1. 首頁
  2. 問答
  3. 檢票和CompoundAuthorizationStrategy

檢票和CompoundAuthorizationStrategy

2012-02-27 56 views
2

我不知道我是否有這個策略的一個好主意工作。在我的應用程序中,我有2個分離的登錄表單,一個用於普通用戶,另一個用於管理員(不問爲什麼,多數民衆贊成在它的方式:))檢票和CompoundAuthorizationStrategy

我試圖達到什麼是適當的重定向。在我的WebApplication I類有:

init() { 
//...ommited some not related code 
    CompoundAuthorizationStrategy compoundAuthorizationStrategy = new CompoundAuthorizationStrategy(); 
    IAuthorizationStrategy membertPageAuthStrategy = new SimplePageAuthorizationStrategy(MemberTemplatePage.class, 
      HomePage.class) 
    { 
     @Override 
     protected boolean isAuthorized() 
     { 
      //here's my way to define if authorization is completed 
     } 
    }; 

    IAuthorizationStrategy adminPageAuthStrategy = new SimplePageAuthorizationStrategy(AdminTemplatePage.class, 
      AdminLoginPage.class) 
    { 
     @Override 
     protected boolean isAuthorized() 
     { 
      //here's my way to define if authorization is completed 
     } 
    }; 

    compoundAuthorizationStrategy.add(membertPageAuthStrategy); 
    compoundAuthorizationStrategy.add(adminPageAuthStrategy); 

    getSecuritySettings().setAuthorizationStrategy(compoundAuthorizationStrategy); 
//... 
}

MemberTemplatePage是模板登錄的用戶頁面,而AdminTemplatePage是管理員一樣。 現在我通過這種鏈式驗證策略,當我輸入MemberTemplatePage未授權的時候,我會被重定向到HomePage,當我輸入未經授權的AdminTemplatePage時,我會重定向到AdminLoginPage,但我會保持重定向到AdminTemplatePage。 不能谷歌CompoundAuthorizationStrategy上的任何東西,它似乎是我的最佳選擇。任何想法我做錯了什麼? 我瞭解RoleAuth〜但那不適合我。

來源

2012-02-27 kamil

回答

2

@roby你可能是正確的,在檢票源某些搜索後,我做在我的代碼這種變化:

init() { 
//...ommited some not related code 
CompoundAuthorizationStrategy compoundAuthorizationStrategy = new CompoundAuthorizationStrategy(); 
IAuthorizationStrategy membertPageAuthStrategy = new SimplePageAuthorizationStrategy(MemberTemplatePage.class, 
     HomePage.class) 
{ 
    @Override 
    protected boolean isAuthorized() 
    { 
     if (/* user not authorized */) 
      { 
       throw new RestartResponseAtInterceptPageException(HomePage.class); 
      } 
      return true; 
    } 
}; 

IAuthorizationStrategy adminPageAuthStrategy = new SimplePageAuthorizationStrategy(AdminTemplatePage.class, 
     AdminLoginPage.class) 
{ 
    @Override 
    protected boolean isAuthorized() 
    { 
     if (/* user not authorized */) 
      { 
       throw new RestartResponseAtInterceptPageException(AdminLoginPage.class); 
      } 
      return true; 
    } 
}; 

compoundAuthorizationStrategy.add(membertPageAuthStrategy); 
compoundAuthorizationStrategy.add(adminPageAuthStrategy); 

getSecuritySettings().setAuthorizationStrategy(compoundAuthorizationStrategy); 
//... 
}

和它的作品就像我想讓它:)

來源

2012-02-28 08:30:09 kamil

0

這是CompoundAuthorization

public final boolean isInstantiationAuthorized(Class componentClass) 
{ 
    int size = strategies.size(); 
    for (int i = 0; i < size; i++) 
    { 
     IAuthorizationStrategy strategy = strategies.get(i); 
     if (!strategy.isInstantiationAuthorized(componentClass)) 
     { 
      return false; 
     } 
    } 
    return true; 
}

代碼它會檢查你正在試圖實例對每種策略,如果所有的檢查成功實例被授權的類。所以它可能在普通用戶授權檢查過程中成功,然後嘗試管理授權並被重定向到管理員登錄頁面。

來源

2012-02-27 20:09:05 roby

相關問題

 相關問題