UserRoleAuthorizationInterceptor


1   /*
2    * Copyright 2002-2006 the original author or authors.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package org.springframework.web.portlet.handler;
18  
19  import java.io.IOException  ;
20  
21  import javax.portlet.PortletException;
22  import javax.portlet.PortletRequest;
23  import javax.portlet.PortletResponse;
24  import javax.portlet.PortletSecurityException;
25  
26  /**
27   * Interceptor that checks the authorization of the current user via the
28   * user's roles, as evaluated by PortletRequest's isUserInRole method.
29   *
30   * @author John A. Lewis
31   * @author Juergen Hoeller
32   * @since 2.0
33   * @see javax.portlet.PortletRequest#isUserInRole
34   */
35  public class UserRoleAuthorizationInterceptor extends HandlerInterceptorAdapter {
36  
37      private String  [] authorizedRoles;
38  
39  
40      /**
41       * Set the roles that this interceptor should treat as authorized.
42       * @param authorizedRoles array of role names
43       */
44      public final void setAuthorizedRoles(String  [] authorizedRoles) {
45          this.authorizedRoles = authorizedRoles;
46      }
47  
48  
49      public final boolean preHandle(PortletRequest request, PortletResponse response, Object   handler)
50              throws PortletException, IOException   {
51  
52          if (this.authorizedRoles != null) {
53              for (int i = 0; i < this.authorizedRoles.length; i++) {
54                  if (request.isUserInRole(this.authorizedRoles[i])) {
55                      return true;
56                  }
57              }
58          }
59          handleNotAuthorized(request, response, handler);
60          return false;
61      }
62  
63      /**
64       * Handle a request that is not authorized according to this interceptor.
65       * Default implementation throws a new PortletSecurityException.
66       * <p>This method can be overridden to write a custom message, forward or
67       * redirect to some error page or login page, or throw a PortletException.
68       * @param request current portlet request
69       * @param response current portlet response
70       * @param handler chosen handler to execute, for type and/or instance evaluation
71       * @throws javax.portlet.PortletException if there is an internal error
72       * @throws java.io.IOException in case of an I/O error when writing the response
73       */
74      protected void handleNotAuthorized(PortletRequest request, PortletResponse response, Object   handler)
75              throws PortletException, IOException   {
76  
77          throw new PortletSecurityException("Request not authorized");
78      }
79  
80  }
81
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags