Java Reference
In-Depth Information
protected
Boolean hasRoleName(ActionBean bean, Method handler,
String role)
{
User user = getUser(bean);
if
(user !=
null
) {
Collection<Role> roles = user.getRoles();
return
roles !=
null
&& roles.contains(
new
Role(role));
}
return false
;
}
public
Resolution handleAccessDenied(ActionBean bean,
Method handler)
{
if
(!isUserAuthenticated(bean, handler)) {
RedirectResolution resolution =
new
RedirectResolution(LoginActionBean.
class
);
if
(bean.getContext().getRequest().getMethod()
.equalsIgnoreCase("GET"))
{
String loginUrl = ((BaseActionBean) bean).getLastUrl();
resolution.addParameter("loginUrl", loginUrl);
}
return
resolution;
}
return new
ErrorResolution(HttpServletResponse.SC_UNAUTHORIZED);
}
private
User getUser(ActionBean bean) {
return
((BaseActionBean) bean).getContext().getUser();
}
}
This allows us to do some pretty cool things with EL expressions. For
example, recall how we previously restricted users to seeing their own
data, including their own messages in
MessageDetailsActionBean
:
public void
setMessage(Message message) {
if
(getUser().equals(message.getFolder().getUser())) {
this
.message = message;
}
}
Say we wanted to keep restricting users to their own messages but let
administrators see other users' messages. We could accomplish that by
putting the setter method back to just a plain setter and annotating
MessageDetailsActionBean
.
Search WWH ::
Custom Search