unit AuthHandlersU; interface uses MVCFramework.Commons, System.Generics.Collections; type TAuthHandlerBase = class abstract(TInterfacedObject, IMVCAuthenticationHandler) public procedure OnRequest(const ControllerQualifiedClassName: string; const ActionName: string; var AuthenticationRequired: Boolean); virtual; abstract; procedure OnAuthentication(const UserName: string; const Password: string; UserRoles: System.Generics.Collections.TList; var IsValid: Boolean; const SessionData: TDictionary); virtual; procedure OnAuthorization(UserRoles : System.Generics.Collections.TList; const ControllerQualifiedClassName: string; const ActionName: string; var IsAuthorized: Boolean); virtual; end; TBasicAuthHandler = class(TAuthHandlerBase) public procedure OnRequest(const ControllerQualifiedClassName: string; const ActionName: string; var AuthenticationRequired: Boolean); override; end; TCustomAuthHandler = class(TAuthHandlerBase) public procedure OnRequest(const ControllerQualifiedClassName: string; const ActionName: string; var AuthenticationRequired: Boolean); override; end; implementation uses System.SysUtils; procedure TAuthHandlerBase.OnAuthentication( const UserName: string; const Password: string; UserRoles: System.Generics.Collections.TList; var IsValid: Boolean; const SessionData: TDictionary); begin UserRoles.Clear; IsValid := UserName = Password; if not IsValid then Exit; if UserName = 'user1' then begin IsValid := True; UserRoles.Add('role1'); end; if UserName = 'user2' then begin IsValid := True; UserRoles.Add('role2'); end; end; procedure TAuthHandlerBase.OnAuthorization(UserRoles : System.Generics.Collections.TList; const ControllerQualifiedClassName, ActionName: string; var IsAuthorized: Boolean); begin IsAuthorized := False; if (ActionName = 'OnlyRole1') or (ActionName = 'OnlyRole1Session') then IsAuthorized := UserRoles.Contains('role1'); if ActionName = 'OnlyRole2' then IsAuthorized := UserRoles.Contains('role2'); end; procedure TBasicAuthHandler.OnRequest(const ControllerQualifiedClassName, ActionName: string; var AuthenticationRequired: Boolean); begin AuthenticationRequired := ControllerQualifiedClassName.EndsWith ('TTestPrivateServerController'); end; procedure TCustomAuthHandler.OnRequest(const ControllerQualifiedClassName, ActionName: string; var AuthenticationRequired: Boolean); begin AuthenticationRequired := ControllerQualifiedClassName.EndsWith ('TTestPrivateServerControllerCustomAuth'); end; end.