RolesInterceptor (Struts 2 Core 2.3.4 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.struts2.interceptor
Class RolesInterceptor

java.lang.Object
  com.opensymphony.xwork2.interceptor.AbstractInterceptor
      org.apache.struts2.interceptor.RolesInterceptor

All Implemented Interfaces:: Interceptor, Serializable

public class RolesInterceptor
extends AbstractInterceptor
extends AbstractInterceptor

This interceptor ensures that the action will only be executed if the user has the correct role.

Interceptor parameters:

allowedRoles - a comma-separated list of roles to allow
disallowedRoles - a comma-separated list of roles to disallow

There are two extensions to the existing interceptor:

isAllowed(HttpServletRequest,Object) - whether or not to allow the passed action execution with this request
handleRejection(ActionInvocation) - handles an unauthorized request.

  <!-- START SNIPPET: example -->
  <!-- only allows the admin and member roles -->
  <action name="someAction" class="com.examples.SomeAction">
      <interceptor-ref name="completeStack"/>
      <interceptor-ref name="roles">
        <param name="allowedRoles">admin,member</param>
      </interceptor-ref>
      <result name="success">good_result.ftl</result>
  </action>
  <!-- END SNIPPET: example -->

See Also:: Serialized Form

Constructor Summary
`RolesInterceptor()`

Method Summary
`protected String`	`handleRejection(ActionInvocation invocation, javax.servlet.http.HttpServletResponse response)` Handles a rejection by sending a 403 HTTP error
`String`	`intercept(ActionInvocation invocation)`
`protected boolean`	`isAllowed(javax.servlet.http.HttpServletRequest request, Object action)` Determines if the request should be allowed for the action
`void`	`setAllowedRoles(String roles)`
`void`	`setDisallowedRoles(String roles)`
`protected List<String>`	`stringToList(String val)` Splits a string into a List

Methods inherited from class com.opensymphony.xwork2.interceptor.AbstractInterceptor
`destroy, init`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

Constructor Detail

RolesInterceptor

public RolesInterceptor()

Method Detail

setAllowedRoles

public void setAllowedRoles(String roles)

setDisallowedRoles

public void setDisallowedRoles(String roles)

intercept

public String intercept(ActionInvocation invocation)
                 throws Exception

Specified by:: intercept in interface Interceptor
Specified by:: intercept in class AbstractInterceptor

Throws:: Exception

stringToList

protected List<String> stringToList(String val)

Splits a string into a List

isAllowed

protected boolean isAllowed(javax.servlet.http.HttpServletRequest request,
                            Object action)

Determines if the request should be allowed for the action

Parameters:: request - The request; action - The action object
Returns:: True if allowed, false otherwise

handleRejection

protected String handleRejection(ActionInvocation invocation,
                                 javax.servlet.http.HttpServletResponse response)
                          throws Exception

Handles a rejection by sending a 403 HTTP error

Parameters:: invocation - The invocation
Returns:: The result code
Throws:: Exception