org.eurekaclinical.standardapis.filter

Class AbstractRolesFilter

java.lang.Object

org.eurekaclinical.standardapis.filter.AbstractRolesFilter

All Implemented Interfaces:

javax.servlet.Filter, RolesFilter

Direct Known Subclasses:

RolesFromDbFilter

public abstract class AbstractRolesFilter
extends Object
implements RolesFilter

Base class for creating filters that add the user's roles to the request and set a session attribute, roles which will contain an array of role names.

Author:

Andrew Post

Constructor Summary

Constructors

Constructor and Description
AbstractRolesFilter()

Method Summary

Modifier and Type	Method and Description
void	destroy() Does nothing.
void	doFilter(javax.servlet.ServletRequest inRequest, javax.servlet.ServletResponse inResponse, javax.servlet.FilterChain inChain) Sets a roles session attribute containing an array of role names for the current user principal.
protected abstract String[]	getRoles(Principal inPrincipal, javax.servlet.ServletRequest inRequest) Gets the user's roles.
void	init(javax.servlet.FilterConfig fc) Does nothing.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

AbstractRolesFilter

public AbstractRolesFilter()

Method Detail

init

public void init(javax.servlet.FilterConfig fc)

Does nothing.

Specified by:

init in interface javax.servlet.Filter

Parameters:

fc - the filter configuration.

doFilter

public void doFilter(javax.servlet.ServletRequest inRequest,
                     javax.servlet.ServletResponse inResponse,
                     javax.servlet.FilterChain inChain)
              throws IOException,
                     javax.servlet.ServletException

Sets a roles session attribute containing an array of role names for the current user principal. It fetches the roles array from the getRoles(java.security.Principal, javax.servlet.ServletRequest) call. If the session attribute is not null, it will not fetch the user's roles again. If there is no session or if the user principal is not set, this filter just passes the request and response onto the next filter in the chain.

Specified by:

doFilter in interface javax.servlet.Filter

Parameters:

inRequest - the servlet request.

inResponse - the servlet response.

inChain - the filter chain.

Throws:

IOException - if the exception is thrown from downstream in the filter chain.

javax.servlet.ServletException - if the getRoles(java.security.Principal, javax.servlet.ServletRequest) call fails or if the exception is thrown from downstream in the filter chain.

getRoles

protected abstract String[] getRoles(Principal inPrincipal,
                                     javax.servlet.ServletRequest inRequest)
                              throws javax.servlet.ServletException

Gets the user's roles. It is called by doFilter(javax.servlet.ServletRequest, javax.servlet.ServletResponse, javax.servlet.FilterChain).

Parameters:

inPrincipal - the user's principal. Cannot be null.

inRequest - the servlet request.

Returns:

the role names. If the user has no roles, the array will be empty. A return value of null should be used if an error occurred retrieving role information.

Throws:

javax.servlet.ServletException - if the user's role information is not available due to a fatal error.

destroy

public void destroy()

Does nothing.

Specified by:

destroy in interface javax.servlet.Filter