Package org.apache.struts.chain.commands
Class AbstractAuthorizeAction
java.lang.Object
org.apache.struts.chain.commands.ActionCommandBase
org.apache.struts.chain.commands.AbstractAuthorizeAction
- All Implemented Interfaces:
org.apache.commons.chain.Command<ActionContext>
,ActionCommand
- Direct Known Subclasses:
AuthorizeAction
Determine whether the requested action is authorized for the current user. If not, abort chain processing and perferably, return an error message of some kind.
- Version:
- $Rev$ $Date: 2005-11-12 13:01:44 -0500 (Sat, 12 Nov 2005) $
-
Field Summary
Fields inherited from interface org.apache.commons.chain.Command
CONTINUE_PROCESSING, PROCESSING_COMPLETE
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionprotected boolean
execute_
(ActionContext actionCtx) Determine whether the requested action is authorized for the current user.protected abstract String
getErrorMessage
(ActionContext context, ActionConfig actionConfig) Retrieve error message from context.protected boolean
isAuthorizationRequired
(ActionConfig actionConfig) Must authorization rules be consulted? The base implementation returnstrue
if the givenActionConfig
has one or more roles defined.protected abstract boolean
isAuthorized
(ActionContext context, String[] roles, ActionConfig actionConfig) Determine if the action is authorized for the given roles.Methods inherited from class org.apache.struts.chain.commands.ActionCommandBase
execute
-
Constructor Details
-
AbstractAuthorizeAction
public AbstractAuthorizeAction()
-
-
Method Details
-
execute_
Determine whether the requested action is authorized for the current user. If not, abort chain processing and perferably, return an error message of some kind.
- Specified by:
execute_
in classActionCommandBase
- Parameters:
actionCtx
- TheContext
for the current request- Returns:
false
if the user is authorized for the selected action, elsetrue
to abort processing.- Throws:
UnauthorizedActionException
- if authorization fails or if an error is encountered in the course of performing the authorization.Exception
- On any error
-
isAuthorizationRequired
Must authorization rules be consulted? The base implementation returns
true
if the givenActionConfig
has one or more roles defined.- Parameters:
actionConfig
- the current ActionConfig object- Returns:
- true if the
isAuthorized
method should be consulted.
-
isAuthorized
protected abstract boolean isAuthorized(ActionContext context, String[] roles, ActionConfig actionConfig) throws Exception Determine if the action is authorized for the given roles.
- Parameters:
context
- TheContext
for the current requestroles
- An array of valid roles for this requestactionConfig
- The current action mapping- Returns:
true
if the request is authorized, elsefalse
- Throws:
UnauthorizedActionException
- If the logic determines that the request is not authorized but does not wish to rely upon the default mechanism reporting the error.Exception
- If the action cannot be tested for authorization
-
getErrorMessage
Retrieve error message from context.
- Parameters:
context
- TheContext
for the current requestactionConfig
- The current action mapping- Returns:
- error message
-