View Javadoc

1   /*
2    * $Id: AbstractAuthorizeAction.java 421119 2006-07-12 04:49:11Z wsmoak $
3    *
4    * Copyright 2000-2005 The Apache Software Foundation.
5    *
6    * Licensed under the Apache License, Version 2.0 (the "License");
7    * you may not use this file except in compliance with the License.
8    * You may obtain a copy of the License at
9    *
10   *      http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing, software
13   * distributed under the License is distributed on an "AS IS" BASIS,
14   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15   * See the License for the specific language governing permissions and
16   * limitations under the License.
17   */
18  package org.apache.struts.chain.commands;
19  
20  import org.apache.commons.logging.Log;
21  import org.apache.commons.logging.LogFactory;
22  import org.apache.struts.chain.contexts.ActionContext;
23  import org.apache.struts.config.ActionConfig;
24  
25  /***
26   * <p>Determine whether the requested action is authorized for the current
27   * user. If not, abort chain processing and perferably, return an error
28   * message of some kind.</p>
29   *
30   * @version $Rev: 421119 $ $Date: 2005-11-12 13:01:44 -0500 (Sat, 12 Nov 2005)
31   *          $
32   */
33  public abstract class AbstractAuthorizeAction extends ActionCommandBase {
34      // ------------------------------------------------------ Instance Variables
35  
36      /***
37       * Provide a Commons logging instance for this class.
38       */
39      private static final Log LOG =
40          LogFactory.getLog(AbstractAuthorizeAction.class);
41  
42      // ---------------------------------------------------------- Public Methods
43  
44      /***
45       * <p>Determine whether the requested action is authorized for the current
46       * user.  If not, abort chain processing and perferably, return an error
47       * message of some kind.</p>
48       *
49       * @param actionCtx The <code>Context</code> for the current request
50       * @return <code>false</code> if the user is authorized for the selected
51       *         action, else <code>true</code> to abort processing.
52       * @throws Exception if authorization fails
53       */
54      public boolean execute(ActionContext actionCtx)
55          throws Exception {
56          // Retrieve ActionConfig
57          ActionConfig actionConfig = actionCtx.getActionConfig();
58  
59          // Is this action protected by role requirements?
60          if (!isAuthorizationRequired(actionConfig)) {
61              return (false);
62          }
63  
64          boolean throwEx;
65  
66          try {
67              throwEx =
68                  !(isAuthorized(actionCtx, actionConfig.getRoleNames(),
69                      actionConfig));
70          } catch (Exception ex) {
71              throwEx = true;
72              LOG.error("Unable to complete authorization process", ex);
73          }
74  
75          if (throwEx) {
76              // The current user is not authorized for this action
77              throw new UnauthorizedActionException(getErrorMessage(actionCtx,
78                      actionConfig));
79          } else {
80              return (false);
81          }
82      }
83  
84      /***
85       * <p>Must authorization rules be consulted?  The base implementation
86       * returns <code>true</code> if the given <code>ActionConfig</code> has
87       * one or more roles defined.</p>
88       *
89       * @param actionConfig the current ActionConfig object
90       * @return true if the <code>isAuthorized</code> method should be
91       *         consulted.
92       */
93      protected boolean isAuthorizationRequired(ActionConfig actionConfig) {
94          String[] roles = actionConfig.getRoleNames();
95  
96          return (roles != null) && (roles.length > 0);
97      }
98  
99      // ------------------------------------------------------- Protected Methods
100 
101     /***
102      * <p>Determine if the action is authorized for the given roles.</p>
103      *
104      * @param context      The <code>Context</code> for the current request
105      * @param roles        An array of valid roles for this request
106      * @param actionConfig The current action mapping
107      * @return <code>true</code> if the request is authorized, else
108      *         <code>false</code>
109      * @throws Exception If the action cannot be tested for authorization
110      */
111     protected abstract boolean isAuthorized(ActionContext context,
112         String[] roles, ActionConfig actionConfig)
113         throws Exception;
114 
115     /***
116      * <p> Retrieve error message from context. </p>
117      *
118      * @param context      The <code>Context</code> for the current request
119      * @param actionConfig The current action mapping
120      * @return error message
121      */
122     protected abstract String getErrorMessage(ActionContext context,
123         ActionConfig actionConfig);
124 }