Class AbstractAuthorizeAction

java.lang.Object
org.apache.struts.chain.commands.ActionCommandBase
org.apache.struts.chain.commands.AbstractAuthorizeAction
All Implemented Interfaces:
org.apache.commons.chain.Command<ActionContext>, ActionCommand
Direct Known Subclasses:
AuthorizeAction

public abstract class AbstractAuthorizeAction extends ActionCommandBase

Determine whether the requested action is authorized for the current user. If not, abort chain processing and perferably, return an error message of some kind.

Version:
$Rev$ $Date: 2005-11-12 13:01:44 -0500 (Sat, 12 Nov 2005) $
  • Constructor Details

    • AbstractAuthorizeAction

      public AbstractAuthorizeAction()
  • Method Details

    • execute_

      protected boolean execute_(ActionContext actionCtx) throws Exception

      Determine whether the requested action is authorized for the current user. If not, abort chain processing and perferably, return an error message of some kind.

      Specified by:
      execute_ in class ActionCommandBase
      Parameters:
      actionCtx - The Context for the current request
      Returns:
      false if the user is authorized for the selected action, else true to abort processing.
      Throws:
      UnauthorizedActionException - if authorization fails or if an error is encountered in the course of performing the authorization.
      Exception - On any error
    • isAuthorizationRequired

      protected boolean isAuthorizationRequired(ActionConfig actionConfig)

      Must authorization rules be consulted? The base implementation returns true if the given ActionConfig has one or more roles defined.

      Parameters:
      actionConfig - the current ActionConfig object
      Returns:
      true if the isAuthorized method should be consulted.
    • isAuthorized

      protected abstract boolean isAuthorized(ActionContext context, String[] roles, ActionConfig actionConfig) throws Exception

      Determine if the action is authorized for the given roles.

      Parameters:
      context - The Context for the current request
      roles - An array of valid roles for this request
      actionConfig - The current action mapping
      Returns:
      true if the request is authorized, else false
      Throws:
      UnauthorizedActionException - If the logic determines that the request is not authorized but does not wish to rely upon the default mechanism reporting the error.
      Exception - If the action cannot be tested for authorization
    • getErrorMessage

      protected abstract String getErrorMessage(ActionContext context, ActionConfig actionConfig)

      Retrieve error message from context.

      Parameters:
      context - The Context for the current request
      actionConfig - The current action mapping
      Returns:
      error message