UserRoleAuthorizationInterceptor


1   package org.appfuse.webapp.interceptor;
2   
3   import java.io.IOException  ;
4   
5   import javax.servlet.ServletException  ;
6   import javax.servlet.http.HttpServletRequest  ;
7   import javax.servlet.http.HttpServletResponse  ;
8   
9   import com.opensymphony.webwork.ServletActionContext;
10  import com.opensymphony.xwork.ActionInvocation;
11  import com.opensymphony.xwork.interceptor.Interceptor;
12  
13  /**
14   * Security interceptor checks to see if users are in the specified roles
15   * before proceeding.  Similar to Spring's UserRoleAuthorizationInterceptor.
16   *
17   * <p>
18   * <a HREF="UserRoleAuthorizationInterceptor.java.htm"><i>View Source</i></a>
19   * </p>
20   *
21   * @author <a HREF="mailto:matt@raibledesigns.com">Matt Raible</a>
22   * @see org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor
23   */
24  public class UserRoleAuthorizationInterceptor implements Interceptor {
25      private static final long serialVersionUID = 5067790608840427509L;
26      private String  [] authorizedRoles;
27  
28      public String   intercept(ActionInvocation invocation) throws Exception   {
29          HttpServletRequest   request = ServletActionContext.getRequest();
30  
31          if (this.authorizedRoles != null) {
32              for (int i = 0; i < this.authorizedRoles.length; i++) {
33                  if (request.isUserInRole(this.authorizedRoles[i])) {
34                      return invocation.invoke();
35                  }
36              }
37          }
38  
39          HttpServletResponse   response = ServletActionContext.getResponse();
40          handleNotAuthorized(request, response);
41          return null;
42      }
43  
44      /**
45       * Set the roles that this interceptor should treat as authorized.
46       * @param authorizedRoles array of role names
47       */
48      public final void setAuthorizedRoles(String  [] authorizedRoles) {
49          this.authorizedRoles = authorizedRoles;
50      }
51  
52      /**
53       * Handle a request that is not authorized according to this interceptor.
54       * Default implementation sends HTTP status code 403 ("forbidden").
55       * <p>This method can be overridden to write a custom message, forward or
56       * redirect to some error page or login page, or throw a ServletException.
57       * @param request current HTTP request
58       * @param response current HTTP response
59       * @param handler chosen handler to execute, for type and/or instance evaluation
60       * @throws javax.servlet.ServletException if there is an internal error
61       * @throws java.io.IOException in case of an I/O error when writing the response
62       */
63      protected void handleNotAuthorized(HttpServletRequest   request,
64                                         HttpServletResponse   response)
65      throws ServletException  , IOException   {
66          response.sendError(HttpServletResponse.SC_FORBIDDEN);
67      }
68      
69      public void destroy() {
70      }
71  
72      public void init() {
73      }
74  }
75
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags