nthx/AuthorizingAspect.java

## AuthorizingAspect.java
<bind pointcut="execution(* $instanceof{Action}->execute(*))"
      cflow="(notInLoginAction AND notInLogoutAction)">
    <advice aspect="AuthorizingAspect" name="checkUserLoggedIn"/>
</bind>
public class AuthorizingAspect
{
    public Object checkUserLoggedIn(Invocation invocation)
    throws Throwable
    {
        MethodInvocation mi = (MethodInvocation) invocation;
        ActionMapping mapping = (ActionMapping) mi.getArguments()[0];
        HttpServletRequest request = (HttpServletRequest) mi.getArguments()[2];

        User sessionUser = getUserFromSession(request);
        String servletPath = request.getServletPath();

        if (servletPath.startsWith("/anonymous/"))
        {
            return letThrough_becauseAnonymousCall(invocation);
        }

        if (null == sessionUser)
        {
            storeUserRequestInSession(request, mapping);
            return redirectToLoginPage(mapping);
        }
        else
        {
            if (userIsAuthorizedToAction(servletPath, sessionUser))
                return letThrough_becauseIsAuthorized(invocation, sessionUser);
            else
                return redirectToHomePage(mapping, sessionUser);
        }
    }
    private ....
}
	<bind pointcut="execution(* $instanceof{Action}->execute(*))"
	cflow="(notInLoginAction AND notInLogoutAction)">
	<advice aspect="AuthorizingAspect" name="checkUserLoggedIn"/>
	</bind>
	public class AuthorizingAspect
	{
	public Object checkUserLoggedIn(Invocation invocation)
	throws Throwable
	{
	MethodInvocation mi = (MethodInvocation) invocation;
	ActionMapping mapping = (ActionMapping) mi.getArguments()[0];
	HttpServletRequest request = (HttpServletRequest) mi.getArguments()[2];

	User sessionUser = getUserFromSession(request);
	String servletPath = request.getServletPath();

	if (servletPath.startsWith("/anonymous/"))
	{
	return letThrough_becauseAnonymousCall(invocation);
	}

	if (null == sessionUser)
	{
	storeUserRequestInSession(request, mapping);
	return redirectToLoginPage(mapping);
	}
	else
	{
	if (userIsAuthorizedToAction(servletPath, sessionUser))
	return letThrough_becauseIsAuthorized(invocation, sessionUser);
	else
	return redirectToHomePage(mapping, sessionUser);
	}
	}
	private ....
	}