/**
* If this action is protected by security roles, make sure that the current user possesses at
* least one of them. Return <code>true</code> to continue normal processing, or <code>false
* </code> if an appropriate response has been created and processing should terminate.
*
* @param request The servlet request we are processing
* @param response The servlet response we are creating
* @param mapping The mapping we are using
* @return <code>true</code> to continue normal processing; <code>false</code> if a response has
* been created.
* @throws IOException if an input/output error occurs
* @throws ServletException if a servlet exception occurs
*/
protected boolean processRoles(
HttpServletRequest request, HttpServletResponse response, ActionMapping mapping)
throws IOException, ServletException {
// Is this action protected by role requirements?
String[] roles = mapping.getRoleNames();
if ((roles == null) || (roles.length < 1)) {
return (true);
}
// Check the current user against the list of required roles
for (int i = 0; i < roles.length; i++) {
if (request.isUserInRole(roles[i])) {
if (log.isDebugEnabled()) {
log.debug(
" User '"
+ request.getRemoteUser()
+ "' has role '"
+ roles[i]
+ "', granting access");
}
return (true);
}
}
// The current user is not authorized for this action
if (log.isDebugEnabled()) {
log.debug(
" User '"
+ request.getRemoteUser()
+ "' does not have any required role, denying access");
}
response.sendError(
HttpServletResponse.SC_FORBIDDEN,
getInternal().getMessage("notAuthorized", mapping.getPath()));
return (false);
}
