Creates a filter chain for the given
chainName with the specified
chainDefinitionString.
Conventional Use
Because the
FilterChainManager interface does not impose any restrictions on filter chain names,
(it expects only Strings), a convenient convention is to make the chain name an actual URL path expression
(such as an
org.apache.shiro.util.AntPathMatcher). For example:
createChain(path_expression, path_specific_filter_chain_definition);
This convention can be used by a
FilterChainResolver to inspect request URL paths
against the chain name (path) and, if a match is found, return the corresponding chain for runtime filtering.
Chain Definition Format
The
chainDefinition method argument is expected to conform to the following format:
filter1[optional_config1], filter2[optional_config2], ..., filterN[optional_configN]
where
-
filterN is the name of a filter previously
#addFilter(String,javax.servlet.Filter) with the manager, and
-
[optional_configN] is an optional bracketed string that has meaning for that particular filter for
this particular chain
If the filter does not need specific config for that chain name/URL path,
you may discard the brackets - that is,
filterN[] just becomes
filterN.
And because this method does create a chain, remember that order matters! The comma-delimited filter tokens in
the
chainDefinition specify the chain's execution order.
Examples
/account/** = authcBasic
This example says "Create a filter named '
/account/**' consisting of only the '
authcBasic'
filter". Also because the
authcBasic filter does not need any path-specific
config, it doesn't have any config brackets
[].
/remoting/** = authcBasic, roles[b2bClient], perms["remote:invoke:wan,lan"]
This example by contrast uses the 'roles' and 'perms' filters which
do use bracket notation. This
definition says:
Construct a filter chain named '
/remoting/**' which
- ensures the user is first authenticated (
authcBasic) then
- ensures that user has the
b2bClient role, and then finally
- ensures that they have the
remote:invoke:lan,wan permission.
Note: because elements within brackets [ ] can be comma-delimited themselves, you must quote the
internal bracket definition if commas are needed (the above example has 'lan,wan'). If we didn't do that, the
parser would interpret the chain definition as four tokens:
- authcBasic
- roles[b2bclient]
- perms[remote:invoke:lan
- wan]
which is obviously incorrect. So remember to use quotes if your internal bracket definitions need to use commas.