org.jsecurity.web.filter.authc
Class AnonymousFilter

java.lang.Object
  org.jsecurity.web.servlet.ServletContextSupport
      org.jsecurity.web.servlet.OncePerRequestFilter
          org.jsecurity.web.servlet.AdviceFilter
              org.jsecurity.web.filter.PathMatchingFilter
                  org.jsecurity.web.filter.authc.AnonymousFilter

All Implemented Interfaces:

Filter, Nameable, PathConfigProcessor

public class AnonymousFilter
extends PathMatchingFilter

Filter that allows access to a path immeidately without performing security checks of any kind.

This filter is useful primarily in exclusionary policies, where you have defined a url pattern to require a certain security level, but maybe only subset of urls in that pattern should allow any access.

For example, if you had a user-only section of a website, you might want to require that access to any url in that section must be from an authenticated user.

Here is how that would look in the JSecurityFilter configuration:

[urls]
/user/** = authc

But if you wanted /user/signup/** to be available to anyone, you have to exclude that path since it is a subset of the first. This is where the AnonymousFilter ('anon') is useful:

[urls]
/user/signup/** = anon
/user/** = authc>

Since the url pattern definitions follow a 'first match wins' paradigm, the anon filter will match the /user/signup/** paths and the /user/** path chain will not be evaluated.

Since:

0.9

Author:

Jeremy Haile, Les Hazlewood

Field Summary

Fields inherited from class org.jsecurity.web.filter.PathMatchingFilter

appliedPaths, pathMatcher

Fields inherited from class org.jsecurity.web.servlet.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX, filterConfig

Fields inherited from class org.jsecurity.web.servlet.ServletContextSupport

HTTP_SESSION_MODE, JSECURITY_SESSION_MODE, SESSION_MODE_CONTEXT_PARAM_NAME

Constructor Summary

AnonymousFilter()

Method Summary

boolean

onPreHandle(ServletRequest request, ServletResponse response, Object mappedValue) Always returns true allowing unchecked access to the underlying path or resource.

Methods inherited from class org.jsecurity.web.filter.PathMatchingFilter

getPathWithinApplication, pathsMatch, pathsMatch, preHandle, processPathConfig

Methods inherited from class org.jsecurity.web.servlet.AdviceFilter

afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.jsecurity.web.servlet.OncePerRequestFilter

destroy, doFilter, getAlreadyFilteredAttributeName, getFilterConfig, getName, init, onFilterConfigSet, setFilterConfig, setName, shouldNotFilter

Methods inherited from class org.jsecurity.web.servlet.ServletContextSupport

bind, getAttribute, getContextInitParam, getServletContext, removeAttribute, setAttribute, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AnonymousFilter

public AnonymousFilter()

Method Detail

onPreHandle

public boolean onPreHandle(ServletRequest request,
                           ServletResponse response,
                           Object mappedValue)

Always returns true allowing unchecked access to the underlying path or resource.

Overrides:

onPreHandle in class PathMatchingFilter

Parameters:

request - the incoming ServletRequest

response - the outgoing ServletResponse

mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.

Returns:

true always, allowing unchecked access to the underlying path or resource.