mrdon 2003/10/24 18:16:52
Modified: contrib/struts-chain/src/conf chain-config.xml
contrib/struts-chain/src/java/org/apache/struts/chain
AbstractAuthorizeAction.java
contrib/struts-chain/src/java/org/apache/struts/chain/servlet
AuthorizeAction.java
Added: contrib/struts-chain/src/java/org/apache/struts/chain
UnauthorizedActionException.java
Log:
Changed AuthorizeAction to throw an UnauthorizedActionException rather
than returning an HTTP 403 error
Revision Changes Path
1.8 +0 -0 jakarta-struts/contrib/struts-chain/src/conf/chain-config.xml
Index: chain-config.xml
===================================================================
RCS file: /home/cvs/jakarta-struts/contrib/struts-chain/src/conf/chain-config.xml,v
retrieving revision 1.7
retrieving revision 1.8
diff -u -r1.7 -r1.8
1.2 +59 -5
jakarta-struts/contrib/struts-chain/src/java/org/apache/struts/chain/AbstractAuthorizeAction.java
Index: AbstractAuthorizeAction.java
===================================================================
RCS file:
/home/cvs/jakarta-struts/contrib/struts-chain/src/java/org/apache/struts/chain/AbstractAuthorizeAction.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- AbstractAuthorizeAction.java 24 Oct 2003 02:35:02 -0000 1.1
+++ AbstractAuthorizeAction.java 25 Oct 2003 01:16:52 -0000 1.2
@@ -75,6 +75,9 @@
import org.apache.struts.chain.util.ClassUtils;
import org.apache.struts.config.ActionConfig;
import org.apache.struts.config.FormBeanConfig;
+import org.apache.struts.util.MessageResources;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
/**
@@ -93,6 +96,10 @@
private String actionConfigKey = Constants.ACTION_CONFIG_KEY;
+ private String actionServletKey = Constants.ACTION_SERVLET_KEY;
+
+ private static final Log log =
+ LogFactory.getLog(AbstractAuthorizeAction.class);
// -------------------------------------------------------------- Properties
@@ -122,6 +129,32 @@
this.actionConfigKey = actionConfigKey;
}
+
+
+ /**
+ * <p>Return the context attribute key under which the
+ * <code>ActionServlet</code> for the currently selected application
+ * action is stored.</p>
+ */
+ public String getActionServletKey() {
+
+ return (this.actionServletKey);
+
+ }
+
+
+ /**
+ * <p>Set the context attribute key under which the
+ * <code>ActionServlet</code> for the currently selected application
+ * action is stored.</p>
+ *
+ * @param actionServletKey The new context attribute key
+ */
+ public void setActionServletKey(String actionServletKey) {
+
+ this.actionServletKey = actionServletKey;
+
+ }
// ---------------------------------------------------------- Public Methods
@@ -149,7 +182,28 @@
return (false);
}
- return !(isAuthorized(context, roles, actionConfig));
+ boolean throwEx = false;
+ try {
+ throwEx = !(isAuthorized(context, roles, actionConfig));
+ }
+ catch (Exception ex) {
+ throwEx = true;
+ log.error("Unable to complete authorization process", ex);
+ }
+
+ if (throwEx) {
+ // Retrieve internal message resources
+ ActionServlet servlet =
+ (ActionServlet) context.get(actionServletKey);
+ MessageResources resources = servlet.getInternal();
+
+ // The current user is not authorized for this action
+ throw new UnauthorizedActionException(
+ resources.getMessage("notAuthorized",
+ actionConfig.getPath()));
+ } else {
+ return (false);
+ }
}
1.1
jakarta-struts/contrib/struts-chain/src/java/org/apache/struts/chain/UnauthorizedActionException.java
Index: UnauthorizedActionException.java
===================================================================
/*
* $Header:
/home/cvs/jakarta-struts/contrib/struts-chain/src/java/org/apache/struts/chain/UnauthorizedActionException.java,v
1.1 2003/10/25 01:16:52 mrdon Exp $
* $Revision: 1.1 $
* $Date: 2003/10/25 01:16:52 $
*
* ====================================================================
*
* The Apache Software License, Version 1.1
*
* Copyright (c) 2003 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
* any, must include the following acknowlegement:
* "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Struts", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
* from this software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache"
* nor may "Apache" appear in their names without prior written
* permission of the Apache Group.
*
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
* DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
* USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.struts.chain;
/**
* <p>Exception thrown when the chosen action mapping is not authorized
* for the current request.</p>
*
[EMAIL PROTECTED] Don Brown
[EMAIL PROTECTED] $Revision: 1.1 $ $Date: 2003/10/25 01:16:52 $
*/
public class UnauthorizedActionException extends Exception {
/** Constructor */
public UnauthorizedActionException() {
super();
}
/**
* Constructor.
*
[EMAIL PROTECTED] message The error or warning message.
*/
public UnauthorizedActionException(String message) {
super(message);
}
}
1.2 +4 -13
jakarta-struts/contrib/struts-chain/src/java/org/apache/struts/chain/servlet/AuthorizeAction.java
Index: AuthorizeAction.java
===================================================================
RCS file:
/home/cvs/jakarta-struts/contrib/struts-chain/src/java/org/apache/struts/chain/servlet/AuthorizeAction.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- AuthorizeAction.java 24 Oct 2003 02:35:02 -0000 1.1
+++ AuthorizeAction.java 25 Oct 2003 01:16:52 -0000 1.2
@@ -62,7 +62,6 @@
package org.apache.struts.chain.servlet;
-import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.chain.Context;
import org.apache.commons.chain.web.servlet.ServletWebContext;
@@ -90,10 +89,9 @@
protected boolean isAuthorized(Context context, String[] roles,
ActionConfig mapping) throws Exception {
- // Identify the HTTP request and response objects
+ // Identify the HTTP request object
ServletWebContext swcontext = (ServletWebContext) context;
HttpServletRequest request = swcontext.getRequest();
- HttpServletResponse response = swcontext.getResponse();
// Check the current user against the list of required roles
for (int i = 0; i < roles.length; i++) {
@@ -101,17 +99,10 @@
return (true);
}
}
-
- // Retrieve internal message resources
- ActionServlet servlet =
- (ActionServlet) context.get(Constants.ACTION_SERVLET_KEY);
- MessageResources resources = servlet.getInternal();
- // The current user is not authorized for this action
- response.sendError(
- HttpServletResponse.SC_FORBIDDEN,
- resources.getMessage("notAuthorized", mapping.getPath()));
- return (false);
+ // Default to unauthorized
+ return (false);
+
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
