org.jsecurity.web.filter.authz
Class RolesAuthorizationFilter

java.lang.Object
  org.jsecurity.web.servlet.ServletContextSupport
      org.jsecurity.web.servlet.OncePerRequestFilter
          org.jsecurity.web.servlet.AdviceFilter
              org.jsecurity.web.filter.PathMatchingFilter
                  org.jsecurity.web.filter.AccessControlFilter
                      org.jsecurity.web.filter.authz.AuthorizationFilter
                          org.jsecurity.web.filter.authz.RolesAuthorizationFilter

All Implemented Interfaces:

Filter, Nameable, PathConfigProcessor

public class RolesAuthorizationFilter
extends AuthorizationFilter

Filter that allows access if the current user has the roles specified by the mapped value, or denies access if the user does not have all of the roles specified.

Since:

0.9

Author:

Les Hazlewood, Jeremy Haile

Field Summary

Fields inherited from class org.jsecurity.web.filter.AccessControlFilter

DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD

Fields inherited from class org.jsecurity.web.filter.PathMatchingFilter

appliedPaths, pathMatcher

Fields inherited from class org.jsecurity.web.servlet.OncePerRequestFilter

ALREADY_FILTERED_SUFFIX, filterConfig

Constructor Summary

RolesAuthorizationFilter()

Method Summary

boolean

isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response) method instead.

Methods inherited from class org.jsecurity.web.filter.authz.AuthorizationFilter

getUnauthorizedUrl, onAccessDenied, setUnauthorizedUrl

Methods inherited from class org.jsecurity.web.filter.AccessControlFilter

getLoginUrl, getSubject, isLoginRequest, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl

Methods inherited from class org.jsecurity.web.filter.PathMatchingFilter

getPathWithinApplication, pathsMatch, pathsMatch, preHandle, processPathConfig

Methods inherited from class org.jsecurity.web.servlet.AdviceFilter

afterCompletion, cleanup, doFilterInternal, executeChain, postHandle

Methods inherited from class org.jsecurity.web.servlet.OncePerRequestFilter

destroy, doFilter, getAlreadyFilteredAttributeName, getFilterConfig, getName, init, onFilterConfigSet, setFilterConfig, setName, shouldNotFilter

Methods inherited from class org.jsecurity.web.servlet.ServletContextSupport

bind, getAttribute, getContextInitParam, getServletContext, removeAttribute, setAttribute, setServletContext

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

RolesAuthorizationFilter

public RolesAuthorizationFilter()

Method Detail

isAccessAllowed

public boolean isAccessAllowed(ServletRequest request,
                               ServletResponse response,
                               Object mappedValue)
                        throws IOException

Description copied from class: AccessControlFilter

Returns true if the request is allowed to proceed through the filter normally, or false if the request should be handled by the onAccessDenied(request,response) method instead.

Specified by:

isAccessAllowed in class AccessControlFilter

Parameters:

request - the incoming ServletRequest

response - the outgoing ServletResponse

mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.

Returns:

true if the request should proceed through the filter normally, false if the request should be processed by this filter's AccessControlFilter.onAccessDenied(javax.servlet.ServletRequest, javax.servlet.ServletResponse) method instead.

Throws:

IOException