View Javadoc

1   /*
2    * Copyright 2003,2004 The Apache Software Foundation.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *      http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  package org.apache.struts.chain.commands.servlet;
17  
18  import org.apache.struts.action.ActionServlet;
19  import org.apache.struts.chain.commands.AbstractAuthorizeAction;
20  import org.apache.struts.chain.contexts.ActionContext;
21  import org.apache.struts.chain.contexts.ServletActionContext;
22  import org.apache.struts.config.ActionConfig;
23  import org.apache.struts.util.MessageResources;
24  
25  import javax.servlet.http.HttpServletRequest;
26  
27  /***
28   * <p>Determine if the action is authorized for the given roles.</p>
29   *
30   * @version $Rev: 421119 $ $Date: 2005-11-12 13:01:44 -0500 (Sat, 12 Nov 2005)
31   *          $
32   */
33  public class AuthorizeAction extends AbstractAuthorizeAction {
34      // ------------------------------------------------------- Protected Methods
35      protected boolean isAuthorized(ActionContext context, String[] roles,
36          ActionConfig mapping)
37          throws Exception {
38          // Identify the HTTP request object
39          ServletActionContext servletActionContext =
40              (ServletActionContext) context;
41          HttpServletRequest request = servletActionContext.getRequest();
42  
43          // Check the current user against the list of required roles
44          for (int i = 0; i < roles.length; i++) {
45              if (request.isUserInRole(roles[i])) {
46                  return (true);
47              }
48          }
49  
50          // Default to unauthorized
51          return (false);
52      }
53  
54      protected String getErrorMessage(ActionContext context,
55          ActionConfig actionConfig) {
56          ServletActionContext servletActionContext =
57              (ServletActionContext) context;
58  
59          // Retrieve internal message resources
60          ActionServlet servlet = servletActionContext.getActionServlet();
61          MessageResources resources = servlet.getInternal();
62  
63          return resources.getMessage("notAuthorized", actionConfig.getPath());
64      }
65  }