Catching the Access Control Error (SAP Library

Catching the Access Control Error

Use

Access to each of the EJB methods is now protected with a security role. Therefore, if a user who does not have the proper authorizations attempts to access the EJB methods, he or she will receive an error message.

However, the quick car rental servlet is currently designed to catch the QuickCarRentalException only, which is thrown by the EJB methods for various error conditions, while the access control error produced by the authorization check is thrown by the Web container. Therefore, you have to adjust the error control handling in the servlet to handle the error accordingly.

Prerequisites

This graphic is explained in the accompanying text

The quick car rental application’s Web client project, J2EE_QuickCarRentalWeb, is displayed in the J2EE Explorer.

Procedure

...

1. Expand J2EE_QuickCarRentalWeb ® source ® com ® sap ® engine ® examples ® servlets ® quickcarrental.

2. Open the QuickReservationServlet.java file with a double-click.

3. Insert a catch (Exception e) instruction block to each of the methods viewAllBookings(), saveAction(), and cancelAction(). See the code example below.

Example

try {

...

} catch (QuickCarRentalException e) {

session.setAttribute(Constants.CLIENT_MESSAGE,e.getMessage());

} catch (Exception e) {

session.setAttribute(

Constants.CLIENT_MESSAGE,e.getMessage());

}

4. Save the files.

Result

This instruction will catch the error messages returned from the Web container if the user cannot access the EJB methods.

Example

The following examples show the exception handling for each of the methods method.

Method viewAllBookings()

   private void viewAllBookings(
      HttpServletRequest request,
      QuickOrderProcessorLocal order) {
      HttpSession session = request.getSession(true);
      QuickBookingModel[] bookings;
      try {
         bookings = order.viewActiveBookings();
         session.setAttribute(
         Constants.RESERVATIONS,
         formatBookings(bookings));
      } catch (QuickCarRentalException e) {
         session.setAttribute(Constants.CLIENT_MESSAGE,e.getMessage());
      } catch (Exception e) {
         session.setAttribute(Constants.CLIENT_MESSAGE,e.getMessage());
      }
   }

Method saveAction()

private void saveAction(

HttpServletRequest request,

QuickOrderProcessorLocal order) {

HttpSession session = request.getSession(true);

try {

java.lang.String dateFrom = request.getParameter("pickupDate");

java.lang.String dateTo = request.getParameter("dropoffDate");

String vehicleTypeId = request.getParameter("vehicleTypeId");

String pickupLocation = request.getParameter("pickupLocation");

String dropoffLocation = request.getParameter("dropoffLocation");

order.saveBooking(vehicleTypeId,dateFrom,

dateTo,

pickupLocation,

dropoffLocation);

} catch (QuickCarRentalException e) {

session.setAttribute(Constants.CLIENT_MESSAGE,e.getMessage());

} catch (Exception e) {

session.setAttribute(

Constants.CLIENT_MESSAGE,e.getMessage());

}

Method cancelAction()

   private void cancelAction(
      HttpServletRequest request,
      QuickOrderProcessorLocal order) {
      HttpSession session = request.getSession(true);

      String[] selectedBookings = request.getParameterValues("check");
      for (int i = 0; i < selectedBookings.length; i++) {
         try {
            order.cancelBooking((String) selectedBookings[i]);
         } catch (QuickCarRentalException e) {

            session.setAttribute(
         Constants.CLIENT_MESSAGE,e.getMessage());
         } catch (Exception e) {
         session.setAttribute(Constants.CLIENT_MESSAGE,e.getMessage());
          }
      }

Next Step:

Rebuilding and Deploying the Application