org.springframework.web.servlet.handler
Class UserRoleAuthorizationInterceptor
java.lang.Object
org.springframework.web.servlet.handler.HandlerInterceptorAdapter
org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor
- All Implemented Interfaces:
- HandlerInterceptor
public class UserRoleAuthorizationInterceptor
- extends HandlerInterceptorAdapter
Interceptor that checks the authorization of the current user via the
user's roles, as evaluated by HttpServletRequest's isUserInRole method.
- Since:
- 20.06.2003
- Author:
- Juergen Hoeller
- See Also:
javax.servlet.http.HttpServletRequest#isUserInRole
Method Summary |
protected void |
handleNotAuthorized(HttpServletRequest request,
HttpServletResponse response,
java.lang.Object handler)
Handle a request that is not authorized according to this interceptor. |
boolean |
preHandle(HttpServletRequest request,
HttpServletResponse response,
java.lang.Object handler)
This implementation always returns true . |
void |
setAuthorizedRoles(java.lang.String[] authorizedRoles)
Set the roles that this interceptor should treat as authorized. |
Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
authorizedRoles
private java.lang.String[] authorizedRoles
UserRoleAuthorizationInterceptor
public UserRoleAuthorizationInterceptor()
setAuthorizedRoles
public final void setAuthorizedRoles(java.lang.String[] authorizedRoles)
- Set the roles that this interceptor should treat as authorized.
- Parameters:
authorizedRoles
- array of role names
preHandle
public final boolean preHandle(HttpServletRequest request,
HttpServletResponse response,
java.lang.Object handler)
throws ServletException,
java.io.IOException
- Description copied from class:
HandlerInterceptorAdapter
- This implementation always returns
true
.
- Specified by:
preHandle
in interface HandlerInterceptor
- Overrides:
preHandle
in class HandlerInterceptorAdapter
- Parameters:
request
- current HTTP requestresponse
- current HTTP responsehandler
- chosen handler to execute, for type and/or instance evaluation
- Returns:
true
if the execution chain should proceed with the
next interceptor or the handler itself. Else, DispatcherServlet assumes
that this interceptor has already dealt with the response itself.
- Throws:
ServletException
java.io.IOException
handleNotAuthorized
protected void handleNotAuthorized(HttpServletRequest request,
HttpServletResponse response,
java.lang.Object handler)
throws ServletException,
java.io.IOException
- Handle a request that is not authorized according to this interceptor.
Default implementation sends HTTP status code 403 ("forbidden").
This method can be overridden to write a custom message, forward or
redirect to some error page or login page, or throw a ServletException.
- Parameters:
request
- current HTTP requestresponse
- current HTTP responsehandler
- chosen handler to execute, for type and/or instance evaluation
- Throws:
javax.servlet.ServletException
- if there is an internal error
java.io.IOException
- in case of an I/O error when writing the response
ServletException