com.caucho.http.security
Class AbstractConstraint

java.lang.Object
  |
  +--com.caucho.http.security.AbstractConstraint
Direct Known Subclasses:
RoleConstraint, TransportConstraint

public abstract class AbstractConstraint
extends java.lang.Object


Constructor Summary
AbstractConstraint()
           
 
Method Summary
abstract  boolean isAuthorized(HttpServletRequest request, HttpServletResponse response, ServletContext application)
          Returns true if the user is authorized for the resource.
 boolean needsAuthentication()
          Returns true if the constraint requires authentication.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

AbstractConstraint

public AbstractConstraint()
Method Detail

needsAuthentication

public boolean needsAuthentication()
Returns true if the constraint requires authentication.

isAuthorized

public abstract boolean isAuthorized(HttpServletRequest request,
                                     HttpServletResponse response,
                                     ServletContext application)
                              throws ServletException,
                                     java.io.IOException
Returns true if the user is authorized for the resource.

isAuthorized must provide the response if the user is not authorized. Typically this will just call sendError.

isAuthorized will be called after all the other filters, but before the servlet.service().

Parameters:
request - the servlet request
response - the servlet response
Returns:
true if the request is authorized.