Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.5.2 / shiro-web / apidocs / org / apache / shiro / web / filter / authz / HttpMethodPermissionFilter.html
blob: 84ae83f64cd1e959d07efbb6d42cd3573e7554af [file] [log] [blame]
<!DOCTYPE HTML>
<!-- NewPage -->
<html lang="en">
<head>
<!-- Generated by javadoc (11.0.6) on Mon Mar 23 13:35:05 EDT 2020 -->
<title>HttpMethodPermissionFilter (Apache Shiro :: Web 1.5.2 API)</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="dc.created" content="2020-03-23">
<link rel="stylesheet" type="text/css" href="../../../../../../stylesheet.css" title="Style">
<link rel="stylesheet" type="text/css" href="../../../../../../jquery/jquery-ui.css" title="Style">
<script type="text/javascript" src="../../../../../../script.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jszip/dist/jszip.min.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jszip-utils/dist/jszip-utils.min.js"></script>
<!--[if IE]>
<script type="text/javascript" src="../../../../../../jquery/jszip-utils/dist/jszip-utils-ie.min.js"></script>
<![endif]-->
<script type="text/javascript" src="../../../../../../jquery/jquery-3.3.1.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jquery-migrate-3.0.1.js"></script>
<script type="text/javascript" src="../../../../../../jquery/jquery-ui.js"></script>
</head>
<body>
<script type="text/javascript"><!--
try {
if (location.href.indexOf('is-external=true') == -1) {
parent.document.title="HttpMethodPermissionFilter (Apache Shiro :: Web 1.5.2 API)";
}
}
catch(err) {
}
//-->
var data = {"i0":10,"i1":10,"i2":10,"i3":10,"i4":10,"i5":10};
var tabs = {65535:["t0","All Methods"],2:["t2","Instance Methods"],8:["t4","Concrete Methods"]};
var altColor = "altColor";
var rowColor = "rowColor";
var tableTab = "tableTab";
var activeTableTab = "activeTableTab";
var pathtoroot = "../../../../../../";
var useModuleDirectories = true;
loadScripts(document, 'script');</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
<header role="banner">
<nav role="navigation">
<div class="fixedNav">
<!-- ========= START OF TOP NAVBAR ======= -->
<div class="topNav"><a id="navbar.top">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.top" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.top.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/HttpMethodPermissionFilter.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_top">
<li><a href="../../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<ul class="navListSearch">
<li><label for="search">SEARCH:</label>
<input type="text" id="search" value="search" disabled="disabled">
<input type="reset" id="reset" value="reset" disabled="disabled">
</li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_top");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.top">
<!-- -->
</a></div>
<!-- ========= END OF TOP NAVBAR ========= -->
</div>
<div class="navPadding">&nbsp;</div>
<script type="text/javascript"><!--
$('.navPadding').css('padding-top', $('.fixedNav').css("height"));
//-->
</script>
</nav>
</header>
<!-- ======== START OF CLASS DATA ======== -->
<main role="main">
<div class="header">
<div class="subTitle"><span class="packageLabelInType">Package</span>&nbsp;<a href="package-summary.html">org.apache.shiro.web.filter.authz</a></div>
<h2 title="Class HttpMethodPermissionFilter" class="title">Class HttpMethodPermissionFilter</h2>
</div>
<div class="contentContainer">
<ul class="inheritance">
<li><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">java.lang.Object</a></li>
<li>
<ul class="inheritance">
<li><a href="../../servlet/ServletContextSupport.html" title="class in org.apache.shiro.web.servlet">org.apache.shiro.web.servlet.ServletContextSupport</a></li>
<li>
<ul class="inheritance">
<li><a href="../../servlet/AbstractFilter.html" title="class in org.apache.shiro.web.servlet">org.apache.shiro.web.servlet.AbstractFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="../../servlet/NameableFilter.html" title="class in org.apache.shiro.web.servlet">org.apache.shiro.web.servlet.NameableFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="../../servlet/OncePerRequestFilter.html" title="class in org.apache.shiro.web.servlet">org.apache.shiro.web.servlet.OncePerRequestFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="../../servlet/AdviceFilter.html" title="class in org.apache.shiro.web.servlet">org.apache.shiro.web.servlet.AdviceFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="../PathMatchingFilter.html" title="class in org.apache.shiro.web.filter">org.apache.shiro.web.filter.PathMatchingFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="../AccessControlFilter.html" title="class in org.apache.shiro.web.filter">org.apache.shiro.web.filter.AccessControlFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="AuthorizationFilter.html" title="class in org.apache.shiro.web.filter.authz">org.apache.shiro.web.filter.authz.AuthorizationFilter</a></li>
<li>
<ul class="inheritance">
<li><a href="PermissionsAuthorizationFilter.html" title="class in org.apache.shiro.web.filter.authz">org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter</a></li>
<li>
<ul class="inheritance">
<li>org.apache.shiro.web.filter.authz.HttpMethodPermissionFilter</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
<div class="description">
<ul class="blockList">
<li class="blockList">
<dl>
<dt>All Implemented Interfaces:</dt>
<dd><code><a href="https://docs.oracle.com/javaee/5/api/javax/servlet/Filter.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">Filter</a></code>, <code>org.apache.shiro.util.Nameable</code>, <code><a href="../PathConfigProcessor.html" title="interface in org.apache.shiro.web.filter">PathConfigProcessor</a></code></dd>
</dl>
<hr>
<pre>public class <a href="../../../../../../src-html/org/apache/shiro/web/filter/authz/HttpMethodPermissionFilter.html#line.78">HttpMethodPermissionFilter</a>
extends <a href="PermissionsAuthorizationFilter.html" title="class in org.apache.shiro.web.filter.authz">PermissionsAuthorizationFilter</a></pre>
<div class="block">A filter that translates an HTTP Request's Method (eg GET, POST, etc)
into an corresponding action (verb) and uses that verb to construct a permission that will be checked to determine
access.
<p/>
This Filter is primarily provided to support REST environments where the type (Method)
of request translates to an action being performed on one or more resources. This paradigm works well with Shiro's
concepts of using permissions for access control and can be leveraged to easily perform permission checks.
<p/>
This filter functions as follows:
<ol>
<li>The incoming HTTP request's Method (GET, POST, PUT, DELETE, etc) is discovered.</li>
<li>The Method is translated into a more 'application friendly' verb, such as 'create', edit', 'delete', etc.</li>
<li>The verb is appended to any configured permissions for the
<a href="../PathMatchingFilter.html" title="class in org.apache.shiro.web.filter"><code>currently matching path</code></a>.</li>
<li>If the current <code>Subject</code> <code>isPermitted</code> to
perform the resolved action, the request is allowed to continue.</li>
</ol>
<p/>
For example, if the following filter chain was defined, where 'rest' was the name given to a filter instance of
this class:
<pre>
/user/** = rest[user]</pre>
Then an HTTP <code>GET</code> request to <code>/user/1234</code> would translate to the constructed permission
<code>user:read</code> (GET is mapped to the 'read' action) and execute the permission check
<code>Subject.isPermitted(&quot;user:read&quot;)</code> in order to allow the request to continue.
<p/>
Similarly, an HTTP <code>POST</code> to <code>/user</code> would translate to the constructed permission
<code>user:create</code> (POST is mapped to the 'create' action) and execute the permission check
<code>Subject.isPermitted(&quot;user:create&quot;)</code> in order to allow the request to continue.
<p/>
<h3>Method To Verb Mapping</h3>
The following table represents the default HTTP Method-to-action verb mapping:
<table>
<tr><th>HTTP Method</th><th>Mapped Action</th><th>Example Permission</th><th>Runtime Check</th></tr>
<tr><td>head</td><td>read</td><td>perm1</td><td>perm1:read</td></tr>
<tr><td>get</td><td>read</td><td>perm2</td><td>perm2:read</td></tr>
<tr><td>put</td><td>update</td><td>perm3</td><td>perm3:update</td></tr>
<tr><td>post</td><td>create</td><td>perm4</td><td>perm4:create</td></tr>
<tr><td>mkcol</td><td>create</td><td>perm5</td><td>perm5:create</td></tr>
<tr><td>options</td><td>read</td><td>perm6</td><td>perm6:read</td></tr>
<tr><td>trace</td><td>read</td><td>perm7</td><td>perm7:read</td></tr>
</table></div>
<dl>
<dt><span class="simpleTagLabel">Since:</span></dt>
<dd>1.0</dd>
</dl>
</li>
</ul>
</div>
<div class="summary">
<ul class="blockList">
<li class="blockList">
<!-- =========== FIELD SUMMARY =========== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="field.summary">
<!-- -->
</a>
<h3>Field Summary</h3>
<ul class="blockList">
<li class="blockList"><a id="fields.inherited.from.class.org.apache.shiro.web.filter.AccessControlFilter">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.shiro.web.filter.<a href="../AccessControlFilter.html" title="class in org.apache.shiro.web.filter">AccessControlFilter</a></h3>
<code><a href="../AccessControlFilter.html#DEFAULT_LOGIN_URL">DEFAULT_LOGIN_URL</a>, <a href="../AccessControlFilter.html#GET_METHOD">GET_METHOD</a>, <a href="../AccessControlFilter.html#POST_METHOD">POST_METHOD</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="fields.inherited.from.class.org.apache.shiro.web.filter.PathMatchingFilter">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.shiro.web.filter.<a href="../PathMatchingFilter.html" title="class in org.apache.shiro.web.filter">PathMatchingFilter</a></h3>
<code><a href="../PathMatchingFilter.html#appliedPaths">appliedPaths</a>, <a href="../PathMatchingFilter.html#pathMatcher">pathMatcher</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="fields.inherited.from.class.org.apache.shiro.web.servlet.OncePerRequestFilter">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/OncePerRequestFilter.html" title="class in org.apache.shiro.web.servlet">OncePerRequestFilter</a></h3>
<code><a href="../../servlet/OncePerRequestFilter.html#ALREADY_FILTERED_SUFFIX">ALREADY_FILTERED_SUFFIX</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="fields.inherited.from.class.org.apache.shiro.web.servlet.AbstractFilter">
<!-- -->
</a>
<h3>Fields inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/AbstractFilter.html" title="class in org.apache.shiro.web.servlet">AbstractFilter</a></h3>
<code><a href="../../servlet/AbstractFilter.html#filterConfig">filterConfig</a></code></li>
</ul>
</li>
</ul>
</section>
<!-- ======== CONSTRUCTOR SUMMARY ======== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.summary">
<!-- -->
</a>
<h3>Constructor Summary</h3>
<table class="memberSummary">
<caption><span>Constructors</span><span class="tabEnd">&nbsp;</span></caption>
<tr>
<th class="colFirst" scope="col">Constructor</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr class="altColor">
<th class="colConstructorName" scope="row"><code><span class="memberNameLink"><a href="#%3Cinit%3E()">HttpMethodPermissionFilter</a></span>()</code></th>
<td class="colLast">
<div class="block">Creates the filter instance with default method-to-action values in the instance's
<a href="#getHttpMethodActions()"><code>http method actions map</code></a>.</div>
</td>
</tr>
</table>
</li>
</ul>
</section>
<!-- ========== METHOD SUMMARY =========== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.summary">
<!-- -->
</a>
<h3>Method Summary</h3>
<table class="memberSummary">
<caption><span id="t0" class="activeTableTab"><span>All Methods</span><span class="tabEnd">&nbsp;</span></span><span id="t2" class="tableTab"><span><a href="javascript:show(2);">Instance Methods</a></span><span class="tabEnd">&nbsp;</span></span><span id="t4" class="tableTab"><span><a href="javascript:show(8);">Concrete Methods</a></span><span class="tabEnd">&nbsp;</span></span></caption>
<tr>
<th class="colFirst" scope="col">Modifier and Type</th>
<th class="colSecond" scope="col">Method</th>
<th class="colLast" scope="col">Description</th>
</tr>
<tr id="i0" class="altColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>[]</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#buildPermissions(java.lang.String%5B%5D,java.lang.String)">buildPermissions</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>[]&nbsp;configuredPerms,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;action)</code></th>
<td class="colLast">
<div class="block">Builds a new array of permission strings based on the original argument, appending the specified action verb
to each one per <code>WildcardPermission</code> conventions.</div>
</td>
</tr>
<tr id="i1" class="rowColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>[]</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#buildPermissions(javax.servlet.http.HttpServletRequest,java.lang.String%5B%5D,java.lang.String)">buildPermissions</a></span>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/http/HttpServletRequest.html?is-external=true" title="class or interface in javax.servlet.http" class="externalLink">HttpServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>[]&nbsp;configuredPerms,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;action)</code></th>
<td class="colLast">
<div class="block">Returns a collection of String permissions with which to perform a permission check to determine if the filter
will allow the request to continue.</div>
</td>
</tr>
<tr id="i2" class="altColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getHttpMethodAction(java.lang.String)">getHttpMethodAction</a></span>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;method)</code></th>
<td class="colLast">
<div class="block">Determines the corresponding application action that will be performed on the filtered resource based on the
specified HTTP method (GET, POST, etc).</div>
</td>
</tr>
<tr id="i3" class="rowColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a></code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getHttpMethodAction(javax.servlet.ServletRequest)">getHttpMethodAction</a></span>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request)</code></th>
<td class="colLast">
<div class="block">Determines the action (verb) attempting to be performed on the filtered resource by the current request.</div>
</td>
</tr>
<tr id="i4" class="altColor">
<td class="colFirst"><code>protected <a href="https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util" class="externalLink">Map</a>&lt;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>,&#8203;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&gt;</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#getHttpMethodActions()">getHttpMethodActions</a></span>()</code></th>
<td class="colLast">
<div class="block">Returns the HTTP Method name (key) to action verb (value) mapping used to resolve actions based on an
incoming <code>HttpServletRequest</code>.</div>
</td>
</tr>
<tr id="i5" class="rowColor">
<td class="colFirst"><code>boolean</code></td>
<th class="colSecond" scope="row"><code><span class="memberNameLink"><a href="#isAccessAllowed(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)">isAccessAllowed</a></span>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;mappedValue)</code></th>
<td class="colLast">
<div class="block">Resolves an 'application friendly' action verb based on the <code>HttpServletRequest</code>'s method, appends that
action to each configured permission (the <code>mappedValue</code> argument is a <code>String[]</code> array), and
delegates the permission check for the newly constructed permission(s) to the superclass
<a href="PermissionsAuthorizationFilter.html#isAccessAllowed(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)"><code>isAccessAllowed</code></a>
implementation to perform the actual permission check.</div>
</td>
</tr>
</table>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.filter.authz.AuthorizationFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.filter.authz.<a href="AuthorizationFilter.html" title="class in org.apache.shiro.web.filter.authz">AuthorizationFilter</a></h3>
<code><a href="AuthorizationFilter.html#getUnauthorizedUrl()">getUnauthorizedUrl</a>, <a href="AuthorizationFilter.html#onAccessDenied(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">onAccessDenied</a>, <a href="AuthorizationFilter.html#setUnauthorizedUrl(java.lang.String)">setUnauthorizedUrl</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.filter.AccessControlFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.filter.<a href="../AccessControlFilter.html" title="class in org.apache.shiro.web.filter">AccessControlFilter</a></h3>
<code><a href="../AccessControlFilter.html#getLoginUrl()">getLoginUrl</a>, <a href="../AccessControlFilter.html#getSubject(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">getSubject</a>, <a href="../AccessControlFilter.html#isLoginRequest(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">isLoginRequest</a>, <a href="../AccessControlFilter.html#onAccessDenied(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)">onAccessDenied</a>, <a href="../AccessControlFilter.html#onPreHandle(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)">onPreHandle</a>, <a href="../AccessControlFilter.html#redirectToLogin(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">redirectToLogin</a>, <a href="../AccessControlFilter.html#saveRequest(javax.servlet.ServletRequest)">saveRequest</a>, <a href="../AccessControlFilter.html#saveRequestAndRedirectToLogin(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">saveRequestAndRedirectToLogin</a>, <a href="../AccessControlFilter.html#setLoginUrl(java.lang.String)">setLoginUrl</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.filter.PathMatchingFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.filter.<a href="../PathMatchingFilter.html" title="class in org.apache.shiro.web.filter">PathMatchingFilter</a></h3>
<code><a href="../PathMatchingFilter.html#getPathWithinApplication(javax.servlet.ServletRequest)">getPathWithinApplication</a>, <a href="../PathMatchingFilter.html#isEnabled(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.String,java.lang.Object)">isEnabled</a>, <a href="../PathMatchingFilter.html#pathsMatch(java.lang.String,java.lang.String)">pathsMatch</a>, <a href="../PathMatchingFilter.html#pathsMatch(java.lang.String,javax.servlet.ServletRequest)">pathsMatch</a>, <a href="../PathMatchingFilter.html#preHandle(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">preHandle</a>, <a href="../PathMatchingFilter.html#processPathConfig(java.lang.String,java.lang.String)">processPathConfig</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.servlet.AdviceFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/AdviceFilter.html" title="class in org.apache.shiro.web.servlet">AdviceFilter</a></h3>
<code><a href="../../servlet/AdviceFilter.html#afterCompletion(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Exception)">afterCompletion</a>, <a href="../../servlet/AdviceFilter.html#cleanup(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Exception)">cleanup</a>, <a href="../../servlet/AdviceFilter.html#doFilterInternal(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)">doFilterInternal</a>, <a href="../../servlet/AdviceFilter.html#executeChain(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)">executeChain</a>, <a href="../../servlet/AdviceFilter.html#postHandle(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">postHandle</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.servlet.OncePerRequestFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/OncePerRequestFilter.html" title="class in org.apache.shiro.web.servlet">OncePerRequestFilter</a></h3>
<code><a href="../../servlet/OncePerRequestFilter.html#doFilter(javax.servlet.ServletRequest,javax.servlet.ServletResponse,javax.servlet.FilterChain)">doFilter</a>, <a href="../../servlet/OncePerRequestFilter.html#getAlreadyFilteredAttributeName()">getAlreadyFilteredAttributeName</a>, <a href="../../servlet/OncePerRequestFilter.html#isEnabled()">isEnabled</a>, <a href="../../servlet/OncePerRequestFilter.html#isEnabled(javax.servlet.ServletRequest,javax.servlet.ServletResponse)">isEnabled</a>, <a href="../../servlet/OncePerRequestFilter.html#setEnabled(boolean)">setEnabled</a>, <a href="../../servlet/OncePerRequestFilter.html#shouldNotFilter(javax.servlet.ServletRequest)">shouldNotFilter</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.servlet.NameableFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/NameableFilter.html" title="class in org.apache.shiro.web.servlet">NameableFilter</a></h3>
<code><a href="../../servlet/NameableFilter.html#getName()">getName</a>, <a href="../../servlet/NameableFilter.html#setName(java.lang.String)">setName</a>, <a href="../../servlet/NameableFilter.html#toStringBuilder()">toStringBuilder</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.servlet.AbstractFilter">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/AbstractFilter.html" title="class in org.apache.shiro.web.servlet">AbstractFilter</a></h3>
<code><a href="../../servlet/AbstractFilter.html#destroy()">destroy</a>, <a href="../../servlet/AbstractFilter.html#getFilterConfig()">getFilterConfig</a>, <a href="../../servlet/AbstractFilter.html#getInitParam(java.lang.String)">getInitParam</a>, <a href="../../servlet/AbstractFilter.html#init(javax.servlet.FilterConfig)">init</a>, <a href="../../servlet/AbstractFilter.html#onFilterConfigSet()">onFilterConfigSet</a>, <a href="../../servlet/AbstractFilter.html#setFilterConfig(javax.servlet.FilterConfig)">setFilterConfig</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.org.apache.shiro.web.servlet.ServletContextSupport">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;org.apache.shiro.web.servlet.<a href="../../servlet/ServletContextSupport.html" title="class in org.apache.shiro.web.servlet">ServletContextSupport</a></h3>
<code><a href="../../servlet/ServletContextSupport.html#getContextAttribute(java.lang.String)">getContextAttribute</a>, <a href="../../servlet/ServletContextSupport.html#getContextInitParam(java.lang.String)">getContextInitParam</a>, <a href="../../servlet/ServletContextSupport.html#getServletContext()">getServletContext</a>, <a href="../../servlet/ServletContextSupport.html#removeContextAttribute(java.lang.String)">removeContextAttribute</a>, <a href="../../servlet/ServletContextSupport.html#setContextAttribute(java.lang.String,java.lang.Object)">setContextAttribute</a>, <a href="../../servlet/ServletContextSupport.html#setServletContext(javax.servlet.ServletContext)">setServletContext</a>, <a href="../../servlet/ServletContextSupport.html#toString()">toString</a></code></li>
</ul>
<ul class="blockList">
<li class="blockList"><a id="methods.inherited.from.class.java.lang.Object">
<!-- -->
</a>
<h3>Methods inherited from class&nbsp;java.lang.<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a></h3>
<code><a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#clone()" title="class or interface in java.lang" class="externalLink">clone</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#equals(java.lang.Object)" title="class or interface in java.lang" class="externalLink">equals</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#finalize()" title="class or interface in java.lang" class="externalLink">finalize</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#getClass()" title="class or interface in java.lang" class="externalLink">getClass</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#hashCode()" title="class or interface in java.lang" class="externalLink">hashCode</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notify()" title="class or interface in java.lang" class="externalLink">notify</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#notifyAll()" title="class or interface in java.lang" class="externalLink">notifyAll</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait()" title="class or interface in java.lang" class="externalLink">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait(long)" title="class or interface in java.lang" class="externalLink">wait</a>, <a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true#wait(long,int)" title="class or interface in java.lang" class="externalLink">wait</a></code></li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
<div class="details">
<ul class="blockList">
<li class="blockList">
<!-- ========= CONSTRUCTOR DETAIL ======== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="constructor.detail">
<!-- -->
</a>
<h3>Constructor Detail</h3>
<a id="&lt;init&gt;()">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>HttpMethodPermissionFilter</h4>
<pre>public&nbsp;<a href="../../../../../../src-html/org/apache/shiro/web/filter/authz/HttpMethodPermissionFilter.html#line.126">HttpMethodPermissionFilter</a>()</pre>
<div class="block">Creates the filter instance with default method-to-action values in the instance's
<a href="#getHttpMethodActions()"><code>http method actions map</code></a>.</div>
</li>
</ul>
</li>
</ul>
</section>
<!-- ============ METHOD DETAIL ========== -->
<section role="region">
<ul class="blockList">
<li class="blockList"><a id="method.detail">
<!-- -->
</a>
<h3>Method Detail</h3>
<a id="getHttpMethodActions()">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getHttpMethodActions</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/util/Map.html?is-external=true" title="class or interface in java.util" class="externalLink">Map</a>&lt;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>,&#8203;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&gt;&nbsp;<a href="../../../../../../src-html/org/apache/shiro/web/filter/authz/HttpMethodPermissionFilter.html#line.139">getHttpMethodActions</a>()</pre>
<div class="block">Returns the HTTP Method name (key) to action verb (value) mapping used to resolve actions based on an
incoming <code>HttpServletRequest</code>. All keys and values are lower-case. The
default key/value pairs are defined in the top class-level JavaDoc.</div>
<dl>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>the HTTP Method lower-case name (key) to lower-case action verb (value) mapping</dd>
</dl>
</li>
</ul>
<a id="getHttpMethodAction(javax.servlet.ServletRequest)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getHttpMethodAction</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;<a href="../../../../../../src-html/org/apache/shiro/web/filter/authz/HttpMethodPermissionFilter.html#line.152">getHttpMethodAction</a>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request)</pre>
<div class="block">Determines the action (verb) attempting to be performed on the filtered resource by the current request.
<p/>
This implementation expects the incoming request to be an <a href="https://docs.oracle.com/javaee/5/api/javax/servlet/http/HttpServletRequest.html?is-external=true" title="class or interface in javax.servlet.http" class="externalLink"><code>HttpServletRequest</code></a> and returns a mapped
action based on the HTTP request <a href="https://docs.oracle.com/javaee/5/api/javax/servlet/http/HttpServletRequest.html?is-external=true#getMethod()" title="class or interface in javax.servlet.http" class="externalLink"><code>method</code></a>.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>request</code> - to pull the method from.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>The string equivalent verb of the http method.</dd>
</dl>
</li>
</ul>
<a id="getHttpMethodAction(java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>getHttpMethodAction</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;<a href="../../../../../../src-html/org/apache/shiro/web/filter/authz/HttpMethodPermissionFilter.html#line.164">getHttpMethodAction</a>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;method)</pre>
<div class="block">Determines the corresponding application action that will be performed on the filtered resource based on the
specified HTTP method (GET, POST, etc).</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>method</code> - to be translated into the verb.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>The string equivalent verb of the method.</dd>
</dl>
</li>
</ul>
<a id="buildPermissions(javax.servlet.http.HttpServletRequest,java.lang.String[],java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>buildPermissions</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>[]&nbsp;<a href="../../../../../../src-html/org/apache/shiro/web/filter/authz/HttpMethodPermissionFilter.html#line.185">buildPermissions</a>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/http/HttpServletRequest.html?is-external=true" title="class or interface in javax.servlet.http" class="externalLink">HttpServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>[]&nbsp;configuredPerms,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;action)</pre>
<div class="block">Returns a collection of String permissions with which to perform a permission check to determine if the filter
will allow the request to continue.
<p/>
This implementation merely delegates to <a href="#buildPermissions(java.lang.String%5B%5D,java.lang.String)"><code>buildPermissions(String[], String)</code></a> and ignores the inbound
HTTP servlet request, but it can be overridden by subclasses for more complex request-specific building logic
if necessary.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>request</code> - the inbound HTTP request - ignored in this implementation, but available to
subclasses for more complex construction building logic if necessary</dd>
<dd><code>configuredPerms</code> - any url-specific permissions mapped to this filter in the URL rules mappings.</dd>
<dd><code>action</code> - the application-friendly action (verb) resolved based on the HTTP Method name.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>a collection of String permissions with which to perform a permission check to determine if the filter
will allow the request to continue.</dd>
</dl>
</li>
</ul>
<a id="buildPermissions(java.lang.String[],java.lang.String)">
<!-- -->
</a>
<ul class="blockList">
<li class="blockList">
<h4>buildPermissions</h4>
<pre class="methodSignature">protected&nbsp;<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>[]&nbsp;<a href="../../../../../../src-html/org/apache/shiro/web/filter/authz/HttpMethodPermissionFilter.html#line.217">buildPermissions</a>&#8203;(<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>[]&nbsp;configuredPerms,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/String.html?is-external=true" title="class or interface in java.lang" class="externalLink">String</a>&nbsp;action)</pre>
<div class="block">Builds a new array of permission strings based on the original argument, appending the specified action verb
to each one per <code>WildcardPermission</code> conventions. The
built permission strings will be the ones used at runtime during the permission check that determines if filter
access should be allowed to continue or not.
<p/>
For example, if the <code>configuredPerms</code> argument contains the following 3 permission strings:
<p/>
<ol>
<li>permission:one</li>
<li>permission:two</li>
<li>permission:three</li>
</ol>
And the action is <code>read</code>, then the return value will be:
<ol>
<li>permission:one:read</li>
<li>permission:two:read</li>
<li>permission:three:read</li>
</ol>
per <code>WildcardPermission</code> conventions. Subclasses
are of course free to override this method or the
<a href="#buildPermissions(javax.servlet.http.HttpServletRequest,java.lang.String%5B%5D,java.lang.String)"><code>buildPermissions</code></a> request
variant for custom building logic or with different permission formats.</div>
<dl>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>configuredPerms</code> - list of configuredPerms to be converted.</dd>
<dd><code>action</code> - the resolved action based on the request method to be appended to permission strings.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd>an array of permission strings with each element appended with the action.</dd>
</dl>
</li>
</ul>
<a id="isAccessAllowed(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)">
<!-- -->
</a>
<ul class="blockListLast">
<li class="blockList">
<h4>isAccessAllowed</h4>
<pre class="methodSignature">public&nbsp;boolean&nbsp;<a href="../../../../../../src-html/org/apache/shiro/web/filter/authz/HttpMethodPermissionFilter.html#line.258">isAccessAllowed</a>&#8203;(<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletRequest.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletRequest</a>&nbsp;request,
<a href="https://docs.oracle.com/javaee/5/api/javax/servlet/ServletResponse.html?is-external=true" title="class or interface in javax.servlet" class="externalLink">ServletResponse</a>&nbsp;response,
<a href="https://docs.oracle.com/javase/8/docs/api/java/lang/Object.html?is-external=true" title="class or interface in java.lang" class="externalLink">Object</a>&nbsp;mappedValue)
throws <a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io" class="externalLink">IOException</a></pre>
<div class="block">Resolves an 'application friendly' action verb based on the <code>HttpServletRequest</code>'s method, appends that
action to each configured permission (the <code>mappedValue</code> argument is a <code>String[]</code> array), and
delegates the permission check for the newly constructed permission(s) to the superclass
<a href="PermissionsAuthorizationFilter.html#isAccessAllowed(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)"><code>isAccessAllowed</code></a>
implementation to perform the actual permission check.</div>
<dl>
<dt><span class="overrideSpecifyLabel">Overrides:</span></dt>
<dd><code><a href="PermissionsAuthorizationFilter.html#isAccessAllowed(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)">isAccessAllowed</a></code>&nbsp;in class&nbsp;<code><a href="PermissionsAuthorizationFilter.html" title="class in org.apache.shiro.web.filter.authz">PermissionsAuthorizationFilter</a></code></dd>
<dt><span class="paramLabel">Parameters:</span></dt>
<dd><code>request</code> - the inbound <code>ServletRequest</code></dd>
<dd><code>response</code> - the outbound <code>ServletResponse</code></dd>
<dd><code>mappedValue</code> - the filter-specific config value mapped to this filter in the URL rules mappings.</dd>
<dt><span class="returnLabel">Returns:</span></dt>
<dd><code>true</code> if the request should proceed through the filter normally, <code>false</code> if the
request should be processed by this filter's
<a href="../AccessControlFilter.html#onAccessDenied(javax.servlet.ServletRequest,javax.servlet.ServletResponse,java.lang.Object)"><code>AccessControlFilter.onAccessDenied(ServletRequest,ServletResponse,Object)</code></a> method instead.</dd>
<dt><span class="throwsLabel">Throws:</span></dt>
<dd><code><a href="https://docs.oracle.com/javase/8/docs/api/java/io/IOException.html?is-external=true" title="class or interface in java.io" class="externalLink">IOException</a></code></dd>
</dl>
</li>
</ul>
</li>
</ul>
</section>
</li>
</ul>
</div>
</div>
</main>
<!-- ========= END OF CLASS DATA ========= -->
<footer role="contentinfo">
<nav role="navigation">
<!-- ======= START OF BOTTOM NAVBAR ====== -->
<div class="bottomNav"><a id="navbar.bottom">
<!-- -->
</a>
<div class="skipNav"><a href="#skip.navbar.bottom" title="Skip navigation links">Skip navigation links</a></div>
<a id="navbar.bottom.firstrow">
<!-- -->
</a>
<ul class="navList" title="Navigation">
<li><a href="../../../../../../index.html">Overview</a></li>
<li><a href="package-summary.html">Package</a></li>
<li class="navBarCell1Rev">Class</li>
<li><a href="class-use/HttpMethodPermissionFilter.html">Use</a></li>
<li><a href="package-tree.html">Tree</a></li>
<li><a href="../../../../../../deprecated-list.html">Deprecated</a></li>
<li><a href="../../../../../../index-all.html">Index</a></li>
<li><a href="../../../../../../help-doc.html">Help</a></li>
</ul>
</div>
<div class="subNav">
<ul class="navList" id="allclasses_navbar_bottom">
<li><a href="../../../../../../allclasses.html">All&nbsp;Classes</a></li>
</ul>
<div>
<script type="text/javascript"><!--
allClassesLink = document.getElementById("allclasses_navbar_bottom");
if(window==top) {
allClassesLink.style.display = "block";
}
else {
allClassesLink.style.display = "none";
}
//-->
</script>
<noscript>
<div>JavaScript is disabled on your browser.</div>
</noscript>
</div>
<div>
<ul class="subNavList">
<li>Summary:&nbsp;</li>
<li>Nested&nbsp;|&nbsp;</li>
<li><a href="#field.summary">Field</a>&nbsp;|&nbsp;</li>
<li><a href="#constructor.summary">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.summary">Method</a></li>
</ul>
<ul class="subNavList">
<li>Detail:&nbsp;</li>
<li>Field&nbsp;|&nbsp;</li>
<li><a href="#constructor.detail">Constr</a>&nbsp;|&nbsp;</li>
<li><a href="#method.detail">Method</a></li>
</ul>
</div>
<a id="skip.navbar.bottom">
<!-- -->
</a></div>
<!-- ======== END OF BOTTOM NAVBAR ======= -->
</nav>
<p class="legalCopy"><small>Copyright &#169; 2004&#x2013;2020 <a href="https://www.apache.org/">The Apache Software Foundation</a>. All rights reserved.</small></p>
</footer>
</body>
</html>