org.springframework.web.portlet.handler
Class UserRoleAuthorizationInterceptor

java.lang.Object
  extended by org.springframework.web.portlet.handler.HandlerInterceptorAdapter
      extended by org.springframework.web.portlet.handler.UserRoleAuthorizationInterceptor
All Implemented Interfaces:
HandlerInterceptor

public class UserRoleAuthorizationInterceptor
extends HandlerInterceptorAdapter

Interceptor that checks the authorization of the current user via the user's roles, as evaluated by PortletRequest's isUserInRole method.

Since:
2.0
Author:
John A. Lewis, Juergen Hoeller
See Also:
PortletRequest.isUserInRole(java.lang.String)

Constructor Summary
UserRoleAuthorizationInterceptor()
           
 
Method Summary
protected  void handleNotAuthorized(javax.portlet.PortletRequest request, javax.portlet.PortletResponse response, java.lang.Object handler)
          Handle a request that is not authorized according to this interceptor.
 boolean preHandle(javax.portlet.PortletRequest request, javax.portlet.PortletResponse response, java.lang.Object handler)
          Default callback that both preHandleRender and preHandleAction delegate to.
 void setAuthorizedRoles(java.lang.String[] authorizedRoles)
          Set the roles that this interceptor should treat as authorized.
 
Methods inherited from class org.springframework.web.portlet.handler.HandlerInterceptorAdapter
afterActionCompletion, afterCompletion, afterRenderCompletion, postHandleRender, preHandleAction, preHandleRender
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

UserRoleAuthorizationInterceptor

public UserRoleAuthorizationInterceptor()
Method Detail

setAuthorizedRoles

public final void setAuthorizedRoles(java.lang.String[] authorizedRoles)
Set the roles that this interceptor should treat as authorized.

Parameters:
authorizedRoles - array of role names

preHandle

public final boolean preHandle(javax.portlet.PortletRequest request,
                               javax.portlet.PortletResponse response,
                               java.lang.Object handler)
                        throws javax.portlet.PortletException,
                               java.io.IOException
Description copied from class: HandlerInterceptorAdapter
Default callback that both preHandleRender and preHandleAction delegate to.

This implementation always returns true.

Overrides:
preHandle in class HandlerInterceptorAdapter
Throws:
javax.portlet.PortletException
java.io.IOException
See Also:
HandlerInterceptorAdapter.preHandleRender(javax.portlet.RenderRequest, javax.portlet.RenderResponse, java.lang.Object), HandlerInterceptorAdapter.preHandleAction(javax.portlet.ActionRequest, javax.portlet.ActionResponse, java.lang.Object)

handleNotAuthorized

protected void handleNotAuthorized(javax.portlet.PortletRequest request,
                                   javax.portlet.PortletResponse response,
                                   java.lang.Object handler)
                            throws javax.portlet.PortletException,
                                   java.io.IOException
Handle a request that is not authorized according to this interceptor. Default implementation throws a new PortletSecurityException.

This method can be overridden to write a custom message, forward or redirect to some error page or login page, or throw a PortletException.

Parameters:
request - current portlet request
response - current portlet response
handler - chosen handler to execute, for type and/or instance evaluation
Throws:
javax.portlet.PortletException - if there is an internal error
java.io.IOException - in case of an I/O error when writing the response