1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18 package org.apache.struts.chain.commands;
19
20 import org.apache.commons.logging.Log;
21 import org.apache.commons.logging.LogFactory;
22 import org.apache.struts.chain.contexts.ActionContext;
23 import org.apache.struts.config.ActionConfig;
24
25 /***
26 * <p>Determine whether the requested action is authorized for the current
27 * user. If not, abort chain processing and perferably, return an error
28 * message of some kind.</p>
29 *
30 * @version $Rev: 421119 $ $Date: 2005-11-12 13:01:44 -0500 (Sat, 12 Nov 2005)
31 * $
32 */
33 public abstract class AbstractAuthorizeAction extends ActionCommandBase {
34
35
36 /***
37 * Provide a Commons logging instance for this class.
38 */
39 private static final Log LOG =
40 LogFactory.getLog(AbstractAuthorizeAction.class);
41
42
43
44 /***
45 * <p>Determine whether the requested action is authorized for the current
46 * user. If not, abort chain processing and perferably, return an error
47 * message of some kind.</p>
48 *
49 * @param actionCtx The <code>Context</code> for the current request
50 * @return <code>false</code> if the user is authorized for the selected
51 * action, else <code>true</code> to abort processing.
52 * @throws Exception if authorization fails
53 */
54 public boolean execute(ActionContext actionCtx)
55 throws Exception {
56
57 ActionConfig actionConfig = actionCtx.getActionConfig();
58
59
60 if (!isAuthorizationRequired(actionConfig)) {
61 return (false);
62 }
63
64 boolean throwEx;
65
66 try {
67 throwEx =
68 !(isAuthorized(actionCtx, actionConfig.getRoleNames(),
69 actionConfig));
70 } catch (Exception ex) {
71 throwEx = true;
72 LOG.error("Unable to complete authorization process", ex);
73 }
74
75 if (throwEx) {
76
77 throw new UnauthorizedActionException(getErrorMessage(actionCtx,
78 actionConfig));
79 } else {
80 return (false);
81 }
82 }
83
84 /***
85 * <p>Must authorization rules be consulted? The base implementation
86 * returns <code>true</code> if the given <code>ActionConfig</code> has
87 * one or more roles defined.</p>
88 *
89 * @param actionConfig the current ActionConfig object
90 * @return true if the <code>isAuthorized</code> method should be
91 * consulted.
92 */
93 protected boolean isAuthorizationRequired(ActionConfig actionConfig) {
94 String[] roles = actionConfig.getRoleNames();
95
96 return (roles != null) && (roles.length > 0);
97 }
98
99
100
101 /***
102 * <p>Determine if the action is authorized for the given roles.</p>
103 *
104 * @param context The <code>Context</code> for the current request
105 * @param roles An array of valid roles for this request
106 * @param actionConfig The current action mapping
107 * @return <code>true</code> if the request is authorized, else
108 * <code>false</code>
109 * @throws Exception If the action cannot be tested for authorization
110 */
111 protected abstract boolean isAuthorized(ActionContext context,
112 String[] roles, ActionConfig actionConfig)
113 throws Exception;
114
115 /***
116 * <p> Retrieve error message from context. </p>
117 *
118 * @param context The <code>Context</code> for the current request
119 * @param actionConfig The current action mapping
120 * @return error message
121 */
122 protected abstract String getErrorMessage(ActionContext context,
123 ActionConfig actionConfig);
124 }