public class UserRoleAuthorizationInterceptor extends Object implements HandlerInterceptor
HttpServletRequest.isUserInRole(java.lang.String)
Constructor and Description |
---|
UserRoleAuthorizationInterceptor() |
Modifier and Type | Method and Description |
---|---|
protected void |
handleNotAuthorized(HttpServletRequest request,
HttpServletResponse response,
Object handler)
Handle a request that is not authorized according to this interceptor.
|
boolean |
preHandle(HttpServletRequest request,
HttpServletResponse response,
Object handler)
Interception point before the execution of a handler.
|
void |
setAuthorizedRoles(String... authorizedRoles)
Set the roles that this interceptor should treat as authorized.
|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
afterCompletion, postHandle
public final void setAuthorizedRoles(String... authorizedRoles)
authorizedRoles
- array of role namespublic final boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws ServletException, IOException
HandlerInterceptor
DispatcherServlet processes a handler in an execution chain, consisting of any number of interceptors, with the handler itself at the end. With this method, each interceptor can decide to abort the execution chain, typically sending an HTTP error or writing a custom response.
Note: special considerations apply for asynchronous
request processing. For more details see
AsyncHandlerInterceptor
.
The default implementation returns true
.
preHandle
in interface HandlerInterceptor
request
- current HTTP requestresponse
- current HTTP responsehandler
- chosen handler to execute, for type and/or instance evaluationtrue
if the execution chain should proceed with the
next interceptor or the handler itself. Else, DispatcherServlet assumes
that this interceptor has already dealt with the response itself.ServletException
IOException
protected void handleNotAuthorized(HttpServletRequest request, HttpServletResponse response, Object handler) throws ServletException, IOException
This method can be overridden to write a custom message, forward or redirect to some error page or login page, or throw a ServletException.
request
- current HTTP requestresponse
- current HTTP responsehandler
- chosen handler to execute, for type and/or instance evaluationServletException
- if there is an internal errorIOException
- in case of an I/O error when writing the response