com.liferay.portletmvc4spring.handler

Class UserRoleAuthorizationInterceptor

java.lang.Object

com.liferay.portletmvc4spring.handler.HandlerInterceptorAdapter

com.liferay.portletmvc4spring.handler.UserRoleAuthorizationInterceptor

All Implemented Interfaces:

HandlerInterceptor

public class UserRoleAuthorizationInterceptor
extends HandlerInterceptorAdapter

Interceptor that checks the authorization of the current user via the user's roles, as evaluated by PortletRequest's isUserInRole method.

Since:

2.0

Author:

John A. Lewis, Juergen Hoeller

See Also:

PortletRequest.isUserInRole(java.lang.String)

Constructor Summary

Constructors

Constructor and Description
UserRoleAuthorizationInterceptor()

Method Summary

Modifier and Type	Method and Description
protected void	handleNotAuthorized(javax.portlet.PortletRequest request, javax.portlet.PortletResponse response, Object handler) Handle a request that is not authorized according to this interceptor.
boolean	preHandle(javax.portlet.PortletRequest request, javax.portlet.PortletResponse response, Object handler) Default callback that all "pre*" methods delegate to.
void	setAuthorizedRoles(String... authorizedRoles) Set the roles that this interceptor should treat as authorized.

Methods inherited from class com.liferay.portletmvc4spring.handler.HandlerInterceptorAdapter

afterActionCompletion, afterCompletion, afterEventCompletion, afterRenderCompletion, afterResourceCompletion, postHandleRender, postHandleResource, preHandleAction, preHandleEvent, preHandleRender, preHandleResource

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

UserRoleAuthorizationInterceptor

public UserRoleAuthorizationInterceptor()

Method Detail

preHandle

public final boolean preHandle(javax.portlet.PortletRequest request,
                               javax.portlet.PortletResponse response,
                               Object handler)
                        throws javax.portlet.PortletException,
                               IOException

Description copied from class: HandlerInterceptorAdapter

Default callback that all "pre*" methods delegate to.

This implementation always returns true.

Overrides:

preHandle in class HandlerInterceptorAdapter

Throws:

javax.portlet.PortletException

IOException

setAuthorizedRoles

public final void setAuthorizedRoles(String... authorizedRoles)

Set the roles that this interceptor should treat as authorized.

Parameters:

authorizedRoles - array of role names

handleNotAuthorized

protected void handleNotAuthorized(javax.portlet.PortletRequest request,
                                   javax.portlet.PortletResponse response,
                                   Object handler)
                            throws javax.portlet.PortletException,
                                   IOException

Handle a request that is not authorized according to this interceptor. Default implementation throws a new PortletSecurityException.

This method can be overridden to write a custom message, forward or redirect to some error page or login page, or throw a PortletException.

Parameters:

request - current portlet request

response - current portlet response

handler - chosen handler to execute, for type and/or instance evaluation

Throws:

javax.portlet.PortletException - if there is an internal error

IOException - in case of an I/O error when writing the response