1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 package org.apache.struts.chain.commands.servlet;
22
23 import org.apache.struts.action.ActionServlet;
24 import org.apache.struts.chain.commands.AbstractAuthorizeAction;
25 import org.apache.struts.chain.contexts.ActionContext;
26 import org.apache.struts.chain.contexts.ServletActionContext;
27 import org.apache.struts.config.ActionConfig;
28 import org.apache.struts.util.MessageResources;
29
30 import javax.servlet.http.HttpServletRequest;
31
32 /**
33 * <p>Determine if the action is authorized for the given roles.</p>
34 *
35 * @version $Rev: 471754 $ $Date: 2005-11-12 13:01:44 -0500 (Sat, 12 Nov 2005)
36 * $
37 */
38 public class AuthorizeAction extends AbstractAuthorizeAction {
39
40 protected boolean isAuthorized(ActionContext context, String[] roles,
41 ActionConfig mapping)
42 throws Exception {
43
44 ServletActionContext servletActionContext =
45 (ServletActionContext) context;
46 HttpServletRequest request = servletActionContext.getRequest();
47
48
49 for (int i = 0; i < roles.length; i++) {
50 if (request.isUserInRole(roles[i])) {
51 return (true);
52 }
53 }
54
55
56 return (false);
57 }
58
59 protected String getErrorMessage(ActionContext context,
60 ActionConfig actionConfig) {
61 ServletActionContext servletActionContext =
62 (ServletActionContext) context;
63
64
65 ActionServlet servlet = servletActionContext.getActionServlet();
66 MessageResources resources = servlet.getInternal();
67
68 return resources.getMessage("notAuthorized", actionConfig.getPath());
69 }
70 }