You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@struts.apache.org by ge...@apache.org on 2005/08/21 17:23:27 UTC

svn commit: r234242 - /struts/core/trunk/src/share/org/apache/struts/chain/commands/AbstractAuthorizeAction.java

Author: germuska
Date: Sun Aug 21 08:23:25 2005
New Revision: 234242

URL: http://svn.apache.org/viewcvs?rev=234242&view=rev
Log:
Extract test for whether authorization is required into a protected method, so
that subclasses can cause isAuthorized to be called as a default condition,
or based on other rules rather than the explicit presence of roles.

Modified:
    struts/core/trunk/src/share/org/apache/struts/chain/commands/AbstractAuthorizeAction.java

Modified: struts/core/trunk/src/share/org/apache/struts/chain/commands/AbstractAuthorizeAction.java
URL: http://svn.apache.org/viewcvs/struts/core/trunk/src/share/org/apache/struts/chain/commands/AbstractAuthorizeAction.java?rev=234242&r1=234241&r2=234242&view=diff
==============================================================================
--- struts/core/trunk/src/share/org/apache/struts/chain/commands/AbstractAuthorizeAction.java (original)
+++ struts/core/trunk/src/share/org/apache/struts/chain/commands/AbstractAuthorizeAction.java Sun Aug 21 08:23:25 2005
@@ -58,14 +58,13 @@
         ActionConfig actionConfig = actionCtx.getActionConfig();
 
         // Is this action protected by role requirements?
-        String roles[] = actionConfig.getRoleNames();
-        if ((roles == null) || (roles.length < 1)) {
+        if (!isAuthorizationRequired(actionConfig)) {
             return (false);
         }
 
         boolean throwEx = false;
         try {
-            throwEx = !(isAuthorized(actionCtx, roles, actionConfig));
+            throwEx = !(isAuthorized(actionCtx, actionConfig.getRoleNames(), actionConfig));
         }
         catch (Exception ex) {
             throwEx = true;
@@ -80,6 +79,19 @@
             return (false);
         }
 
+    }
+
+    /**
+     * <p>Must authorization rules be consulted?  The base implementation returns
+     * <code>true</code> if the given <code>ActionConfig</code> has one or more 
+     * roles defined.</p>
+     * 
+     * @param actionConfig the current ActionConfig object
+     * @return true if the <code>isAuthorized</code> method should be consulted.
+     */
+    protected boolean isAuthorizationRequired(ActionConfig actionConfig) {
+        String[] roles = actionConfig.getRoleNames();
+        return (roles != null) && (roles.length > 0);
     }
 
 



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@struts.apache.org
For additional commands, e-mail: dev-help@struts.apache.org