KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > apache > struts > chain > AbstractAuthorizeAction


1 /*
2  * Copyright 2003,2004 The Apache Software Foundation.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */

16
17 package org.apache.struts.chain;
18
19
20 import org.apache.commons.chain.Command;
21 import org.apache.commons.chain.Context;
22 import org.apache.commons.logging.Log;
23 import org.apache.commons.logging.LogFactory;
24 import org.apache.struts.action.ActionServlet;
25 import org.apache.struts.config.ActionConfig;
26 import org.apache.struts.util.MessageResources;
27
28
29 /**
30  * <p>Determine whether the requested action is authorized for the current
31  * user. If not, abort chain processing and perferably, return an error
32  * message of some kind.</p>
33  *
34  * @author Don Brown
35  * @version $Rev: 54933 $ $Date: 2004-10-16 18:04:52 +0100 (Sat, 16 Oct 2004) $
36  */

37
38 public abstract class AbstractAuthorizeAction implements Command {
39
40
41     // ------------------------------------------------------ Instance Variables
42

43
44     private String JavaDoc actionConfigKey = Constants.ACTION_CONFIG_KEY;
45     private String JavaDoc actionServletKey = Constants.ACTION_SERVLET_KEY;
46     
47     private static final Log log =
48         LogFactory.getLog(AbstractAuthorizeAction.class);
49
50
51     // -------------------------------------------------------------- Properties
52

53
54     /**
55      * <p>Return the context attribute key under which the
56      * <code>ActionConfig</code> for the currently selected application
57      * action is stored.</p>
58      */

59     public String JavaDoc getActionConfigKey() {
60
61         return (this.actionConfigKey);
62
63     }
64
65
66     /**
67      * <p>Set the context attribute key under which the
68      * <code>ActionConfig</code> for the currently selected application
69      * action is stored.</p>
70      *
71      * @param actionConfigKey The new context attribute key
72      */

73     public void setActionConfigKey(String JavaDoc actionConfigKey) {
74
75         this.actionConfigKey = actionConfigKey;
76
77     }
78     
79     
80     /**
81      * <p>Return the context attribute key under which the
82      * <code>ActionServlet</code> for the currently selected application
83      * action is stored.</p>
84      */

85     public String JavaDoc getActionServletKey() {
86
87         return (this.actionServletKey);
88
89     }
90
91
92     /**
93      * <p>Set the context attribute key under which the
94      * <code>ActionServlet</code> for the currently selected application
95      * action is stored.</p>
96      *
97      * @param actionServletKey The new context attribute key
98      */

99     public void setActionServletKey(String JavaDoc actionServletKey) {
100
101         this.actionServletKey = actionServletKey;
102
103     }
104
105
106     // ---------------------------------------------------------- Public Methods
107

108
109     /**
110      * <p>Determine whether the requested action is authorized for the current
111      * user. If not, abort chain processing and perferably, return an error
112      * message of some kind.</p>
113      *
114      * @param context The <code>Context</code> for the current request
115      *
116      * @return <code>false</code> if the user is authorized for the selected
117      * action, else <code>true</code> to abort processing.
118      */

119     public boolean execute(Context context) throws Exception JavaDoc {
120
121         // Retrieve ActionConfig
122
ActionConfig actionConfig = (ActionConfig)
123             context.get(getActionConfigKey());
124             
125         // Is this action protected by role requirements?
126
String JavaDoc roles[] = actionConfig.getRoleNames();
127         if ((roles == null) || (roles.length < 1)) {
128             return (false);
129         }
130         
131         boolean throwEx = false;
132         try {
133             throwEx = !(isAuthorized(context, roles, actionConfig));
134         }
135         catch (Exception JavaDoc ex) {
136             throwEx = true;
137             log.error("Unable to complete authorization process", ex);
138         }
139         
140         if (throwEx) {
141             // Retrieve internal message resources
142
ActionServlet servlet =
143                 (ActionServlet) context.get(actionServletKey);
144             MessageResources resources = servlet.getInternal();
145             
146             // The current user is not authorized for this action
147
throw new UnauthorizedActionException(
148                 resources.getMessage("notAuthorized",
149                 actionConfig.getPath()));
150         } else {
151             return (false);
152         }
153         
154     }
155     
156     
157     // ------------------------------------------------------- Protected Methods
158

159     
160     /**
161      * <p>Determine if the action is authorized for the given roles.</p>
162      *
163      * @param context The <code>Context</code> for the current request
164      * @param roles An array of valid roles for this request
165      * @param actionConfig The current action mapping
166      *
167      * @return <code>true</code> if the request is authorized, else
168      * <code>false</code>
169      * @exception Exception If the action cannot be tested for authorization
170      */

171     protected abstract boolean isAuthorized(Context context, String JavaDoc[] roles,
172                                             ActionConfig actionConfig)
173               throws Exception JavaDoc;
174
175 }
176
Popular Tags