tutorial/AuthzInterceptor.java
package tutorial;
import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.taglibs.velocity.Authz;
import org.acegisecurity.taglibs.velocity.AuthzImpl;
import tutorial.acegi.AuthzAware;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
public class AuthzInterceptor implements Interceptor {
String allowroles;
String denyroles;
public void destroy() {
}
public void init() {
}
public void setAllowedRoles(String allowroles) {
this.allowroles = allowroles;
}
public void setDeniedRoles(String denyroles) {
this.denyroles = denyroles;
}
public String intercept(ActionInvocation invocation)
throws Exception {
Object act = invocation.getAction();
if (allowroles != null || denyroles != null || act instanceof AuthzAware ) {
Authz authz = new AuthzImpl();
if (allowroles != null ) {
if (!authz.anyGranted(allowroles)) {
throw new AccessDeniedException("not allow");
}
}
if (denyroles != null ) {
if (authz.anyGranted(denyroles)) {
throw new AccessDeniedException("deny");
}
}
if (act instanceof AuthzAware) {
AuthzAware authzAware = (AuthzAware)invocation.getAction();
authzAware.setAuthz(authz);
}
}
return invocation.invoke();
}
}
これを struts.xml で
<interceptor name="role_admin"
class="tutorial.AuthzInterceptor">
<param name="allowedRoles">ROLE_ADMIN</param>
</interceptor>
として action で interceptor-ref すればいい
0 コメント:
コメントを投稿