Class SecurityEmailCheckBeforeControllerHandler

java.lang.Object
de.hybris.platform.yacceleratorstorefront.interceptors.beforecontroller.SecurityEmailCheckBeforeControllerHandler
All Implemented Interfaces:
BeforeControllerHandler

public class SecurityEmailCheckBeforeControllerHandler extends Object implements BeforeControllerHandler
The SecurityEmailCheckBeforeControllerHandler class exists to make sure that email pages are only viewable in a CMS context, and not by a regular user.
  • Constructor Details

    • SecurityEmailCheckBeforeControllerHandler

      public SecurityEmailCheckBeforeControllerHandler()
  • Method Details

    • beforeController

      public boolean beforeController(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.web.method.HandlerMethod handler) throws IOException
      Check if the page being requested is an Email page, and if so, only aloow it if there is a valid preview model. This way we can ensure that public, or normal users will never be able to render email pages. If someone tries to access an email page without a preview, simply redirect to the default page.
      Specified by:
      beforeController in interface BeforeControllerHandler
      Parameters:
      request - current HTTP request
      response - current HTTP response
      Returns:
      False if the requested mapge is an email page, and there is no valid preview data.
      Throws:
      IOException
    • isPreviewDataModelValid

      protected boolean isPreviewDataModelValid(javax.servlet.http.HttpServletRequest httpRequest)
      Delegate to CMSPageContextService to see if the request contains valid preview data.
      Parameters:
      httpRequest - An http request
      Returns:
      True if the request contains valid cms preview data