org.mentawai.filter
Class AuthorizationFilter

java.lang.Object
  org.mentawai.filter.AuthorizationFilter

All Implemented Interfaces:

Filter

public class AuthorizationFilter
extends java.lang.Object
implements Filter

A filter to handle user authorization. You should use this filter to protect your actions from unauthorized access.

Author:

Sergio Oliveira

Field Summary

static java.lang.String	ACCESSDENIED
static java.lang.String	AJAX_DENIED

Constructor Summary

AuthorizationFilter()

AuthorizationFilter(java.util.List<java.lang.Object> groups)

AuthorizationFilter(java.util.List<java.lang.Object> groups, Permission... permissions)

AuthorizationFilter(java.util.List<java.lang.Object> groups, Permission permission)

AuthorizationFilter(Permission... permissions)

AuthorizationFilter(java.lang.String... groups)

AuthorizationFilter(java.lang.String groups, Permission permission)
Deprecated.

Method Summary

void	destroy() Gives a chance to the filter to deallocalte any resources before it is destroyed.
java.lang.String	filter(InvocationChain chain) Executes the filter.
boolean	isAuthorized(Action action, java.lang.String actionName, java.lang.String innerAction, java.lang.Object user, java.util.List userGroups) The default implementation of this method returns true for everything.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

ACCESSDENIED

public static final java.lang.String ACCESSDENIED

See Also:

Constant Field Values

AJAX_DENIED

public static final java.lang.String AJAX_DENIED

See Also:

Constant Field Values

Constructor Detail

AuthorizationFilter

public AuthorizationFilter()

AuthorizationFilter

public AuthorizationFilter(java.lang.String... groups)

AuthorizationFilter

public AuthorizationFilter(java.util.List<java.lang.Object> groups)

AuthorizationFilter

public AuthorizationFilter(Permission... permissions)

AuthorizationFilter

public AuthorizationFilter(java.lang.String groups,
                           Permission permission)

Deprecated.

Parameters:

groups -

permission -

AuthorizationFilter

public AuthorizationFilter(java.util.List<java.lang.Object> groups,
                           Permission permission)

Parameters:

groups -

permission -

AuthorizationFilter

public AuthorizationFilter(java.util.List<java.lang.Object> groups,
                           Permission... permissions)

Method Detail

isAuthorized

public boolean isAuthorized(Action action,
                            java.lang.String actionName,
                            java.lang.String innerAction,
                            java.lang.Object user,
                            java.util.List userGroups)

The default implementation of this method returns true for everything. You can override this method to create the authorization logic for your entire application.

Parameters:

action -

actionName -

innerAction -

user - The user in the session (can be null)

userGroups - The user groups (can be null)

Returns:

true if authorized, false otherwise

filter

public java.lang.String filter(InvocationChain chain)
                        throws java.lang.Exception

Description copied from interface: Filter

Executes the filter.

Specified by:

filter in interface Filter

Parameters:

chain - The InvocationChain for the action this filter is being applied to.

Returns:

The result of the filter or the action the filter is being applied to.

Throws:

java.lang.Exception

destroy

public void destroy()

Description copied from interface: Filter

Gives a chance to the filter to deallocalte any resources before it is destroyed. This is called when the web application is stopped, in other words, this has nothing to do with garbage collection.

Specified by:

destroy in interface Filter