We are developing a web application and it should allow a person to do certain actions only if they are authorized. So, every method in the controller needs to check if he/she is authorized to execute the action. The backend is java and the frontend is javascript.
Something like below,
public class StudentDataInputController {
public ModelAndView getDataInputView(HttpServletRequest request,HttpServletResponse response) {
if (isAuthorized(request)) {
// Do something
}
}
public String saveInput(HttpServletRequest request,HttpServletResponse response) {
if (isAuthorized(request)) {
// Do something
}
}
}
I am wondering if there is any design pattern to enforce this for every action defined inside the class. One solution is to define an interface or abstract class and have a dedicated class for every action implementing the interface or extending abstract. But, it will result in a lot of classes and also, I don't think it is feasible given that the return type of every action varies. Any suggestion will be helpful
Aucun commentaire:
Enregistrer un commentaire