Class Overview
Interceptor that checks the authorization of the current user via the
user's roles, as evaluated by HttpServletRequest's isUserInRole method.
Summary
Public Methods |
final
boolean
|
preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
This implementation always returns true .
|
final
void
|
setAuthorizedRoles(String[] authorizedRoles)
Set the roles that this interceptor should treat as authorized.
|
Protected Methods |
void
|
handleNotAuthorized(HttpServletRequest request, HttpServletResponse response, Object handler)
Handle a request that is not authorized according to this interceptor.
|
[Expand]
Inherited Methods |
From class
org.springframework.web.servlet.handler.HandlerInterceptorAdapter
void
|
afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
This implementation is empty.
|
void
|
postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView)
This implementation is empty.
|
boolean
|
preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
This implementation always returns true .
|
|
From class
java.lang.Object
Object
|
clone()
|
boolean
|
equals(Object arg0)
|
void
|
finalize()
|
final
Class<?>
|
getClass()
|
int
|
hashCode()
|
final
void
|
notify()
|
final
void
|
notifyAll()
|
String
|
toString()
|
final
void
|
wait()
|
final
void
|
wait(long arg0, int arg1)
|
final
void
|
wait(long arg0)
|
|
From interface
org.springframework.web.servlet.HandlerInterceptor
abstract
void
|
afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
Callback after completion of request processing, that is, after rendering
the view.
|
abstract
void
|
postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView)
Intercept the execution of a handler.
|
abstract
boolean
|
preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
Intercept the execution of a handler.
|
|
Public Constructors
public
UserRoleAuthorizationInterceptor
()
Public Methods
public
final
boolean
preHandle
(HttpServletRequest request, HttpServletResponse response, Object handler)
This implementation always returns true
.
Parameters
request
| current HTTP request |
response
| current HTTP response |
handler
| chosen handler to execute, for type and/or instance evaluation |
Returns
true
if the execution chain should proceed with the
next interceptor or the handler itself. Else, DispatcherServlet assumes
that this interceptor has already dealt with the response itself.
public
final
void
setAuthorizedRoles
(String[] authorizedRoles)
Set the roles that this interceptor should treat as authorized.
Parameters
authorizedRoles
| array of role names
|
Protected Methods
protected
void
handleNotAuthorized
(HttpServletRequest request, HttpServletResponse response, Object handler)
Handle a request that is not authorized according to this interceptor.
Default implementation sends HTTP status code 403 ("forbidden").
This method can be overridden to write a custom message, forward or
redirect to some error page or login page, or throw a ServletException.
Parameters
request
| current HTTP request |
response
| current HTTP response |
handler
| chosen handler to execute, for type and/or instance evaluation |
Throws
ServletException
| if there is an internal error |
IOException
| in case of an I/O error when writing the response
|