HiRISE

HiRISE.HiWish
Class AuthorizedRequestProcessor

java.lang.Object
  extended by org.apache.struts.action.RequestProcessor
      extended by HiRISE.HiWish.AuthorizedRequestProcessor

public class AuthorizedRequestProcessor
extends org.apache.struts.action.RequestProcessor

Custom Struts RequestProcessor for performing authorization. Adapted from suggestions in 'Securing Struts Applications'.

See Also:
"http://www.devarticles.com/c/a/Java/Securing-Struts-Applications"

Field Summary
static String HTTP_DATA_ENCODING
          encoding for form-posted data
protected static Logger logger
          Logger instance
 
Fields inherited from class org.apache.struts.action.RequestProcessor
actions, INCLUDE_PATH_INFO, INCLUDE_SERVLET_PATH, log, moduleConfig, servlet
 
Constructor Summary
AuthorizedRequestProcessor()
           
 
Method Summary
 void process(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
          This method is called for every request from the client.
protected  boolean processRoles(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.apache.struts.action.ActionMapping mapping)
          Checks an incoming request for credentials.
 
Methods inherited from class org.apache.struts.action.RequestProcessor
destroy, doForward, doInclude, getInternal, getServletContext, init, internalModuleRelativeForward, internalModuleRelativeInclude, processActionCreate, processActionForm, processActionPerform, processCachedMessages, processContent, processException, processForward, processForwardConfig, processInclude, processLocale, processMapping, processMultipart, processNoCache, processPath, processPopulate, processPreprocess, processValidate
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

HTTP_DATA_ENCODING

public static final String HTTP_DATA_ENCODING
encoding for form-posted data

See Also:
Constant Field Values

logger

protected static Logger logger
Logger instance

Constructor Detail

AuthorizedRequestProcessor

public AuthorizedRequestProcessor()
Method Detail

processRoles

protected boolean processRoles(javax.servlet.http.HttpServletRequest request,
                               javax.servlet.http.HttpServletResponse response,
                               org.apache.struts.action.ActionMapping mapping)
                        throws IOException
Checks an incoming request for credentials. Looks to see if roles are defined for the action (defined in the Struts config). If there are no roles defined, the request needs no authorization, and control is returned to the superclass. If authorization is required, next it looks in the session for the Suggester instance. If there is no suggester, the user has not logged in, so it responds with HTTP error code 403 (authorization denied). If the user has logged in, checks the roles that the user is in, to see if any match the authorized roles. If there is no match, response with HTTP error code 403.

Overrides:
processRoles in class org.apache.struts.action.RequestProcessor
Parameters:
request - Incoming request
response - Outgoing response
mapping - Struts action mapping
Returns:
true if authorized
Throws:
IOException - Problem sending error, headers already sent?

process

public void process(javax.servlet.http.HttpServletRequest request,
                    javax.servlet.http.HttpServletResponse response)
             throws IOException,
                    javax.servlet.ServletException
This method is called for every request from the client. Overriding it to change the character encoding to UTF-8. This means that everything the user enters on the website will be proper unicode when it comes in the FormBeans.

Overrides:
process in class org.apache.struts.action.RequestProcessor
Throws:
IOException
javax.servlet.ServletException

HiRISE

Copyright (C) Arizona Board of Regents on behalf of the Planetary Image Research Laboratory, Lunar and Planetary Laboratory at the University of Arizona