if (!securityManager.createSecurityContext(userToken)) {
// not authorized
response = new CommandResponse();
response.setId(id);
response.getErrors().add(
new GeomajasSecurityException(ExceptionCode.CREDENTIALS_MISSING_OR_INVALID, userToken));
response.setExecutionTime(System.currentTimeMillis() - begin);
return response;
}
}
// check access rights for the command
if (securityContext.isCommandAuthorized(commandName)) {
Command command = null;
try {
command = applicationContext.getBean(commandName, Command.class);
} catch (BeansException be) {
log.error("could not create command bean for {}", new Object[] { commandName }, be);
}
if (null != command) {
response = command.getEmptyCommandResponse();
response.setId(id);
try {
command.execute(request, response);
} catch (Throwable throwable) { //NOPMD
log.error("Error executing command", throwable);
response.getErrors().add(throwable);
}
} else {
response = new CommandResponse();
response.setId(id);
response.getErrors().add(new GeomajasException(ExceptionCode.COMMAND_NOT_FOUND, commandName));
}
} else {
// not authorized
response = new CommandResponse();
response.setId(id);
response.getErrors().add(
new GeomajasSecurityException(ExceptionCode.COMMAND_ACCESS_DENIED, commandName, securityContext
.getUserId()));
}
// Now process the errors for display on the client:
List<Throwable> errors = response.getErrors();