1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16 package org.apache.struts.chain.commands.servlet;
17
18 import org.apache.struts.action.ActionServlet;
19 import org.apache.struts.chain.commands.AbstractAuthorizeAction;
20 import org.apache.struts.chain.contexts.ActionContext;
21 import org.apache.struts.chain.contexts.ServletActionContext;
22 import org.apache.struts.config.ActionConfig;
23 import org.apache.struts.util.MessageResources;
24
25 import javax.servlet.http.HttpServletRequest;
26
27 /***
28 * <p>Determine if the action is authorized for the given roles.</p>
29 *
30 * @version $Rev: 421119 $ $Date: 2005-11-12 13:01:44 -0500 (Sat, 12 Nov 2005)
31 * $
32 */
33 public class AuthorizeAction extends AbstractAuthorizeAction {
34
35 protected boolean isAuthorized(ActionContext context, String[] roles,
36 ActionConfig mapping)
37 throws Exception {
38
39 ServletActionContext servletActionContext =
40 (ServletActionContext) context;
41 HttpServletRequest request = servletActionContext.getRequest();
42
43
44 for (int i = 0; i < roles.length; i++) {
45 if (request.isUserInRole(roles[i])) {
46 return (true);
47 }
48 }
49
50
51 return (false);
52 }
53
54 protected String getErrorMessage(ActionContext context,
55 ActionConfig actionConfig) {
56 ServletActionContext servletActionContext =
57 (ServletActionContext) context;
58
59
60 ActionServlet servlet = servletActionContext.getActionServlet();
61 MessageResources resources = servlet.getInternal();
62
63 return resources.getMessage("notAuthorized", actionConfig.getPath());
64 }
65 }