org.mentawai.filter

Class AuthorizationFilter

java.lang.Object

org.mentawai.filter.AuthorizationFilter

All Implemented Interfaces:

Filter

public class AuthorizationFilter
extends Object
implements Filter

A filter to handle user authorization. You should use this filter to protect your actions from unauthorized access.

Author:

Sergio Oliveira

Field Summary

Fields

Modifier and Type	Field and Description
static String	ACCESSDENIED
static String	AJAX_DENIED

Constructor Summary

Constructors

Constructor and Description
AuthorizationFilter()
AuthorizationFilter(Enum<?>... es)
AuthorizationFilter(List<Object> groups)
AuthorizationFilter(List<Object> groups, Permission... permissions)
AuthorizationFilter(List<Object> groups, Permission permission)
AuthorizationFilter(Permission... permissions)
AuthorizationFilter(String... groups)
AuthorizationFilter(String groups, Permission permission) Deprecated.

Method Summary

Methods

Modifier and Type	Method and Description
void	destroy() Gives a chance to the filter to deallocalte any resources before it is destroyed.
String	filter(InvocationChain chain) Executes the filter.
boolean	isAuthorized(Action action, String actionName, String innerAction, Object user, List userGroups) The default implementation of this method returns true for everything.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ACCESSDENIED

public static final String ACCESSDENIED

See Also:

Constant Field Values

AJAX_DENIED

public static final String AJAX_DENIED

See Also:

Constant Field Values

Constructor Detail

AuthorizationFilter

public AuthorizationFilter()

AuthorizationFilter

public AuthorizationFilter(Enum<?>... es)

AuthorizationFilter

public AuthorizationFilter(String... groups)

AuthorizationFilter

public AuthorizationFilter(List<Object> groups)

AuthorizationFilter

public AuthorizationFilter(Permission... permissions)

AuthorizationFilter

public AuthorizationFilter(String groups,
                   Permission permission)

Deprecated.

Parameters:

groups -

permission -

AuthorizationFilter

public AuthorizationFilter(List<Object> groups,
                   Permission permission)

Parameters:

groups -

permission -

AuthorizationFilter

public AuthorizationFilter(List<Object> groups,
                   Permission... permissions)

Method Detail

isAuthorized

public boolean isAuthorized(Action action,
                   String actionName,
                   String innerAction,
                   Object user,
                   List userGroups)

The default implementation of this method returns true for everything. You can override this method to create the authorization logic for your entire application.

Parameters:

action -

actionName -

innerAction -

user - The user in the session (can be null)

userGroups - The user groups (can be null)

Returns:

true if authorized, false otherwise

filter

public String filter(InvocationChain chain)
              throws Exception

Description copied from interface: Filter

Executes the filter.

Specified by:

filter in interface Filter

Parameters:

chain - The InvocationChain for the action this filter is being applied to.

Returns:

The result of the filter or the action the filter is being applied to.

Throws:

Exception

destroy

public void destroy()

Description copied from interface: Filter

Gives a chance to the filter to deallocalte any resources before it is destroyed. This is called when the web application is stopped, in other words, this has nothing to do with garbage collection.

Specified by:

destroy in interface Filter