1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21 package org.apache.struts.chain.commands;
22
23 import org.apache.commons.logging.Log;
24 import org.apache.commons.logging.LogFactory;
25 import org.apache.struts.chain.contexts.ActionContext;
26 import org.apache.struts.config.ActionConfig;
27
28 /**
29 * <p>Determine whether the requested action is authorized for the current
30 * user. If not, abort chain processing and perferably, return an error
31 * message of some kind.</p>
32 *
33 * @version $Rev: 481115 $ $Date: 2005-11-12 13:01:44 -0500 (Sat, 12 Nov 2005)
34 * $
35 */
36 public abstract class AbstractAuthorizeAction extends ActionCommandBase {
37
38
39 /**
40 * Provide a Commons logging instance for this class.
41 */
42 private static final Log LOG =
43 LogFactory.getLog(AbstractAuthorizeAction.class);
44
45
46
47 /**
48 * <p>Determine whether the requested action is authorized for the current
49 * user. If not, abort chain processing and perferably, return an error
50 * message of some kind.</p>
51 *
52 * @param actionCtx The <code>Context</code> for the current request
53 * @return <code>false</code> if the user is authorized for the selected
54 * action, else <code>true</code> to abort processing.
55 * @throws UnauthorizedActionException if authorization fails
56 * or if an error is encountered in the course of performing the authorization.
57 */
58 public boolean execute(ActionContext actionCtx)
59 throws Exception {
60
61 ActionConfig actionConfig = actionCtx.getActionConfig();
62
63
64 if (!isAuthorizationRequired(actionConfig)) {
65 return (false);
66 }
67
68 boolean throwEx;
69
70 try {
71 throwEx =
72 !(isAuthorized(actionCtx, actionConfig.getRoleNames(),
73 actionConfig));
74 } catch (UnauthorizedActionException ex) {
75 throw ex;
76 } catch (Exception ex) {
77 throwEx = true;
78 LOG.error("Unable to complete authorization process", ex);
79 }
80
81 if (throwEx) {
82
83 throw new UnauthorizedActionException(getErrorMessage(actionCtx,
84 actionConfig));
85 } else {
86 return (false);
87 }
88 }
89
90 /**
91 * <p>Must authorization rules be consulted? The base implementation
92 * returns <code>true</code> if the given <code>ActionConfig</code> has
93 * one or more roles defined.</p>
94 *
95 * @param actionConfig the current ActionConfig object
96 * @return true if the <code>isAuthorized</code> method should be
97 * consulted.
98 */
99 protected boolean isAuthorizationRequired(ActionConfig actionConfig) {
100 String[] roles = actionConfig.getRoleNames();
101
102 return (roles != null) && (roles.length > 0);
103 }
104
105
106
107 /**
108 * <p>Determine if the action is authorized for the given roles.</p>
109 *
110 * @param context The <code>Context</code> for the current request
111 * @param roles An array of valid roles for this request
112 * @param actionConfig The current action mapping
113 * @return <code>true</code> if the request is authorized, else
114 * <code>false</code>
115 * @throws UnauthorizedActionException If the logic determines that the request is not authorized
116 * but does not wish to rely upon the default mechanism reporting the error.
117 * @throws Exception If the action cannot be tested for authorization
118 */
119 protected abstract boolean isAuthorized(ActionContext context,
120 String[] roles, ActionConfig actionConfig)
121 throws Exception;
122
123 /**
124 * <p> Retrieve error message from context. </p>
125 *
126 * @param context The <code>Context</code> for the current request
127 * @param actionConfig The current action mapping
128 * @return error message
129 */
130 protected abstract String getErrorMessage(ActionContext context,
131 ActionConfig actionConfig);
132 }