View Javadoc

1   /*
2    * $Id: AuthorizeAction.java 471754 2006-11-06 14:55:09Z husted $
3    *
4    * Licensed to the Apache Software Foundation (ASF) under one
5    * or more contributor license agreements.  See the NOTICE file
6    * distributed with this work for additional information
7    * regarding copyright ownership.  The ASF licenses this file
8    * to you under the Apache License, Version 2.0 (the
9    * "License"); you may not use this file except in compliance
10   * with the License.  You may obtain a copy of the License at
11   *
12   *  http://www.apache.org/licenses/LICENSE-2.0
13   *
14   * Unless required by applicable law or agreed to in writing,
15   * software distributed under the License is distributed on an
16   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
17   * KIND, either express or implied.  See the License for the
18   * specific language governing permissions and limitations
19   * under the License.
20   */
21  package org.apache.struts.chain.commands.servlet;
22  
23  import org.apache.struts.action.ActionServlet;
24  import org.apache.struts.chain.commands.AbstractAuthorizeAction;
25  import org.apache.struts.chain.contexts.ActionContext;
26  import org.apache.struts.chain.contexts.ServletActionContext;
27  import org.apache.struts.config.ActionConfig;
28  import org.apache.struts.util.MessageResources;
29  
30  import javax.servlet.http.HttpServletRequest;
31  
32  /**
33   * <p>Determine if the action is authorized for the given roles.</p>
34   *
35   * @version $Rev: 471754 $ $Date: 2005-11-12 13:01:44 -0500 (Sat, 12 Nov 2005)
36   *          $
37   */
38  public class AuthorizeAction extends AbstractAuthorizeAction {
39      // ------------------------------------------------------- Protected Methods
40      protected boolean isAuthorized(ActionContext context, String[] roles,
41          ActionConfig mapping)
42          throws Exception {
43          // Identify the HTTP request object
44          ServletActionContext servletActionContext =
45              (ServletActionContext) context;
46          HttpServletRequest request = servletActionContext.getRequest();
47  
48          // Check the current user against the list of required roles
49          for (int i = 0; i < roles.length; i++) {
50              if (request.isUserInRole(roles[i])) {
51                  return (true);
52              }
53          }
54  
55          // Default to unauthorized
56          return (false);
57      }
58  
59      protected String getErrorMessage(ActionContext context,
60          ActionConfig actionConfig) {
61          ServletActionContext servletActionContext =
62              (ServletActionContext) context;
63  
64          // Retrieve internal message resources
65          ActionServlet servlet = servletActionContext.getActionServlet();
66          MessageResources resources = servlet.getInternal();
67  
68          return resources.getMessage("notAuthorized", actionConfig.getPath());
69      }
70  }