AuthorizationInterceptor.java

/***
 * Copyright (c) 2009 Caelum - www.caelum.com.br/opensource
 * All rights reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * 	http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package br.com.caelum.vraptor.mydvds.interceptor;

import java.util.Arrays;

import br.com.caelum.vraptor.InterceptionException;
import br.com.caelum.vraptor.Intercepts;
import br.com.caelum.vraptor.Result;
import br.com.caelum.vraptor.core.InterceptorStack;
import br.com.caelum.vraptor.interceptor.Interceptor;
import br.com.caelum.vraptor.mydvds.controller.HomeController;
import br.com.caelum.vraptor.mydvds.dao.UserDao;
import br.com.caelum.vraptor.resource.ResourceMethod;
import br.com.caelum.vraptor.validator.ValidationMessage;

/**
 * Interceptor to check if the user is in the session.
 */
@Intercepts
public class AuthorizationInterceptor implements Interceptor {


	private final UserInfo info;
	private final UserDao dao;
	private final Result result;

	public AuthorizationInterceptor(UserInfo info, UserDao dao, Result result) {
		this.info = info;
		this.dao = dao;
		this.result = result;
	}

	/**
	 * the easiest way to implement the accepts method is creating an annotation
	 */
    public boolean accepts(ResourceMethod method) {
        return !method.containsAnnotation(Public.class);
    }

    /**
     * Intercepts the request and checks if there is a user logged in.
     */
    public void intercept(InterceptorStack stack, ResourceMethod method, Object resourceInstance)
            throws InterceptionException {
    	/**
    	 * You can use the result even in interceptors.
    	 */
    	if (info.getUser() == null) {
    		// remember added parameters will survive one more request, when there is a redirect
    		result.include("errors", Arrays.asList(new ValidationMessage("user is not logged in", "user")));
    		result.redirectTo(HomeController.class).login();
    	} else {
	    	dao.refresh(info.getUser());
	    	// continues execution
	    	stack.next(method, resourceInstance);
    	}
    }

}