Autholizationの一般化

パフォーマンスとかは、考えない。頭ん中で一番シンプルなのがベスト。

    	if(!AuthorityHandler.INSTANCE.inAuthorized(req, res, AuthorityHandler.Lev.admin)){
    		AbnormalPrinter.Singleton.print(res, req, ResCode.Unauthorized);
    		return;
    	}
package com.tidspr.tsr.security;

import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import com.google.appengine.api.users.UserServiceFactory;

public enum AuthorityHandler{
	
	INSTANCE {
		@Override
		public boolean inAuthorized(HttpServletRequest req,HttpServletResponse res, Lev lev) {
			 if ( UserServiceFactory.getUserService().getCurrentUser() == null)
		        {
		        	if (lev.equals(Lev.anonymous)){
		        		return true;
		        	}
		        	redirectLogin(req,res);
		        	return false;
		        }else if (!UserServiceFactory.getUserService().isUserAdmin())
		        {
		        	if(lev.equals(Lev.gaccount)){
		        		return true;
		        	}
		            return false;
		        }
		    	return true;
			
		}
		
		private void redirectLogin(final HttpServletRequest req, final HttpServletResponse res){
			try {
				res.sendRedirect(UserServiceFactory.getUserService().createLoginURL(req.getRequestURI()));
			} catch (IOException e) {
				e.printStackTrace();
			}
		}
	};    
	
	public abstract boolean inAuthorized(final HttpServletRequest req, final HttpServletResponse res, final Lev lev);
	
	public enum Lev{
		anonymous,gaccount,admin;
	}
}
    last modified: 02 June 2012 [ View wiki source Close ]
     
SEARCH DIFFERENCE ATTACHMENT RECENT POST