All Downloads are FREE. Search and download functionalities are using the official Maven repository.

org.apache.shiro.biz.web.servlet.AuthenticatingHttpServlet Maven / Gradle / Ivy

There is a newer version: 2.0.0.RELEASE
Show newest version
package org.apache.shiro.biz.web.servlet;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.web.util.WebUtils;

import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

@SuppressWarnings("serial")
public abstract class AuthenticatingHttpServlet extends AbstractHttpServlet {
	
	/**
     * Simple default login URL equal to /login.jsp, which can be overridden by calling the
     * {@link #setLoginUrl(String) setLoginUrl} method.
     */
    public static final String DEFAULT_LOGIN_URL = "/login.jsp";

	public static final String DEFAULT_SUCCESS_URL = "/";
	
    /**
     * The login url to used to authenticate a user, used when redirecting users if authentication is required.
     */
    private String loginUrl = DEFAULT_LOGIN_URL;
    
    private String successUrl = DEFAULT_SUCCESS_URL;
    
    @Override
    public void init(ServletConfig config) throws ServletException {
    	super.init(config);
    	this.setLoginUrl(config.getInitParameter("loginUrl"));
		this.setSuccessUrl(config.getInitParameter("successUrl"));
    }
    
	@Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
    		throws ServletException, IOException {
		if(isAccessAllowed(request, response)){
			// 已登录会话直接进入主页
			issueSuccessRedirect(request, response);
			return;
		}
		onAccessDeniad(request, response);
	}
	
    /**
     * Redirects to user to the previously attempted URL after a successful login.  This implementation simply calls
     * {@link org.apache.shiro.web.util.WebUtils WebUtils}.{@link WebUtils#redirectToSavedRequest(javax.servlet.ServletRequest, javax.servlet.ServletResponse, String) redirectToSavedRequest}
     * using the {@link #getSuccessUrl() successUrl} as the {@code fallbackUrl} argument to that call.
     *
     * @param request  the incoming request
     * @param response the outgoing response
     * @throws IOException if there is a problem redirecting.
     */
    protected void issueSuccessRedirect(ServletRequest request, ServletResponse response) throws IOException {
        WebUtils.redirectToSavedRequest(request, response, getSuccessUrl());
    }

    /**
     * 

Convenience method for subclasses to use when a login redirect is required.

* This implementation simply calls {@link #saveRequest(javax.servlet.ServletRequest) saveRequest(request)} * and then {@link #redirectToLogin(javax.servlet.ServletRequest, javax.servlet.ServletResponse) redirectToLogin(request,response)}. * * @param request the incoming ServletRequest * @param response the outgoing ServletResponse * @throws IOException if an error occurs. */ protected void saveRequestAndRedirectToLogin(ServletRequest request, ServletResponse response) throws IOException { saveRequest(request); redirectToLogin(request, response); } /** *

Convenience method merely delegates to * {@link WebUtils#saveRequest(javax.servlet.ServletRequest) WebUtils.saveRequest(request)} to save the request * state for reuse later. This is mostly used to retain user request state when a redirect is issued to * return the user to their originally requested url/resource.

* If you need to save and then immediately redirect the user to login, consider using * {@link #saveRequestAndRedirectToLogin(javax.servlet.ServletRequest, javax.servlet.ServletResponse) * saveRequestAndRedirectToLogin(request,response)} directly. * * @param request the incoming ServletRequest to save for re-use later (for example, after a redirect). */ protected void saveRequest(ServletRequest request) { WebUtils.saveRequest(request); } /** *

Convenience method for subclasses that merely acquires the {@link #getLoginUrl() getLoginUrl} and redirects * the request to that url.

* N.B. If you want to issue a redirect with the intention of allowing the user to then return to their * originally requested URL, don't use this method directly. Instead you should call * {@link #saveRequestAndRedirectToLogin(javax.servlet.ServletRequest, javax.servlet.ServletResponse) * saveRequestAndRedirectToLogin(request,response)}, which will save the current request state so that it can * be reconstructed and re-used after a successful login. * * @param request the incoming ServletRequest * @param response the outgoing ServletResponse * @throws IOException if an error occurs. */ protected void redirectToLogin(ServletRequest request, ServletResponse response) throws IOException { String loginUrl = getLoginUrl(); WebUtils.issueRedirect(request, response, loginUrl); } /** * 判断是否允许访问 * @param request the incoming {@link ServletRequest} * @param response the outgoing {@link ServletResponse} * @return 是否允许访问 * @throws ServletException if an error occurs. * @throws IOException if an error occurs. */ protected boolean isAccessAllowed(ServletRequest request,ServletResponse response) throws ServletException, IOException { return SecurityUtils.getSubject().isAuthenticated(); } /** * 当访问被禁止时需要做的操作 * @param request the incoming {@link ServletRequest} * @param response the outgoing {@link ServletResponse} * @throws ServletException if an error occurs. * @throws IOException if an error occurs. */ protected void onAccessDeniad(ServletRequest request,ServletResponse response) throws ServletException, IOException{}; public String getLoginUrl() { return loginUrl; } public void setLoginUrl(String loginUrl) { this.loginUrl = loginUrl; } public String getSuccessUrl() { return successUrl; } public void setSuccessUrl(String successUrl) { this.successUrl = successUrl; } }




© 2015 - 2024 Weber Informatics LLC | Privacy Policy