This class is also the implementation class of AdviceFilter , let's take a look at his preHandle method first
protected boolean preHandle(ServletRequest request, ServletResponse response) throws Exception {
if (this.appliedPaths == null || this.appliedPaths.isEmpty()) {
if (log.isTraceEnabled()) {
log.trace("appliedPaths property is null or empty. This Filter will passthrough immediately.");
}
return true;
}
for (String path : this.appliedPaths.keySet()) {
// If the path does match, then pass on to the subclass implementation for specific checks
//(first match 'wins'):
if (pathsMatch(path, request)) {
log.trace("Current requestURI matches pattern '{}'. Determining filter chain execution...", path);
Object config = this.appliedPaths.get(path);
return isFilterChainContinued(request, response, path, config);
}
}
//no path matched, allow the request to go through:
return true;
}
The attribute appliedPaths of this class represents the path configured during the configuration of our shiroFilterFactoryBean =filter[param1,param2] , an array of paths and params . In the above method, if we do not configure any path, the diameter will be released. Of course, this judgment will not happen, because the premise of calling this filter is that the corresponding path has been configured. The param here can represent anything, depending on your code. For example, if you decide to hard-code the permissions required by an access path lock in the configuration, you can use this param to represent the permissions.
Then according to the configured path and the path of this visit, in the first matching path, obtain the parameters corresponding to this path, and then call the isFilterChainContinued method. The source code is as follows:
private boolean isFilterChainContinued(ServletRequest request, ServletResponse response,
String path, Object pathConfig) throws Exception {
if (isEnabled(request, response, path, pathConfig)) { //Whether the current filter is available, the default is available. If it is not available, it returns true directly, indicating that the remaining filters will continue to be executed.
if (log.isTraceEnabled()) {
log.trace("Filter '{}' is enabled for the current request under path '{}' with config [{}]. " +
"Delegating to subclass implementation for 'onPreHandle' check.",
new Object[]{getName(), path, pathConfig});
}
//The filter is enabled for this specific request, so delegate to subclass implementations
//so they can decide if the request should continue through the chain or not:
return onPreHandle(request, response, pathConfig);//The final decision is in this method, and the configured parameters are passed in.
}
if (log.isTraceEnabled()) {
log.trace("Filter '{}' is disabled for the current request under path '{}' with config [{}]. " +
"The next element in the FilterChain will be called immediately.",
new Object[]{getName(), path, pathConfig});
}
//This filter is disabled for this specific request,
//return 'true' immediately to indicate that the filter will not process the request
//and let the request/response to continue through the filter chain:
return true;
}
Through the above code, we know that whether the subsequent code (including the remaining filter and servlet ) can be executed ultimately depends on the onpreHandle method, so the class that inherits this class only needs to implement this method.
But this class has a bad place. It uses the configured param parameters in onPreHandle . If we use these parameters, the program's permission configuration is not flexible enough. For example, our access permissions may not be fixed, but can be Configured at runtime, so it cannot be passed through param . So I don't think it's necessary to use these parameters at work. When calling the permission to check whether a certain path can be accessed, it is enough to query the permission of the path + the permission of the current user from the database (or other storage).
However, under certain conditions, the access rights of certain paths are fixed, so we can use the inherited class of this class, which is more convenient.
Continue to look at its inherited classes, which have these:
·AccessControlFilter
·AnonymousFilter
`NoSessionCreationFilter