RolesInterceptor (Struts 2 Core 2.1.2 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.struts2.interceptor
Class RolesInterceptor

java.lang.Object
  com.opensymphony.xwork2.interceptor.AbstractInterceptor
      org.apache.struts2.interceptor.RolesInterceptor

All Implemented Interfaces:: Interceptor, Serializable

public class RolesInterceptor
extends AbstractInterceptor
extends AbstractInterceptor

This interceptor ensures that the action will only be executed if the user has the correct role.

Interceptor parameters:

allowedRoles - a comma-separated list of roles to allow
disallowedRoles - a comma-separated list of roles to disallow

There are two extensions to the existing interceptor:

isAllowed(HttpServletRequest,Object) - whether or not to allow the passed action execution with this request
handleRejection(ActionInvocation) - handles an unauthorized request.

  <!-- START SNIPPET: example -->
  <!-- only allows the admin and member roles -->
  <action name="someAction" class="com.examples.SomeAction">
      <interceptor-ref name="completeStack"/>
      <interceptor-ref name="roles">
        <param name="allowedRoles">admin,member</param>
      </interceptor-ref>
      <result name="success">good_result.ftl</result>
  </action>
  <!-- END SNIPPET: example -->

See Also:: Serialized Form

Field Summary
`private List<String>`	`allowedRoles`
`private List<String>`	`disallowedRoles`

Constructor Summary
`RolesInterceptor()`

Method Summary
`protected String`	`handleRejection(ActionInvocation invocation, HttpServletResponse response)` Handles a rejection by sending a 403 HTTP error
`String`	`intercept(ActionInvocation invocation)` Override to handle interception
`protected boolean`	`isAllowed(HttpServletRequest request, Object action)` Determines if the request should be allowed for the action
`void`	`setAllowedRoles(String roles)`
`void`	`setDisallowedRoles(String roles)`
`protected List<String>`	`stringToList(String val)` Splits a string into a List

Methods inherited from class com.opensymphony.xwork2.interceptor.AbstractInterceptor
`destroy, init`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Field Detail

allowedRoles

private List<String> allowedRoles

disallowedRoles

private List<String> disallowedRoles

Constructor Detail

RolesInterceptor

public RolesInterceptor()

Method Detail

setAllowedRoles

public void setAllowedRoles(String roles)

setDisallowedRoles

public void setDisallowedRoles(String roles)

intercept

public String intercept(ActionInvocation invocation)
                 throws Exception

Description copied from class: AbstractInterceptor

Override to handle interception

Specified by:: intercept in interface Interceptor
Specified by:: intercept in class AbstractInterceptor

Parameters:: invocation - the action invocation
Returns:: the return code, either returned from ActionInvocation.invoke(), or from the interceptor itself.
Throws:: Exception - any system-level error, as defined in Action.execute().

stringToList

protected List<String> stringToList(String val)

Splits a string into a List

isAllowed

protected boolean isAllowed(HttpServletRequest request,
                            Object action)

Determines if the request should be allowed for the action

Parameters:: request - The request; action - The action object
Returns:: True if allowed, false otherwise

handleRejection

protected String handleRejection(ActionInvocation invocation,
                                 HttpServletResponse response)
                          throws Exception

Handles a rejection by sending a 403 HTTP error

Parameters:: invocation - The invocation
Returns:: The result code
Throws:: Exception