TomcatRequestWrapper

HomePage | RecentChanges | Preferences

Without using the whole Realm and UserPrincipal?, I wanted to override the behavior of request.isUserInRole?(). I got advice on tomcat-user to skip setting up security constraints, and instead wrap the request to provide the desired behavior.

A post from Craig describing how to do it: http://www.mail-archive.com/tomcat-user%40jakarta.apache.org/msg55350.html

[HttpServletRequestWrapper API]

StrutsMenu will use the request.isUserInRole?() method to decide what menus to display (http://struts-menu.sourceforge.net/security.html)

The Wrapper

package edu.asu.vpia.webapp;

import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/**
 *  http://jakarta.apache.org/tomcat/tomcat-4.1-doc/servletapi/javax/servlet/http/HttpServletRequestWrapper.html
 *  http://www.mail-archive.com/tomcat-user%40jakarta.apache.org/msg55350.html
 *  Struts Menu: http://struts-menu.sourceforge.net/security.html
 *
 *@author    Wendy Smoak (wsmoak@asu.edu)
 */


public class BenWebRequestWrapper extends HttpServletRequestWrapper
{

   private static Log log = LogFactory.getLog( BenWebRequestWrapper.class );
   private HttpServletRequest request;

   public BenWebRequestWrapper( HttpServletRequest request )
   {
      super( request );
      this.request = request;
   }


    public boolean isUserInRole( String role )
   {

      BenWebUser benWebUser = (BenWebUser) ( (HttpServletRequest) request ).getSession().getAttribute( "benWebUser" );

      List authMnem = ( benWebUser == null ? null : benWebUser.getAuthorizedMnemonics() );
      log.debug( "isUserInRole: Checking for "+role+" in "+authMnem );

      if ( authMnem == null ) {
         return false;
      } else {
         return authMnem.contains( role );
      }

   }

}

The Filter

public class BenefactorAccessFilter implements Filter
{

   public void doFilter( ServletRequest req, ServletResponse resp,
         FilterChain chain ) throws IOException, ServletException
   {

      HttpServletRequestWrapper wrappedRequest = new BenWebRequestWrapper( request );
      chain.doFilter( wrappedRequest, response );

   }

}

   <filter>
      <filter-name>accessFilter</filter-name>
      <filter-class>edu.asu.vpia.webapp.BenefactorAccessFilter</filter-class>
   </filter>
   
   <filter-mapping>
      <filter-name>accessFilter</filter-name>
      <url-pattern>*.do</url-pattern>
   </filter-mapping>

More on Filters: http://java.sun.com/products/servlet/Filters.html

Struts Menu Config

<MenuConfig>

  <Displayers>
    <Displayer   name="TabbedMenu"
                 type="net.sf.navigator.displayer.TabbedMenuDisplayer"/>
  </Displayers>

  <Menus>

    <Menu name="TabbedProfile" title="tab.profile" location="?userAction=tab0" roles="0001">
    </Menu>

    <Menu name="TabbedProspect" title="tab.profile.prospect" location="?userAction=tab1" roles="0002">
    </Menu>
    ...
  </Menus>
</MenuConfig>

HomePage | RecentChanges | Preferences
This page is read-only | View other revisions
Last edited April 19, 2006 6:14 pm by WendySmoak (diff)
Search: