/** * Returns a collection of String permissions with which to perform a permission check to determine if the filter * will allow the request to continue. * <p/> * This implementation merely delegates to {@link #buildPermissions(String[], String)} and ignores the inbound * HTTP servlet request, but it can be overridden by subclasses for more complex request-specific building logic * if necessary. * * @param request the inbound HTTP request - ignored in this implementation, but available to * subclasses for more complex construction building logic if necessary * @param configuredPerms any url-specific permissions mapped to this filter in the URL rules mappings. * @param action the application-friendly action (verb) resolved based on the HTTP Method name. * @return a collection of String permissions with which to perform a permission check to determine if the filter * will allow the request to continue. */ protected String[] buildPermissions(HttpServletRequest request, String[] configuredPerms, String action) { return buildPermissions(configuredPerms, action); }
/** * Resolves an 'application friendly' action verb based on the {@code HttpServletRequest}'s method, appends that * action to each configured permission (the {@code mappedValue} argument is a {@code String[]} array), and * delegates the permission check for the newly constructed permission(s) to the superclass * {@link PermissionsAuthorizationFilter#isAccessAllowed(javax.servlet.ServletRequest, javax.servlet.ServletResponse, Object) isAccessAllowed} * implementation to perform the actual permission check. * * @param request the inbound {@code ServletRequest} * @param response the outbound {@code ServletResponse} * @param mappedValue the filter-specific config value mapped to this filter in the URL rules mappings. * @return {@code true} if the request should proceed through the filter normally, {@code false} if the * request should be processed by this filter's * {@link #onAccessDenied(ServletRequest,ServletResponse,Object)} method instead. * @throws IOException */ @Override public boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) throws IOException { String[] perms = (String[]) mappedValue; // append the http action to the end of the permissions and then back to super String action = getHttpMethodAction(request); String[] resolvedPerms = buildPermissions(perms, action); return super.isAccessAllowed(request, response, resolvedPerms); } }