1 /*
2 * $Id: AuthorizeAction.java 471754 2006-11-06 14:55:09Z husted $
3 *
4 * Licensed to the Apache Software Foundation (ASF) under one
5 * or more contributor license agreements. See the NOTICE file
6 * distributed with this work for additional information
7 * regarding copyright ownership. The ASF licenses this file
8 * to you under the Apache License, Version 2.0 (the
9 * "License"); you may not use this file except in compliance
10 * with the License. You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing,
15 * software distributed under the License is distributed on an
16 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17 * KIND, either express or implied. See the License for the
18 * specific language governing permissions and limitations
19 * under the License.
20 */
21 package org.apache.struts.chain.commands.servlet;
22
23 import org.apache.struts.action.ActionServlet;
24 import org.apache.struts.chain.commands.AbstractAuthorizeAction;
25 import org.apache.struts.chain.contexts.ActionContext;
26 import org.apache.struts.chain.contexts.ServletActionContext;
27 import org.apache.struts.config.ActionConfig;
28 import org.apache.struts.util.MessageResources;
29
30 import javax.servlet.http.HttpServletRequest;
31
32 /**
33 * <p>Determine if the action is authorized for the given roles.</p>
34 *
35 * @version $Rev: 471754 $ $Date: 2005-11-12 13:01:44 -0500 (Sat, 12 Nov 2005)
36 * $
37 */
38 public class AuthorizeAction extends AbstractAuthorizeAction {
39 // ------------------------------------------------------- Protected Methods
40 protected boolean isAuthorized(ActionContext context, String[] roles,
41 ActionConfig mapping)
42 throws Exception {
43 // Identify the HTTP request object
44 ServletActionContext servletActionContext =
45 (ServletActionContext) context;
46 HttpServletRequest request = servletActionContext.getRequest();
47
48 // Check the current user against the list of required roles
49 for (int i = 0; i < roles.length; i++) {
50 if (request.isUserInRole(roles[i])) {
51 return (true);
52 }
53 }
54
55 // Default to unauthorized
56 return (false);
57 }
58
59 protected String getErrorMessage(ActionContext context,
60 ActionConfig actionConfig) {
61 ServletActionContext servletActionContext =
62 (ServletActionContext) context;
63
64 // Retrieve internal message resources
65 ActionServlet servlet = servletActionContext.getActionServlet();
66 MessageResources resources = servlet.getInternal();
67
68 return resources.getMessage("notAuthorized", actionConfig.getPath());
69 }
70 }