|
(3) CustomCommand.java File
Note:- If any security check application is to be created in the struts 1.3 or higher then org.apache.struts.chain.commands.AbstractAuthorizeAction is to be extended but in case of previous versions the RequestProceesor's method processRoles() is to be overridden to check the security setting of the user.
package com.visualbuilder.command;
import org.apache.struts.action.ActionServlet;
import org.apache.struts.chain.commands.AbstractAuthorizeAction;
import org.apache.struts.chain.contexts.ActionContext;
import org.apache.struts.chain.contexts.ServletActionContext;
import org.apache.struts.config.ActionConfig;
import org.apache.struts.util.MessageResources;
import javax.servlet.http.HttpServletRequest;
public class CustomCommand extends AbstractAuthorizeAction {
// ------------------------------------------------------- Protected Methods
protected boolean isAuthorized(ActionContext context, String[] roles, ActionConfig mapping) throws Exception {
// Identify the HTTP request object
ServletActionContext servletActionContext = (ServletActionContext) context;
HttpServletRequest request = servletActionContext.getRequest();
// Check the current user against the list of required roles
if(request.getParameter("user") != null && request.getParameter("user").equals("admin") ){
return (true);
}
// Default to unauthorized
return (false);
}
protected String getErrorMessage(ActionContext context, ActionConfig actionConfig) {
ServletActionContext servletActionContext = (ServletActionContext) context;
// Retrieve internal message resources
ActionServlet servlet = servletActionContext.getActionServlet();
MessageResources resources = servlet.getInternal();
return resources.getMessage("notAuthorized", actionConfig.getPath());
}
}
Note:- Rest all the same as the previous composablerequestprocessor example for the application.
Output:-
Note:- If the role admin is entered only then the submit action gets called otherwise the following exception comes to the screen.
|
Total Members
