Package de.hybris.platform.yacceleratorstorefront.interceptors.beforecontroller

Class SecurityEmailCheckBeforeControllerHandler

  • All Implemented Interfaces:
    BeforeControllerHandler
    public class SecurityEmailCheckBeforeControllerHandler
extends java.lang.Object
implements BeforeControllerHandler
    The SecurityEmailCheckBeforeControllerHandler class exists to make sure that email pages are only viewable in a CMS context, and not by a regular user.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      boolean beforeController​(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.web.method.HandlerMethod handler)
      Check if the page being requested is an Email page, and if so, only aloow it if there is a valid preview model.
      protected boolean isPreviewDataModelValid​(javax.servlet.http.HttpServletRequest httpRequest)
      Delegate to CMSPageContextService to see if the request contains valid preview data.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • SecurityEmailCheckBeforeControllerHandler

        public SecurityEmailCheckBeforeControllerHandler()

    • Method Detail

      • beforeController

        public boolean beforeController​(javax.servlet.http.HttpServletRequest request,
                                javax.servlet.http.HttpServletResponse response,
                                org.springframework.web.method.HandlerMethod handler)
                         throws java.io.IOException
        Check if the page being requested is an Email page, and if so, only aloow it if there is a valid preview model. This way we can ensure that public, or normal users will never be able to render email pages. If someone tries to access an email page without a preview, simply redirect to the default page.
        Specified by:
        beforeController in interface BeforeControllerHandler
        Parameters:
        request - current HTTP request
        response - current HTTP response
        Returns:
        False if the requested mapge is an email page, and there is no valid preview data.
        Throws:
        java.io.IOException

      • isPreviewDataModelValid

        protected boolean isPreviewDataModelValid​(javax.servlet.http.HttpServletRequest httpRequest)
        Delegate to CMSPageContextService to see if the request contains valid preview data.
        Parameters:
        httpRequest - An http request
        Returns:
        True if the request contains valid cms preview data