Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.springframework.web.servlet.handler
Class UserRoleAuthorizationInterceptor

java.lang.Object
  extended by org.springframework.web.servlet.handler.HandlerInterceptorAdapter
      extended by org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor
All Implemented Interfaces:
HandlerInterceptor
public class UserRoleAuthorizationInterceptor
extends HandlerInterceptorAdapter

Interceptor that checks the authorization of the current user via the user's roles, as evaluated by HttpServletRequest's isUserInRole method.

Since:
20.06.2003
Author:
Juergen Hoeller
See Also:
javax.servlet.http.HttpServletRequest#isUserInRole

Field Summary
private  java.lang.String[] authorizedRoles
           
 
Constructor Summary
UserRoleAuthorizationInterceptor()
           
 
Method Summary
protected  void handleNotAuthorized(HttpServletRequest request, HttpServletResponse response, java.lang.Object handler)
          Handle a request that is not authorized according to this interceptor.
 boolean preHandle(HttpServletRequest request, HttpServletResponse response, java.lang.Object handler)
          This implementation always returns true.
 void setAuthorizedRoles(java.lang.String[] authorizedRoles)
          Set the roles that this interceptor should treat as authorized.
 
Methods inherited from class org.springframework.web.servlet.handler.HandlerInterceptorAdapter
afterCompletion, postHandle
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

authorizedRoles

private java.lang.String[] authorizedRoles
Constructor Detail

UserRoleAuthorizationInterceptor

public UserRoleAuthorizationInterceptor()
Method Detail

setAuthorizedRoles

public final void setAuthorizedRoles(java.lang.String[] authorizedRoles)
Set the roles that this interceptor should treat as authorized.

Parameters:
authorizedRoles - array of role names

preHandle

public final boolean preHandle(HttpServletRequest request,
                               HttpServletResponse response,
                               java.lang.Object handler)
                        throws ServletException,
                               java.io.IOException
Description copied from class: HandlerInterceptorAdapter
This implementation always returns true.

Specified by:
preHandle in interface HandlerInterceptor
Overrides:
preHandle in class HandlerInterceptorAdapter
Parameters:
request - current HTTP request
response - current HTTP response
handler - chosen handler to execute, for type and/or instance evaluation
Returns:
true if the execution chain should proceed with the next interceptor or the handler itself. Else, DispatcherServlet assumes that this interceptor has already dealt with the response itself.
Throws:
ServletException
java.io.IOException

handleNotAuthorized

protected void handleNotAuthorized(HttpServletRequest request,
                                   HttpServletResponse response,
                                   java.lang.Object handler)
                            throws ServletException,
                                   java.io.IOException
Handle a request that is not authorized according to this interceptor. Default implementation sends HTTP status code 403 ("forbidden").

This method can be overridden to write a custom message, forward or redirect to some error page or login page, or throw a ServletException.

Parameters:
request - current HTTP request
response - current HTTP response
handler - chosen handler to execute, for type and/or instance evaluation
Throws:
javax.servlet.ServletException - if there is an internal error
java.io.IOException - in case of an I/O error when writing the response
ServletException
Overview  Package   Class  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD