.html#isEnabled(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.String,java.lang.Object)">isEnabled</a>, <a href="../PathMatchingFilter.html#pathsMatch(java.lang.String,java.lang.String)">pathsMatch</a>, <a href="../PathMatchingFilter.html#pathsMatch(java.lang.String,javax.servlet.ServletRequest)">pathsMatch</a>, <a href="../PathMatchingFilter.html#preHandle(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">preHandle</a>, <a href="../PathMatchingFilter.html#processPathConfig(java.lang.String,java.lang.String)">processPathConfig</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.servlet.AdviceFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/AdviceFilter.html" title="class in org.apache.shiro.web.servlet">AdviceFilter</a></h3>
<code><a href="../../servlet/AdviceFilter.html#afterCompletion(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Exception)">afterCompletion</a>, <a href="../../servlet/AdviceFilter.html#doFilterInternal(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)">doFilterInternal</a>, <a href="../../servlet/AdviceFilter.html#executeChain(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)">executeChain</a>, <a href="../../servlet/AdviceFilter.html#postHandle(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">postHandle</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.servlet.OncePerRequestFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/OncePerRequestFilter.html" title="class in org.apache.shiro.web.servlet">OncePerRequestFilter</a></h3>
<code><a href="../../servlet/OncePerRequestFilter.html#doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)">doFilter</a>, <a href="../../servlet/OncePerRequestFilter.html#getAlreadyFilteredAttributeName()">getAlreadyFilteredAttributeName</a>, <a href="../../servlet/OncePerRequestFilter.html#isEnabled()">isEnabled</a>, <a href="../../servlet/OncePerRequestFilter.html#isEnabled(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">isEnabled</a>, <a href="../../servlet/OncePerRequestFilter.html#setEnabled(boolean)">setEnabled</a>, <a href="../../servlet/OncePerRequestFilter.html#shouldNotFilter(javax.servlet.ServletRequest)">shouldNotFilter</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.servlet.NameableFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/NameableFilter.html" title="class in org.apache.shiro.web.servlet">NameableFilter</a></h3>
<code><a href="../../servlet/NameableFilter.html#getName()">getName</a>, <a href="../../servlet/NameableFilter.html#setName(java.lang.String)">setName</a>, <a href="../../servlet/NameableFilter.html#toStringBuilder()">toStringBuilder</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.servlet.AbstractFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/AbstractFilter.html" title="class in org.apache.shiro.web.servlet">AbstractFilter</a></h3>
<code><a href="../../servlet/AbstractFilter.html#destroy()">destroy</a>, <a href="../../servlet/AbstractFilter.html#getFilterConfig()">getFilterConfig</a>, <a href="../../servlet/AbstractFilter.html#getInitParam(java.lang.String)">getInitParam</a>, <a href="../../servlet/AbstractFilter.html#init(javax.servlet.FilterConfig)">init</a>, <a href="../../servlet/AbstractFilter.html#onFilterConfigSet()">onFilterConfigSet</a>, <a href="../../servlet/AbstractFilter.html#setFilterConfig(javax.servlet.FilterConfig)">setFilterConfig</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.servlet.ServletContextSupport">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/ServletContextSupport.html" title="class in org.apache.shiro.web.servlet">ServletContextSupport</a></h3>
<code><a href="../../servlet/ServletContextSupport.html#getContextAttribute(java.lang.String)">getContextAttribute</a>, <a href="../../servlet/ServletContextSupport.html#getContextInitParam(java.lang.String)">getContextInitParam</a>, <a href="../../servlet/ServletContextSupport.html#getServletContext()">getServletContext</a>, <a href="../../servlet/ServletContextSupport.html#removeContextAttribute(java.lang.String)">removeContextAttribute</a>, <a href="../../servlet/ServletContextSupport.html#setContextAttribute(java.lang.String,java.lang.Object)">setContextAttribute</a>, <a href="../../servlet/ServletContextSupport.html#setServletContext(javax.servlet.ServletContext)">setServletContext</a>, <a href="../../servlet/ServletContextSupport.html#toString()">toString</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.lang.Object">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a></h3>
<code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone()" title="class or interface in java.lang" class="externalLink">clone</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals(java.lang.Object)" title="class or interface in java.lang" class="externalLink">equals</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize()" title="class or interface in java.lang" class="externalLink">finalize</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass()" title="class or interface in java.lang" class="externalLink">getClass</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode()" title="class or interface in java.lang" class="externalLink">hashCode</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify()" title="class or interface in java.lang" class="externalLink">notify</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notifyAll()" title="class or interface in java.lang" class="externalLink">notifyAll</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait()" title="class or interface in java.lang" class="externalLink">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait(long)" title="class or interface in java.lang" class="externalLink">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait(long,int)" title="class or interface in java.lang" class="externalLink">wait</a></code></li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ============ FIELD DETAIL =========== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="field.detail">
<!-- -->
</a>
<h3>Field Detail</h3>
<a id="AUTHORIZATION_HEADER">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>AUTHORIZATION_HEADER</h4>
<pre>protected static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a> AUTHORIZATION_HEADER</pre>
<div class="block">HTTP Authorization header, equal to <code>Authorization</code></div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../../constant-values.html#org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter.AUTHORIZATION_HEADER">Constant Field Values</a></dd>
</dl>
</li>
</ul>
<a id="AUTHENTICATE_HEADER">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>AUTHENTICATE_HEADER</h4>
<pre>protected static final&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a> AUTHENTICATE_HEADER</pre>
<div class="block">HTTP Authentication header, equal to <code>WWW-Authenticate</code></div>
<dl>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="../../../../../../constant-values.html#org.apache.shiro.web.filter.authc.BearerHttpAuthenticationFilter.AUTHENTICATE_HEADER">Constant Field Values</a></dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
<!-- ========= CONSTRUCTOR DETAIL ======== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.detail">
<!-- -->
</a>
<h3>Constructor Detail</h3>
<a id="&lt;init&gt;()">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>BearerHttpAuthenticationFilter</h4>
<pre>public&nbsp;<a href="../../../../../../src-html/org/apache/shiro/web/filter/authc/BearerHttpAuthenticationFilter.html#line.52">BearerHttpAuthenticationFilter</a>()</pre>
</li>
</ul>
</li>
</ul>
</section>
<!-- ============ METHOD DETAIL ========== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a id="createToken(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>createToken</h4>
<pre class="methodSignature">protected&nbsp;org.apache.shiro.authc.AuthenticationToken&nbsp;<a href="../../../../../../src-html/org/apache/shiro/web/filter/authc/BearerHttpAuthenticationFilter.html#line.73">createToken</a>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response)</pre>
<div class="block">Creates an AuthenticationToken for use during login attempt with the provided credentials in the http header.
<p/>
This implementation:
<ol><li>acquires the username and password based on the request's
<a href="#getAuthzHeader(javax.servlet.ServletRequest)"><code>authorization header</code></a> via the
<a href="#getPrincipalsAndCredentials(java.lang.String,javax.servlet.ServletRequest)"><code>getPrincipalsAndCredentials</code></a> method</li>
<li>The return value of that method is converted to an <code>AuthenticationToken</code> via the
<a href="AuthenticatingFilter.html#createToken(java.lang.String,java.lang.String,javax.servlet.ServletRequest,javax.servlet.ServletResponse)"><code>createToken</code></a> method</li>
<li>The created <code>AuthenticationToken</code> is returned.</li>
</ol></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>request</code> - incoming ServletRequest</dd>
<dd><code>response</code> - outgoing ServletResponse</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the AuthenticationToken used to execute the login attempt</dd>
</dl>
</li>
</ul>
<a id="getPrincipalsAndCredentials(java.lang.String,java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getPrincipalsAndCredentials</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>[]&nbsp;<a href="../../../../../../src-html/org/apache/shiro/web/filter/authc/BearerHttpAuthenticationFilter.html#line.93">getPrincipalsAndCredentials</a>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;scheme,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;token)</pre>
</li>
</ul>
<a id="createBearerToken(java.lang.String,javax.servlet.ServletRequest)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>createBearerToken</h4>
<pre class="methodSignature">protected&nbsp;org.apache.shiro.authc.AuthenticationToken&nbsp;<a href="../../../../../../src-html/org/apache/shiro/web/filter/authc/BearerHttpAuthenticationFilter.html#line.98">createBearerToken</a>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;token,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request)</pre>
</li>
</ul>
<a id="getApplicationName()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getApplicationName</h4>
<pre class="methodSignature">public&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;getApplicationName()</pre>
<div class="block">Returns the name to use in the ServletResponse's <b><code>WWW-Authenticate</code></b> header.
<p/>
Per RFC 2617, this name name is displayed to the end user when they are asked to authenticate. Unless overridden
by the <a href="#setApplicationName(java.lang.String)"><code>setApplicationName(String)</code></a> method, the default value is 'application'.
<p/>
Please see <a href="#setApplicationName(java.lang.String)"><code>setApplicationName(String)</code></a> for an example of how this functions.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the name to use in the ServletResponse's 'WWW-Authenticate' header.</dd>
</dl>
</li>
</ul>
<a id="setApplicationName(java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setApplicationName</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;setApplicationName&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;applicationName)</pre>
<div class="block">Sets the name to use in the ServletResponse's <b><code>WWW-Authenticate</code></b> header.
<p/>
Per RFC 2617, this name name is displayed to the end user when they are asked to authenticate. Unless overridden
by this method, the default value is &quot;application&quot;
<p/>
For example, setting this property to the value <b><code>Awesome Webapp</code></b> will result in the
following header:
<p/>
<code>WWW-Authenticate: Basic realm=&quot;<b>Awesome Webapp</b>&quot;</code>
<p/>
Side note: As you can see from the header text, the HTTP Basic specification calls
this the authentication 'realm', but we call this the 'applicationName' instead to avoid confusion with
Shiro's Realm constructs.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>applicationName</code> - the name to use in the ServletResponse's 'WWW-Authenticate' header.</dd>
</dl>
</li>
</ul>
<a id="getAuthzScheme()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getAuthzScheme</h4>
<pre class="methodSignature">public&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;getAuthzScheme()</pre>
<div class="block">Returns the HTTP <b><code>Authorization</code></b> header value that this filter will respond to as indicating
a login request.
<p/>
Unless overridden by the <a href="#setAuthzScheme(java.lang.String)"><code>setAuthzScheme(String)</code></a> method, the
default value is <code>BASIC</code>.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the Http 'Authorization' header value that this filter will respond to as indicating a login request</dd>
</dl>
</li>
</ul>
<a id="setAuthzScheme(java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setAuthzScheme</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;setAuthzScheme&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;authzScheme)</pre>
<div class="block">Sets the HTTP <b><code>Authorization</code></b> header value that this filter will respond to as indicating a
login request.
<p/>
Unless overridden by this method, the default value is <code>BASIC</code></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>authzScheme</code> - the HTTP <code>Authorization</code> header value that this filter will respond to as
indicating a login request.</dd>
</dl>
</li>
</ul>
<a id="getAuthcScheme()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getAuthcScheme</h4>
<pre class="methodSignature">public&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;getAuthcScheme()</pre>
<div class="block">Returns the HTTP <b><code>WWW-Authenticate</code></b> header scheme that this filter will use when sending
the HTTP Basic challenge response. The default value is <code>BASIC</code>.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the HTTP <code>WWW-Authenticate</code> header scheme that this filter will use when sending the HTTP
Basic challenge response.</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="#sendChallenge(javax.servlet.ServletRequest,javax.servlet.ServletResponse)"><code>sendChallenge(javax.servlet.ServletRequest, javax.servlet.ServletResponse)</code></a></dd>
</dl>
</li>
</ul>
<a id="setAuthcScheme(java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>setAuthcScheme</h4>
<pre class="methodSignature">public&nbsp;void&nbsp;setAuthcScheme&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;authcScheme)</pre>
<div class="block">Sets the HTTP <b><code>WWW-Authenticate</code></b> header scheme that this filter will use when sending the
HTTP Basic challenge response. The default value is <code>BASIC</code>.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>authcScheme</code> - the HTTP <code>WWW-Authenticate</code> header scheme that this filter will use when
sending the Http Basic challenge response.</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="#sendChallenge(javax.servlet.ServletRequest,javax.servlet.ServletResponse)"><code>sendChallenge(javax.servlet.ServletRequest, javax.servlet.ServletResponse)</code></a></dd>
</dl>
</li>
</ul>
<a id="isAccessAllowed(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>isAccessAllowed</h4>
<pre class="methodSignature">protected&nbsp;boolean&nbsp;isAccessAllowed&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;mappedValue)</pre>
<div class="block">The Basic authentication filter can be configured with a list of HTTP methods to which it should apply. This
method ensures that authentication is <em>only</em> required for those HTTP methods specified. For example,
if you had the configuration:
<pre>
[urls]
/basic/** = authcBasic[POST,PUT,DELETE]
</pre>
then a GET request would not required authentication but a POST would.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="AuthenticatingFilter.html#isAccessAllowed(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)">isAccessAllowed</a></code>&nbsp;in class&nbsp;<code><a href="AuthenticatingFilter.html" title="class in org.apache.shiro.web.filter.authc">AuthenticatingFilter</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>request</code> - The current HTTP servlet request.</dd>
<dd><code>response</code> - The current HTTP servlet response.</dd>
<dd><code>mappedValue</code> - The array of configured HTTP methods as strings. This is empty if no methods are configured.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><code>true</code> if request should be allowed access</dd>
</dl>
</li>
</ul>
<a id="onAccessDenied(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>onAccessDenied</h4>
<pre class="methodSignature">protected&nbsp;boolean&nbsp;onAccessDenied&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang" class="externalLink">Exception</a></pre>
<div class="block">Processes unauthenticated requests. It handles the two-stage request/challenge authentication protocol.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Specified by:</span></dt>
<dd><code><a href="../AccessControlFilter.html#onAccessDenied(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">onAccessDenied</a></code>&nbsp;in class&nbsp;<code><a href="../AccessControlFilter.html" title="class in org.apache.shiro.web.filter">AccessControlFilter</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>request</code> - incoming ServletRequest</dd>
<dd><code>response</code> - outgoing ServletResponse</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>true if the request should be processed; false if the request should not continue to be processed</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Exception.html?is-external=true" title="class or interface in java.lang" class="externalLink">Exception</a></code> - if there is an error processing the request.</dd>
</dl>
</li>
</ul>
<a id="isLoginAttempt(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>isLoginAttempt</h4>
<pre class="methodSignature">protected&nbsp;boolean&nbsp;isLoginAttempt&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response)</pre>
<div class="block">Determines whether the incoming request is an attempt to log in.
<p/>
The default implementation obtains the value of the request's
<a href="#AUTHORIZATION_HEADER"><code>AUTHORIZATION_HEADER</code></a>, and if it is not <code>null</code>, delegates
to <a href="#isLoginAttempt(java.lang.String)"><code>isLoginAttempt(authzHeaderValue)</code></a>. If the header is <code>null</code>,
<code>false</code> is returned.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>request</code> - incoming ServletRequest</dd>
<dd><code>response</code> - outgoing ServletResponse</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>true if the incoming request is an attempt to log in based, false otherwise</dd>
</dl>
</li>
</ul>
<a id="isLoginRequest(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>isLoginRequest</h4>
<pre class="methodSignature">protected final&nbsp;boolean&nbsp;isLoginRequest&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response)</pre>
<div class="block">Delegates to <a href="#isLoginAttempt(javax.servlet.ServletRequest,javax.servlet.ServletResponse)"><code>isLoginAttempt</code></a>.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="../AccessControlFilter.html#isLoginRequest(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">isLoginRequest</a></code>&nbsp;in class&nbsp;<code><a href="../AccessControlFilter.html" title="class in org.apache.shiro.web.filter">AccessControlFilter</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>request</code> - the incoming <code>ServletRequest</code></dd>
<dd><code>response</code> - the outgoing <code>ServletResponse</code></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><code>true</code> if the incoming request is a login request, <code>false</code> otherwise.</dd>
</dl>
</li>
</ul>
<a id="getAuthzHeader(javax.servlet.ServletRequest)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getAuthzHeader</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;getAuthzHeader&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request)</pre>
<div class="block">Returns the <a href="#AUTHORIZATION_HEADER"><code>AUTHORIZATION_HEADER</code></a> from the specified ServletRequest.
<p/>
This implementation merely casts the request to an <code>HttpServletRequest</code> and returns the header:
<p/>
<code>HttpServletRequest httpRequest = <a href="../../util/WebUtils.html#toHttp(javax.servlet.ServletRequest)"><code>toHttp(reaquest)</code></a>;<br/>
return httpRequest.getHeader(<a href="#AUTHORIZATION_HEADER"><code>AUTHORIZATION_HEADER</code></a>);</code></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>request</code> - the incoming <code>ServletRequest</code></dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the <code>Authorization</code> header's value.</dd>
</dl>
</li>
</ul>
<a id="isLoginAttempt(java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>isLoginAttempt</h4>
<pre class="methodSignature">protected&nbsp;boolean&nbsp;isLoginAttempt&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;authzHeader)</pre>
<div class="block">Default implementation that returns <code>true</code> if the specified <code>authzHeader</code>
starts with the same (case-insensitive) characters specified by the
<a href="#getAuthzScheme()"><code>authzScheme</code></a>, <code>false</code> otherwise.
<p/>
That is:
<p/>
<code>String authzScheme = getAuthzScheme().toLowerCase();<br/>
return authzHeader.toLowerCase().startsWith(authzScheme);</code></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>authzHeader</code> - the 'Authorization' header value (guaranteed to be non-null if the
<a href="#isLoginAttempt(javax.servlet.ServletRequest,javax.servlet.ServletResponse)"><code>isLoginAttempt(ServletRequest, ServletResponse)</code></a> method is not overriden).</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><code>true</code> if the authzHeader value matches that configured as defined by
the <a href="#getAuthzScheme()"><code>authzScheme</code></a>.</dd>
</dl>
</li>
</ul>
<a id="sendChallenge(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>sendChallenge</h4>
<pre class="methodSignature">protected&nbsp;boolean&nbsp;sendChallenge&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response)</pre>
<div class="block">Builds the challenge for authorization by setting a HTTP <code>401</code> (Unauthorized) status as well as the
response's <a href="#AUTHENTICATE_HEADER"><code>AUTHENTICATE_HEADER</code></a>.
<p/>
The header value constructed is equal to:
<p/>
<code><a href="#getAuthcScheme()"><code>getAuthcScheme()</code></a> + " realm=\"" + <a href="#getApplicationName()"><code>getApplicationName()</code></a> + "\"";</code></div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>request</code> - incoming ServletRequest, ignored by this implementation</dd>
<dd><code>response</code> - outgoing ServletResponse</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>false - this sends the challenge to be sent back</dd>
</dl>
</li>
</ul>
<a id="getPrincipalsAndCredentials(java.lang.String,javax.servlet.ServletRequest)">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>getPrincipalsAndCredentials</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>[]&nbsp;getPrincipalsAndCredentials&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;authorizationHeader,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request)</pre>
<div class="block">Returns the username obtained from the
<a href="#getAuthzHeader(javax.servlet.ServletRequest)"><code>authorizationHeader</code></a>.
<p/>
Once the <code>authzHeader</code> is split per the RFC (based on the space character ' '), the resulting split tokens
are translated into the username/password pair by the
<a href="#getPrincipalsAndCredentials(java.lang.String,java.lang.String)"><code>getPrincipalsAndCredentials(scheme,encoded)</code></a> method.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>authorizationHeader</code> - the authorization header obtained from the request.</dd>
<dd><code>request</code> - the incoming ServletRequest</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the username (index 0)/password pair (index 1) submitted by the user for the given header value and request.</dd>
<dt><span class="seeLabel">See Also:</span></dt>
<dd><a href="#getAuthzHeader(javax.servlet.ServletRequest)"><code>getAuthzHeader(ServletRequest)</code></a></dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>
<!-- ========= END OF CLASS DATA ========= -->
<footer role="contentinfo">
<nav role="navigation">
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a id="navbar.bottom">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/BearerHttpAuthenticationFilter.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li><a href="#field.detail">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</nav>
<p class="legalCopy"><small>Copyright &#169; 2004&#x2013;2020 <a href="https://www.apache.org/">The Apache Software Foundation</a>. All rights reserved.</small></p>
</footer>
</body>
</html>