org.jsecurity.web.filter.authz
Class AuthorizationFilter
java.lang.Object
org.jsecurity.web.servlet.ServletContextSupport
org.jsecurity.web.servlet.OncePerRequestFilter
org.jsecurity.web.servlet.AdviceFilter
org.jsecurity.web.filter.PathMatchingFilter
org.jsecurity.web.filter.AccessControlFilter
org.jsecurity.web.filter.authz.AuthorizationFilter
- All Implemented Interfaces:
- Filter, Nameable, PathConfigProcessor
- Direct Known Subclasses:
- PermissionsAuthorizationFilter, RolesAuthorizationFilter
public abstract class AuthorizationFilter
- extends AccessControlFilter
Superclass for authorization-related filters. For unauthorized requests, this filter redirects to the
login page if the current user is unknown (i.e. not authenticated or remembered). If the user is known,
the filter redirects to an unauthorized URL or returns an unauthorized HTTP status code if no unauthorized
URL is specified.
- Since:
- 0.9
- Author:
- Les Hazlewood, Jeremy Haile
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
AuthorizationFilter
public AuthorizationFilter()
getUnauthorizedUrl
protected String getUnauthorizedUrl()
setUnauthorizedUrl
public void setUnauthorizedUrl(String unauthorizedUrl)
onAccessDenied
protected boolean onAccessDenied(ServletRequest request,
ServletResponse response)
throws IOException
- Description copied from class:
AccessControlFilter
- Processes requests where the subject was denied access as determined by the
isAccessAllowed
method.
- Specified by:
onAccessDenied in class AccessControlFilter
- Parameters:
request - the incoming ServletRequestresponse - the outgoing ServletResponse
- Returns:
true if the request should continue to be processed; false if the subclass will
handle/render the response directly.
- Throws:
IOException
Copyright © 2004-2008 JSecurity.