org.springframework.web.portlet.handler
Class UserRoleAuthorizationInterceptor
java.lang.Object
org.springframework.web.portlet.handler.HandlerInterceptorAdapter
org.springframework.web.portlet.handler.UserRoleAuthorizationInterceptor
- All Implemented Interfaces:
- HandlerInterceptor
public class UserRoleAuthorizationInterceptor
- extends HandlerInterceptorAdapter
Interceptor that checks the authorization of the current user via the
user's roles, as evaluated by PortletRequest's isUserInRole method.
- Since:
- 2.0
- Author:
- John A. Lewis, Juergen Hoeller
- See Also:
javax.portlet.PortletRequest#isUserInRole
Method Summary |
protected void |
handleNotAuthorized(PortletRequest request,
PortletResponse response,
java.lang.Object handler)
Handle a request that is not authorized according to this interceptor. |
boolean |
preHandle(PortletRequest request,
PortletResponse response,
java.lang.Object handler)
Default callback that all "pre*" methods delegate to. |
void |
setAuthorizedRoles(java.lang.String[] authorizedRoles)
Set the roles that this interceptor should treat as authorized. |
Methods inherited from class org.springframework.web.portlet.handler.HandlerInterceptorAdapter |
afterActionCompletion, afterCompletion, afterEventCompletion, afterRenderCompletion, afterResourceCompletion, postHandleRender, postHandleResource, preHandleAction, preHandleEvent, preHandleRender, preHandleResource |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
authorizedRoles
private java.lang.String[] authorizedRoles
UserRoleAuthorizationInterceptor
public UserRoleAuthorizationInterceptor()
setAuthorizedRoles
public final void setAuthorizedRoles(java.lang.String[] authorizedRoles)
- Set the roles that this interceptor should treat as authorized.
- Parameters:
authorizedRoles
- array of role names
preHandle
public final boolean preHandle(PortletRequest request,
PortletResponse response,
java.lang.Object handler)
throws PortletException,
java.io.IOException
- Description copied from class:
HandlerInterceptorAdapter
- Default callback that all "pre*" methods delegate to.
This implementation always returns true
.
- Overrides:
preHandle
in class HandlerInterceptorAdapter
- Throws:
PortletException
java.io.IOException
handleNotAuthorized
protected void handleNotAuthorized(PortletRequest request,
PortletResponse response,
java.lang.Object handler)
throws PortletException,
java.io.IOException
- Handle a request that is not authorized according to this interceptor.
Default implementation throws a new PortletSecurityException.
This method can be overridden to write a custom message, forward or
redirect to some error page or login page, or throw a PortletException.
- Parameters:
request
- current portlet requestresponse
- current portlet responsehandler
- chosen handler to execute, for type and/or instance evaluation
- Throws:
javax.portlet.PortletException
- if there is an internal error
java.io.IOException
- in case of an I/O error when writing the response
PortletException