MicroStrategy ONE
isRequestAuthorized
The isRequestAuthorized method gets called for every request to MicroStrategy Web. This method is used to determine if an authenticated user is authorized to perform the requested action. In a custom implementation of the ESM, this method can be customized to add authorization criteria to be applied on top of the authorization criteria checks normally performed by MicroStrategy Web.
Common scenarios in which this method is used in a custom implementation of the ESM are:
-
Adding custom validations for a user.
-
Keeping track of individual requests to perform usage analysis or other type of statistics.
The following information is provided to help you use this method when you create a custom ESM.
Method signature
public boolean isRequestAuthorized(RequestKeys reqKeys, ContainerServices cntSvcs, WebIServerSession user)
Parameters
The following parameters are passed into the isRequestAuthorized method:
-
reqKeys
This parameter allows the External Security Module to inspect information present in the original request. This information represents a collection of cookie, URL, and FORM data key/value pairs, together with information from session variables.
-
cntSvcs
This parameter provides a way for the External Security Module to directly interact with the container to do such things as inspecting session variables and other data values not exposed through the RequestKeys object or accessing values such as headers that are not available through the RequestKeys instance.
-
user
This parameter provides the WebIServerSession associated with the user making the request.
Return Values
TheisRequestAuthorizedmethod returns a boolean value indicating whether the user making the request is authorized to perform the requested action.
-
true (default)
The user making the request meets the authorization criteria, indicating that processing should continue.
-
false
The user making the request does not meet the authorization criteria, indicating that the incoming request should be terminated.
Pre-conditions
This method is called with every request.
Post-operations
The following operations take place after the method call has finished, based on the return value:
-
If this method returns "true", the application proceeds with normal processing of the request.
-
If this method returns "false", the application terminates the incoming request and calls the getFailureURL method.