6.1.9. Permission Check Handler¶

Table of contents

Handler class name
Module list
Constraints
Permission check for request
Specify the error page to be displayed when permission is not available
Exclude specific requests from permission check

This handler performs Permission check for request.

The permission check is performed using Permission Check by handler from the library. Therefore, to use this handler, it is necessary to configure a class that implements PermissionFactory in this handler.

This handler performs the following process.

Permission check

The process flow is as follows.

6.1.9.1. Handler class name ¶

nablarch.common.permission.PermissionCheckHandler

6.1.9.2. Module list ¶

<dependency>
  <groupId>com.nablarch.framework</groupId>
  <artifactId>nablarch-common-auth</artifactId>
</dependency>

6.1.9.3. Constraints ¶

Place after Thread Context Variable Management Handler: Since this handler performs permission check based on the request ID and user ID set in the thread context, this handler must be placed after Thread Context Variable Management Handler.
Place after Internal Forward Handler: To perform an permission check based on the request ID of the forward destination ( Internal Request ID ) when an internal forward is performed, this handler must be placed after Internal Forward Handler. In addition, add InternalRequestIdAttribute to attributes of Thread Context Variable Management Handler .
Place after HTTP Error Control Handler: To specify the error page to be displayed when a permission check error occurs, this handler must be placed after HTTP Error Control Handler.

6.1.9.4. Permission check for request ¶

Check whether the logged-in user has permission for the current request (request ID). For details of check, see Permission Check by handler.

If permission is available: Permission used for permission check is configured in the thread local so that it can be referenced by business logic and screen display control. Then the subsequent handler is called.
If permission is not available: Forbidden(403) is thrown.

To change the request ID of the check target to the forward request ID, specify “true” in PermissionCheckHandler.setUsesInternalRequestId. The default is “false”.

6.1.9.5. Specify the error page to be displayed when permission is not available ¶

The error page displayed when permission is not available is specified in the HTTP error control handler. For more information, see Configuration of the default page.

6.1.9.6. Exclude specific requests from permission check ¶

If there are requests to be excluded from permission check, such as requests before login, they are specified in PermissionCheckHandler.setIgnoreRequestIds.

<component name="permissionCheckHandler"
           class="nablarch.common.permission.PermissionCheckHandler">
  <property name="permissionFactory" ref="permissionFactory"/>
  <!-- Specify request IDs to be excluded from permission check separated by commas -->
  <property name="ignoreRequestIds" value="/action/login,/action/logout" />
</component>

6.1.9. Permission Check Handler¶

6.1.9.1. Handler class name¶

6.1.9.2. Module list¶

6.1.9.3. Constraints¶

6.1.9.4. Permission check for request¶

6.1.9.5. Specify the error page to be displayed when permission is not available¶

6.1.9.6. Exclude specific requests from permission check¶