Reply To: Handling dynamic security constraints

Splash Forums Rewrite Users Handling dynamic security constraints Reply To: Handling dynamic security constraints

#24657

giates
Participant

Yes Christian, the custom condition is the way to go, getting the request I can do what I want. This is what I ended up with:

.addRule()
 .when(new HttpCondition() {
             @Override
              public boolean evaluateHttp(HttpServletRewrite event, EvaluationContext context) {
                boolean userLogged;
                boolean rolesValid;
                HttpServletRequest request = event.getRequest();
                Principal principal = request.getUserPrincipal();

                userLogged = principal != null && principal.getName() != null;
                rolesValid = userLogged && (request.isUserInRole("guest") || request.isUserInRole("user"));

                return !userLogged || !rolesValid;
              }
            }
            .and(Path.matches("/{locale}/ecommerce/{url}")))
  .perform(Redirect.temporary(context.getContextPath() + "/{locale}/login"))
  .where("locale").matches("[a-z]{2}");

Thanks.

  • This reply was modified 8 years, 5 months ago by  Lincoln Baxter III. Reason: Added solution