Java Reference
In-Depth Information
Let's look at a meatier example with a sneak preview of the next chap-
ter about adding security. One of the many things we'll do to secure the
webmail application is to ensure that the user is logged in. An intercep-
tor is the perfect place for doing that:
package
stripesbook.ext;
@Intercepts(LifecycleStage.ActionBeanResolution)
public class
LoginInterceptor
implements
Interceptor {
@SuppressWarnings("unchecked")
private static final
List<Class<?
extends
BaseActionBean>> ALLOW =
Arrays.asList(
LoginActionBean.
class
,
RegisterActionBean.
class
);
public
Resolution intercept(ExecutionContext execContext)
throws
Exception
{
Resolution resolution = execContext.proceed();
MyActionBeanContext ctx =
(MyActionBeanContext) execContext.getActionBeanContext();
BaseActionBean actionBean = (BaseActionBean)
execContext.getActionBean();
Class<?
extends
ActionBean> cls = actionBean.getClass();
if
(ctx.getUser() ==
null
&& !ALLOW.contains(cls)) {
resolution =
new
RedirectResolution(LoginActionBean.
class
);
}
return
resolution;
}
}
Ah, now we're doing something a little more sophisticated. The inter-
ceptor runs after the
ActionBeanResolution
stage so that we can retrieve
the current action bean. We also retrieve the action bean context and
check whether it contains a user—that's how we know whether the user
has logged in.
By comparing the action bean class to a list of “allowed” action beans for
which the user doesn't have to be logged in, we can determine whether
we need to bounce the user. If that's the case, we interrupt the life-cycle
sequence by returning a
RedirectResolution
to the Login page instead of
the resolution that was returned by the
proceed
( ) method.
Search WWH ::
Custom Search