Class UserRoleAuthorizationInterceptor
- java.lang.Object
- org.springframework.web.servlet.handler.HandlerInterceptorAdapter
- org.springframework.web.servlet.handler.UserRoleAuthorizationInterceptor
- All Implemented Interfaces:
AsyncHandlerInterceptor
,HandlerInterceptor
public class UserRoleAuthorizationInterceptor extends HandlerInterceptorAdapter
Interceptor that checks the authorization of the current user via the user's roles, as evaluated by HttpServletRequest's isUserInRole method.- Since:
- 20.06.2003
- Author:
- Juergen Hoeller
- See Also:
HttpServletRequest.isUserInRole(java.lang.String)
Constructor Summary
Constructors Constructor Description UserRoleAuthorizationInterceptor()
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected void
handleNotAuthorized(HttpServletRequest request, HttpServletResponse response, Object handler)
Handle a request that is not authorized according to this interceptor.boolean
preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
This implementation always returnstrue
.void
setAuthorizedRoles(String... authorizedRoles)
Set the roles that this interceptor should treat as authorized.Methods inherited from class org.springframework.web.servlet.handler.HandlerInterceptorAdapter
afterCompletion, afterConcurrentHandlingStarted, postHandle
Constructor Detail
UserRoleAuthorizationInterceptor
public UserRoleAuthorizationInterceptor()
Method Detail
setAuthorizedRoles
public final void setAuthorizedRoles(String... authorizedRoles)
Set the roles that this interceptor should treat as authorized.- Parameters:
authorizedRoles
- array of role names
preHandle
public final boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws ServletException, IOException
Description copied from class:HandlerInterceptorAdapter
This implementation always returnstrue
.- Specified by:
preHandle
in interfaceHandlerInterceptor
- Overrides:
preHandle
in classHandlerInterceptorAdapter
- Parameters:
request
- current HTTP requestresponse
- current HTTP responsehandler
- chosen handler to execute, for type and/or instance evaluation- Returns:
true
if the execution chain should proceed with the next interceptor or the handler itself. Else, DispatcherServlet assumes that this interceptor has already dealt with the response itself.- Throws:
ServletException
IOException
handleNotAuthorized
protected void handleNotAuthorized(HttpServletRequest request, HttpServletResponse response, Object handler) throws ServletException, IOException
Handle a request that is not authorized according to this interceptor. Default implementation sends HTTP status code 403 ("forbidden").This method can be overridden to write a custom message, forward or redirect to some error page or login page, or throw a ServletException.
- Parameters:
request
- current HTTP requestresponse
- current HTTP responsehandler
- chosen handler to execute, for type and/or instance evaluation- Throws:
ServletException
- if there is an internal errorIOException
- in case of an I/O error when writing the response