Example 1 with FilterChainResolver
use of org.apache.shiro.web.filter.mgt.FilterChainResolver in project nutzboot by nutzam.
the class NbResourceBasedWebEnvironment method configure.
protected void configure() {
this.objects.clear();
WebSecurityManager securityManager = createWebSecurityManager();
setWebSecurityManager(securityManager);
String loginUrl = conf.get(ShiroEnvStarter.PROP_URL_LOGIN, "/user/login");
String unauthorizedUrl = conf.get(ShiroEnvStarter.PROP_URL_UNAUTH, "/user/login");
String logoutUrl = conf.get(ShiroEnvStarter.PROP_URL_LOGOUT_REDIRECT, "/");
for (Map.Entry<String, Filter> en : DefaultFilter.createInstanceMap(null).entrySet()) {
Filter filter = en.getValue();
if (filter instanceof LogoutFilter) {
((LogoutFilter) filter).setRedirectUrl(logoutUrl);
} else if (filter instanceof AuthenticatingFilter) {
((AuthenticatingFilter) filter).setLoginUrl(loginUrl);
} else if (filter instanceof AccessControlFilter) {
((AccessControlFilter) filter).setLoginUrl(unauthorizedUrl);
}
objects.put(en.getKey(), en.getValue());
}
for (String objectName : Strings.splitIgnoreBlank(conf.get("shiro.objects", ""))) {
objects.put(objectName, ioc.get(null, objectName));
}
FilterChainResolver resolver = createFilterChainResolver();
if (resolver != null) {
setFilterChainResolver(resolver);
}
NutShiro.DefaultLoginURL = loginUrl;
NutShiro.DefaultNoAuthURL = unauthorizedUrl;
}
Also used :
WebSecurityManager(org.apache.shiro.web.mgt.WebSecurityManager)
AuthenticatingFilter(org.apache.shiro.web.filter.authc.AuthenticatingFilter)
AccessControlFilter(org.apache.shiro.web.filter.AccessControlFilter)
AccessControlFilter(org.apache.shiro.web.filter.AccessControlFilter)
DefaultFilter(org.apache.shiro.web.filter.mgt.DefaultFilter)
Filter(javax.servlet.Filter)
LogoutFilter(org.apache.shiro.web.filter.authc.LogoutFilter)
AuthenticatingFilter(org.apache.shiro.web.filter.authc.AuthenticatingFilter)
FilterChainResolver(org.apache.shiro.web.filter.mgt.FilterChainResolver)
LogoutFilter(org.apache.shiro.web.filter.authc.LogoutFilter)
Map(java.util.Map)
Example 2 with FilterChainResolver
use of org.apache.shiro.web.filter.mgt.FilterChainResolver in project shiro by apache.
the class AbstractShiroFilter method getExecutionChain.
/**
* Returns the {@code FilterChain} to execute for the given request.
* <p/>
* The {@code origChain} argument is the
* original {@code FilterChain} supplied by the Servlet Container, but it may be modified to provide
* more behavior by pre-pending further chains according to the Shiro configuration.
* <p/>
* This implementation returns the chain that will actually be executed by acquiring the chain from a
* {@link #getFilterChainResolver() filterChainResolver}. The resolver determines exactly which chain to
* execute, typically based on URL configuration. If no chain is returned from the resolver call
* (returns {@code null}), then the {@code origChain} will be returned by default.
*
* @param request the incoming ServletRequest
* @param response the outgoing ServletResponse
* @param origChain the original {@code FilterChain} provided by the Servlet Container
* @return the {@link FilterChain} to execute for the given request
* @since 1.0
*/
protected FilterChain getExecutionChain(ServletRequest request, ServletResponse response, FilterChain origChain) {
FilterChain chain = origChain;
FilterChainResolver resolver = getFilterChainResolver();
if (resolver == null) {
log.debug("No FilterChainResolver configured. Returning original FilterChain.");
return origChain;
}
FilterChain resolved = resolver.getChain(request, response, origChain);
if (resolved != null) {
log.trace("Resolved a configured FilterChain for the current request.");
chain = resolved;
} else {
log.trace("No FilterChain configured for the current request. Using the default.");
}
return chain;
}
Also used :
FilterChainResolver(org.apache.shiro.web.filter.mgt.FilterChainResolver)
FilterChain(javax.servlet.FilterChain)
Example 3 with FilterChainResolver
use of org.apache.shiro.web.filter.mgt.FilterChainResolver in project shiro by apache.
the class FilterConfigTest method testWithConfig.
@Test
public void testWithConfig() throws Exception {
FilterChainResolver resolver = setupResolver();
HttpServletResponse response = createNiceMock(HttpServletResponse.class);
FilterChain chain = createNiceMock(FilterChain.class);
HttpServletRequest request = createMockRequest("/index2.html");
FilterChain resolved = resolver.getChain(request, response, chain);
assertNotNull(resolved);
verify(request);
}
Also used :
HttpServletRequest(javax.servlet.http.HttpServletRequest)
FilterChainResolver(org.apache.shiro.web.filter.mgt.FilterChainResolver)
FilterChain(javax.servlet.FilterChain)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
Test(org.junit.Test)
ShiroModuleTest(org.apache.shiro.guice.ShiroModuleTest)
Example 4 with FilterChainResolver
use of org.apache.shiro.web.filter.mgt.FilterChainResolver in project shiro by apache.
the class ShiroWebModuleTest method testAddFilterChainGuice3and4.
/**
* @since 1.4
*/
@Test
public void testAddFilterChainGuice3and4() {
final ShiroModuleTest.MockRealm mockRealm = createMock(ShiroModuleTest.MockRealm.class);
ServletContext servletContext = createMock(ServletContext.class);
HttpServletRequest request = createMock(HttpServletRequest.class);
servletContext.setAttribute(eq(EnvironmentLoader.ENVIRONMENT_ATTRIBUTE_KEY), EasyMock.anyObject());
expect(request.getAttribute("javax.servlet.include.context_path")).andReturn("").anyTimes();
expect(request.getCharacterEncoding()).andReturn("UTF-8").anyTimes();
expect(request.getAttribute("javax.servlet.include.request_uri")).andReturn("/test_authc");
expect(request.getAttribute("javax.servlet.include.request_uri")).andReturn("/test_custom_filter");
expect(request.getAttribute("javax.servlet.include.request_uri")).andReturn("/test_authc_basic");
expect(request.getAttribute("javax.servlet.include.request_uri")).andReturn("/test_perms");
expect(request.getAttribute("javax.servlet.include.request_uri")).andReturn("/multiple_configs");
replay(servletContext, request);
Injector injector = Guice.createInjector(new ShiroWebModule(servletContext) {
@Override
protected void configureShiroWeb() {
bindRealm().to(ShiroModuleTest.MockRealm.class);
expose(FilterChainResolver.class);
this.addFilterChain("/test_authc/**", filterConfig(AUTHC));
this.addFilterChain("/test_custom_filter/**", Key.get(CustomFilter.class));
this.addFilterChain("/test_authc_basic/**", AUTHC_BASIC);
this.addFilterChain("/test_perms/**", filterConfig(PERMS, "remote:invoke:lan,wan"));
this.addFilterChain("/multiple_configs/**", filterConfig(AUTHC), filterConfig(ROLES, "b2bClient"), filterConfig(PERMS, "remote:invoke:lan,wan"));
}
@Provides
public ShiroModuleTest.MockRealm createRealm() {
return mockRealm;
}
});
FilterChainResolver resolver = injector.getInstance(FilterChainResolver.class);
assertThat(resolver, instanceOf(SimpleFilterChainResolver.class));
SimpleFilterChainResolver simpleFilterChainResolver = (SimpleFilterChainResolver) resolver;
// test the /test_authc resource
FilterChain filterChain = simpleFilterChainResolver.getChain(request, null, null);
assertThat(filterChain, instanceOf(SimpleFilterChain.class));
Filter nextFilter = getNextFilter((SimpleFilterChain) filterChain);
assertThat(nextFilter, instanceOf(FormAuthenticationFilter.class));
// test the /test_custom_filter resource
filterChain = simpleFilterChainResolver.getChain(request, null, null);
assertThat(filterChain, instanceOf(SimpleFilterChain.class));
nextFilter = getNextFilter((SimpleFilterChain) filterChain);
assertThat(nextFilter, instanceOf(CustomFilter.class));
// test the /test_authc_basic resource
filterChain = simpleFilterChainResolver.getChain(request, null, null);
assertThat(filterChain, instanceOf(SimpleFilterChain.class));
nextFilter = getNextFilter((SimpleFilterChain) filterChain);
assertThat(nextFilter, instanceOf(BasicHttpAuthenticationFilter.class));
// test the /test_perms resource
filterChain = simpleFilterChainResolver.getChain(request, null, null);
assertThat(filterChain, instanceOf(SimpleFilterChain.class));
nextFilter = getNextFilter((SimpleFilterChain) filterChain);
assertThat(nextFilter, instanceOf(PermissionsAuthorizationFilter.class));
// test the /multiple_configs resource
filterChain = simpleFilterChainResolver.getChain(request, null, null);
assertThat(filterChain, instanceOf(SimpleFilterChain.class));
assertThat(getNextFilter((SimpleFilterChain) filterChain), instanceOf(FormAuthenticationFilter.class));
assertThat(getNextFilter((SimpleFilterChain) filterChain), instanceOf(RolesAuthorizationFilter.class));
assertThat(getNextFilter((SimpleFilterChain) filterChain), instanceOf(PermissionsAuthorizationFilter.class));
verify(servletContext, request);
}
Also used :
FilterChainResolver(org.apache.shiro.web.filter.mgt.FilterChainResolver)
FormAuthenticationFilter(org.apache.shiro.web.filter.authc.FormAuthenticationFilter)
FilterChain(javax.servlet.FilterChain)
Provides(com.google.inject.Provides)
BasicHttpAuthenticationFilter(org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter)
HttpServletRequest(javax.servlet.http.HttpServletRequest)
BasicHttpAuthenticationFilter(org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter)
RolesAuthorizationFilter(org.apache.shiro.web.filter.authz.RolesAuthorizationFilter)
Filter(javax.servlet.Filter)
PermissionsAuthorizationFilter(org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter)
FormAuthenticationFilter(org.apache.shiro.web.filter.authc.FormAuthenticationFilter)
Injector(com.google.inject.Injector)
ServletContext(javax.servlet.ServletContext)
RolesAuthorizationFilter(org.apache.shiro.web.filter.authz.RolesAuthorizationFilter)
ShiroModuleTest(org.apache.shiro.guice.ShiroModuleTest)
PermissionsAuthorizationFilter(org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter)
Test(org.junit.Test)
ShiroModuleTest(org.apache.shiro.guice.ShiroModuleTest)
Example 5 with FilterChainResolver
use of org.apache.shiro.web.filter.mgt.FilterChainResolver in project shiro by apache.
the class WebGuiceEnvironmentTest method testConstructor.
@Test
public void testConstructor() {
WebSecurityManager securityManager = createMock(WebSecurityManager.class);
FilterChainResolver filterChainResolver = createMock(FilterChainResolver.class);
ServletContext servletContext = createMock(ServletContext.class);
Capture<WebGuiceEnvironment> capture = new Capture<WebGuiceEnvironment>();
servletContext.setAttribute(eq(EnvironmentLoaderListener.ENVIRONMENT_ATTRIBUTE_KEY), and(anyObject(WebGuiceEnvironment.class), capture(capture)));
replay(servletContext, securityManager, filterChainResolver);
WebGuiceEnvironment underTest = new WebGuiceEnvironment(filterChainResolver, servletContext, securityManager);
assertSame(securityManager, underTest.getSecurityManager());
assertSame(filterChainResolver, underTest.getFilterChainResolver());
assertSame(securityManager, underTest.getWebSecurityManager());
assertSame(servletContext, underTest.getServletContext());
assertSame(underTest, capture.getValue());
verify(servletContext);
}
Also used :
WebSecurityManager(org.apache.shiro.web.mgt.WebSecurityManager)
FilterChainResolver(org.apache.shiro.web.filter.mgt.FilterChainResolver)
ServletContext(javax.servlet.ServletContext)
Capture(org.easymock.Capture)
Test(org.junit.Test)
Aggregations
FilterChainResolver (org.apache.shiro.web.filter.mgt.FilterChainResolver)14
Test (org.junit.Test)7
FilterChain (javax.servlet.FilterChain)5
HttpServletRequest (javax.servlet.http.HttpServletRequest)4
ShiroModuleTest (org.apache.shiro.guice.ShiroModuleTest)4
WebSecurityManager (org.apache.shiro.web.mgt.WebSecurityManager)4
Injector (com.google.inject.Injector)3
Filter (javax.servlet.Filter)3
ServletContext (javax.servlet.ServletContext)3
Provides (com.google.inject.Provides)2
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
Ini (org.apache.shiro.config.Ini)2
IniFilterChainResolverFactory (org.apache.shiro.web.config.IniFilterChainResolverFactory)2
BasicHttpAuthenticationFilter (org.apache.shiro.web.filter.authc.BasicHttpAuthenticationFilter)2
FormAuthenticationFilter (org.apache.shiro.web.filter.authc.FormAuthenticationFilter)2
PermissionsAuthorizationFilter (org.apache.shiro.web.filter.authz.PermissionsAuthorizationFilter)2
RolesAuthorizationFilter (org.apache.shiro.web.filter.authz.RolesAuthorizationFilter)2
Field (java.lang.reflect.Field)1
Map (java.util.Map)1
IniFactorySupport (org.apache.shiro.config.IniFactorySupport)1
