package com.oreilly.strutsckbk.ch11;
import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.*;
import org.apache.struts.action.*;
import org.apache.struts.webapp.example.User;
public class RoleRequestProcessor extends RequestProcessor {
protected boolean processRoles(HttpServletRequest request,
HttpServletResponse response, ActionMapping mapping)
throws IOException, ServletException
{
// Is this action protected by role requirements?
String roles[] = mapping.getRoleNames();
if ((roles == null) || (roles.length < 1)) {
return true;
}
// Check the current user against the list of required roles
HttpSession session = request.getSession();
User user = (User) session.getAttribute("user");
if (user == null) {
return false;
}
for (int i = 0; i < roles.length; i++) {
if (user.hasRole(roles[i])) {
return (true);
}
}
response.sendError(HttpServletResponse.SC_BAD_REQUEST,
getInternal().getMessage("notAuthorized",
mapping.getPath()));
return (false);
}
} |