The javadoc of this class explains: The judgment condition of this filter is that the current user must be logged in or the principalCollection can be obtained through the remember me of the previous login , that is, it is necessary to know who the user is. Otherwise, it returns false , that is, it cannot pass this filter .
The source code is as follows:
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
if (isLoginRequest(request, response)) {
return true;
} else {
Subject subject = getSubject(request, response);
return subject.getPrincipal() != null;
}
}
Logically, if it is a login page, it will be released directly. If it is another resource, the principal of the current user must be obtained. This matches the favorite function of Taobao. It is possible to log in to the favorites with the filter, and the user name will be prompted on it, and this function can be realized by using this filter .
his onAccessDenied method
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
saveRequestAndRedirectToLogin(request, response);
return false;
}
The returned value is always false , but the current request information is saved.