/** * Returns {@code true} if this filter should filter the specified request, {@code false} if it should let the * request/response pass through immediately to the next element in the {@code FilterChain}. * <p/> * This default implementation merely returns the value of {@link #isEnabled() isEnabled()}, which is * {@code true} by default (to ensure the filter always executes by default), but it can be overridden by * subclasses for request-specific behavior if necessary. For example, a filter could be enabled or disabled * based on the request path being accessed. * <p/> * <b>Helpful Hint:</b> if your subclass extends {@link org.apache.shiro.web.filter.PathMatchingFilter PathMatchingFilter}, * you may wish to instead override the * {@link org.apache.shiro.web.filter.PathMatchingFilter#isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse, String, Object) * PathMatchingFilter.isEnabled(request,response,path,pathSpecificConfig)} * method if you want to make your enable/disable decision based on any path-specific configuration. * * @param request the incoming servlet request * @param response the outbound servlet response * @return {@code true} if this filter should filter the specified request, {@code false} if it should let the * request/response pass through immediately to the next element in the {@code FilterChain}. * @throws IOException in the case of any IO error * @throws ServletException in the case of any error * @see org.apache.shiro.web.filter.PathMatchingFilter#isEnabled(javax.servlet.ServletRequest, javax.servlet.ServletResponse, String, Object) * @since 1.2 */ @SuppressWarnings({"UnusedParameters"}) protected boolean isEnabled(ServletRequest request, ServletResponse response) throws ServletException, IOException { return isEnabled(); }
String alreadyFilteredAttributeName = getAlreadyFilteredAttributeName(); if ( request.getAttribute(alreadyFilteredAttributeName) != null ) { log.trace("Filter '{}' already executed. Proceeding without invoking this filter.", getName()); filterChain.doFilter(request, response); } else //noinspection deprecation if (/* added in 1.2: */ !isEnabled(request, response) || /* retain backwards compatibility: */ shouldNotFilter(request) ) { log.debug("Filter '{}' is not enabled for the current request. Proceeding without invoking this filter.", getName()); filterChain.doFilter(request, response); } else { log.trace("Filter '{}' not yet executed. Executing now.", getName()); request.setAttribute(alreadyFilteredAttributeName, Boolean.TRUE); doFilterInternal(request, response, filterChain); } finally {
/** * Return name of the request attribute that identifies that a request has already been filtered. * <p/> * The default implementation takes the configured {@link #getName() name} and appends "{@code .FILTERED}". * If the filter is not fully initialized, it falls back to the implementation's class name. * * @return the name of the request attribute that identifies that a request has already been filtered. * @see #getName * @see #ALREADY_FILTERED_SUFFIX */ protected String getAlreadyFilteredAttributeName() { String name = getName(); if (name == null) { name = getClass().getName(); } return name + ALREADY_FILTERED_SUFFIX; }