com.interface21.web.servlet.support
Class UserRoleAuthorizationInterceptor

java.lang.Object
  |
  +--com.interface21.web.servlet.support.UserRoleAuthorizationInterceptor
All Implemented Interfaces:
HandlerInterceptor

public class UserRoleAuthorizationInterceptor
extends java.lang.Object
implements HandlerInterceptor

Interceptor that checks the authorization of the current user via the user's roles, as evaluated by HttpServletRequest's isUserInRole method.

Since:
20.06.2003
Author:
Juergen Hoeller
See Also:
HttpServletRequest.isUserInRole(java.lang.String)

Constructor Summary
UserRoleAuthorizationInterceptor()
           
 
Method Summary
protected  void handleNotAuthorized(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.Object handler)
          Handle a request that is not authorized according to this interceptor.
 boolean preHandle(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.Object handler)
          Intercept the execution of a handler.
 void setAuthorizedRoles(java.lang.String[] authorizedRoles)
          Set the roles that this interceptor should treat as authorized.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UserRoleAuthorizationInterceptor

public UserRoleAuthorizationInterceptor()
Method Detail

setAuthorizedRoles

public final void setAuthorizedRoles(java.lang.String[] authorizedRoles)
Set the roles that this interceptor should treat as authorized.
Parameters:
authorizedRoles - array of role names

preHandle

public final boolean preHandle(javax.servlet.http.HttpServletRequest request,
                               javax.servlet.http.HttpServletResponse response,
                               java.lang.Object handler)
                        throws javax.servlet.ServletException,
                               java.io.IOException
Description copied from interface: HandlerInterceptor
Intercept the execution of a handler. Called after HandlerMapping determined an appropriate handler object, but before HandlerAdapter invokes the handler.

DispatcherServlet processes a handler in an execution chain, consisting of any number of interceptors, with the handler itself at the end. Each interceptor can decide to abort the execution chain, typically sending a HTTP error or writing a custom response.

Specified by:
preHandle in interface HandlerInterceptor
Following copied from interface: com.interface21.web.servlet.HandlerInterceptor
Parameters:
request - current HTTP request
response - current HTTP response
handler - chosen handler to execute, for type and/or instance evaluation
Returns:
if the execution chain should proceed with the next interceptor resp. the handler itself, else DispatcherServlet assumes that this interceptor has already dealed with the response
Throws:
javax.servlet.ServletException - if there is an internal error
java.io.IOException - in case of an I/O error when writing the response

handleNotAuthorized

protected void handleNotAuthorized(javax.servlet.http.HttpServletRequest request,
                                   javax.servlet.http.HttpServletResponse response,
                                   java.lang.Object handler)
                            throws javax.servlet.ServletException,
                                   java.io.IOException
Handle a request that is not authorized according to this interceptor. Default implementation sends HTTP status code 403 ("forbidden").

This method can be overridden to write a custom message, forward or redirect to some error page or login page, or throw a ServletException.

Parameters:
request - current HTTP request
response - current HTTP response
handler - chosen handler to execute, for type and/or instance evaluation
Throws:
javax.servlet.ServletException - if there is an internal error
java.io.IOException - in case of an I/O error when writing the response


Rod Johnson and Spring contributors 2001-2003.