org.mentawai.filter
Class AuthorizationFilter

java.lang.Object
  extended by org.mentawai.filter.AuthorizationFilter
All Implemented Interfaces:
Filter

public class AuthorizationFilter
extends Object
implements Filter

A filter to handle user authorization. You should use this filter to protect your actions from unauthorized access.

Author:
Sergio Oliveira

Field Summary
static String ACCESSDENIED
           
static String AJAX_DENIED
           
 
Constructor Summary
AuthorizationFilter()
           
AuthorizationFilter(Enum<?>... es)
           
AuthorizationFilter(List<Object> groups)
           
AuthorizationFilter(List<Object> groups, Permission... permissions)
           
AuthorizationFilter(List<Object> groups, Permission permission)
           
AuthorizationFilter(Permission... permissions)
           
AuthorizationFilter(String... groups)
           
AuthorizationFilter(String groups, Permission permission)
          Deprecated.  
 
Method Summary
 void destroy()
          Gives a chance to the filter to deallocalte any resources before it is destroyed.
 String filter(InvocationChain chain)
          Executes the filter.
 boolean isAuthorized(Action action, String actionName, String innerAction, Object user, List userGroups)
          The default implementation of this method returns true for everything.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ACCESSDENIED

public static final String ACCESSDENIED
See Also:
Constant Field Values

AJAX_DENIED

public static final String AJAX_DENIED
See Also:
Constant Field Values
Constructor Detail

AuthorizationFilter

public AuthorizationFilter()

AuthorizationFilter

public AuthorizationFilter(Enum<?>... es)

AuthorizationFilter

public AuthorizationFilter(String... groups)

AuthorizationFilter

public AuthorizationFilter(List<Object> groups)

AuthorizationFilter

public AuthorizationFilter(Permission... permissions)

AuthorizationFilter

public AuthorizationFilter(String groups,
                           Permission permission)
Deprecated. 

Parameters:
groups -
permission -

AuthorizationFilter

public AuthorizationFilter(List<Object> groups,
                           Permission permission)
Parameters:
groups -
permission -

AuthorizationFilter

public AuthorizationFilter(List<Object> groups,
                           Permission... permissions)
Method Detail

isAuthorized

public boolean isAuthorized(Action action,
                            String actionName,
                            String innerAction,
                            Object user,
                            List userGroups)
The default implementation of this method returns true for everything. You can override this method to create the authorization logic for your entire application.

Parameters:
action -
actionName -
innerAction -
user - The user in the session (can be null)
userGroups - The user groups (can be null)
Returns:
true if authorized, false otherwise

filter

public String filter(InvocationChain chain)
              throws Exception
Description copied from interface: Filter
Executes the filter.

Specified by:
filter in interface Filter
Parameters:
chain - The InvocationChain for the action this filter is being applied to.
Returns:
The result of the filter or the action the filter is being applied to.
Throws:
Exception

destroy

public void destroy()
Description copied from interface: Filter
Gives a chance to the filter to deallocalte any resources before it is destroyed. This is called when the web application is stopped, in other words, this has nothing to do with garbage collection.

Specified by:
destroy in interface Filter


Copyright © 2013. All Rights Reserved.