1 package org.appfuse.webapp.interceptor; 2 3 import java.io.IOException ; 4 5 import javax.servlet.ServletException ; 6 import javax.servlet.http.HttpServletRequest ; 7 import javax.servlet.http.HttpServletResponse ; 8 9 import com.opensymphony.webwork.ServletActionContext; 10 import com.opensymphony.xwork.ActionInvocation; 11 import com.opensymphony.xwork.interceptor.Interceptor; 12 13 24 public class UserRoleAuthorizationInterceptor implements Interceptor { 25 private static final long serialVersionUID = 5067790608840427509L; 26 private String [] authorizedRoles; 27 28 public String intercept(ActionInvocation invocation) throws Exception { 29 HttpServletRequest request = ServletActionContext.getRequest(); 30 31 if (this.authorizedRoles != null) { 32 for (int i = 0; i < this.authorizedRoles.length; i++) { 33 if (request.isUserInRole(this.authorizedRoles[i])) { 34 return invocation.invoke(); 35 } 36 } 37 } 38 39 HttpServletResponse response = ServletActionContext.getResponse(); 40 handleNotAuthorized(request, response); 41 return null; 42 } 43 44 48 public final void setAuthorizedRoles(String [] authorizedRoles) { 49 this.authorizedRoles = authorizedRoles; 50 } 51 52 63 protected void handleNotAuthorized(HttpServletRequest request, 64 HttpServletResponse response) 65 throws ServletException , IOException { 66 response.sendError(HttpServletResponse.SC_FORBIDDEN); 67 } 68 69 public void destroy() { 70 } 71 72 public void init() { 73 } 74 } 75 | Popular Tags |