svn commit: r234242 - /struts/core/trunk/src/share/org/apache/struts/chain/commands/AbstractAuthorizeAction.java

Sun, 21 Aug 2005 08:23:31 -0700 

Author: germuska
Date: Sun Aug 21 08:23:25 2005
New Revision: 234242

URL: http://svn.apache.org/viewcvs?rev=234242&view=rev
Log:
Extract test for whether authorization is required into a protected method, so
that subclasses can cause isAuthorized to be called as a default condition,
or based on other rules rather than the explicit presence of roles.

Modified:
    
struts/core/trunk/src/share/org/apache/struts/chain/commands/AbstractAuthorizeAction.java

Modified: 
struts/core/trunk/src/share/org/apache/struts/chain/commands/AbstractAuthorizeAction.java
URL: 
http://svn.apache.org/viewcvs/struts/core/trunk/src/share/org/apache/struts/chain/commands/AbstractAuthorizeAction.java?rev=234242&r1=234241&r2=234242&view=diff
==============================================================================
--- 
struts/core/trunk/src/share/org/apache/struts/chain/commands/AbstractAuthorizeAction.java
 (original)
+++ 
struts/core/trunk/src/share/org/apache/struts/chain/commands/AbstractAuthorizeAction.java
 Sun Aug 21 08:23:25 2005
@@ -58,14 +58,13 @@
         ActionConfig actionConfig = actionCtx.getActionConfig();
 
         // Is this action protected by role requirements?
-        String roles[] = actionConfig.getRoleNames();
-        if ((roles == null) || (roles.length < 1)) {
+        if (!isAuthorizationRequired(actionConfig)) {
             return (false);
         }
 
         boolean throwEx = false;
         try {
-            throwEx = !(isAuthorized(actionCtx, roles, actionConfig));
+            throwEx = !(isAuthorized(actionCtx, actionConfig.getRoleNames(), 
actionConfig));
         }
         catch (Exception ex) {
             throwEx = true;
@@ -80,6 +79,19 @@
             return (false);
         }
 
+    }
+
+    /**
+     * <p>Must authorization rules be consulted?  The base implementation 
returns
+     * <code>true</code> if the given <code>ActionConfig</code> has one or 
more 
+     * roles defined.</p>
+     * 
+     * @param actionConfig the current ActionConfig object
+     * @return true if the <code>isAuthorized</code> method should be 
consulted.
+     */
+    protected boolean isAuthorizationRequired(ActionConfig actionConfig) {
+        String[] roles = actionConfig.getRoleNames();
+        return (roles != null) && (roles.length > 0);
     }
 
 



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to