6.1.9. Permission Check Handler

This handler performs Permission check for request.

The permission check is performed using Permission Check from the library. Therefore, to use this handler, it is necessary to configure a class that implements PermissionFactory in this handler.

This handler performs the following process.

  • Permission check

The process flow is as follows.

../../../../_images/flow4.png

6.1.9.2. Module list

<dependency>
  <groupId>com.nablarch.framework</groupId>
  <artifactId>nablarch-common-auth</artifactId>
</dependency>

6.1.9.3. Constraints

Place after Thread Context Variable Management Handler
Since this handler performs permission check based on the request ID and user ID set in the thread context, this handler must be placed after Thread Context Variable Management Handler.
Place after Internal Forward Handler
To perform an permission check based on the request ID of the forward destination when an internal forward is performed, this handler must be placed after Internal Forward Handler.
Place after HTTP Error Control Handler
To specify the error page to be displayed when a permission check error occurs, this handler must be placed after HTTP Error Control Handler.

6.1.9.4. Permission check for request

Check whether the logged-in user has permission for the current request (request ID). For details of check, see Permission Check.

If permission is available
Permission used for permission check is configured in the thread local so that it can be referenced by business logic and screen display control. Then the subsequent handler is called.
If permission is not available
Forbidden(403) is thrown.

To change the request ID of the check target to the forward request ID, specify “true” in PermissionCheckHandler.setUsesInternalRequestId. The default is “false”.

6.1.9.5. Specify the error page to be displayed when permission is not available

The error page displayed when permission is not available is specified in the HTTP error control handler. For more information, see Configuration of the default page.

6.1.9.6. Exclude specific requests from permission check

If there are requests to be excluded from permission check, such as requests before login, they are specified in PermissionCheckHandler.setIgnoreRequestIds.

<component name="permissionCheckHandler"
           class="nablarch.common.permission.PermissionCheckHandler">
  <property name="permissionFactory" ref="permissionFactory"/>
  <!-- Specify request IDs to be excluded from permission check separated by commas -->
  <property name="ignoreRequestIds" value="/action/login,/action/logout" />
</component>