com.opensymphony.xwork2.interceptor
Class ParameterFilterInterceptor
java.lang.Object
com.opensymphony.xwork2.interceptor.AbstractInterceptor
com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor
- All Implemented Interfaces:
- Interceptor, Serializable
public class ParameterFilterInterceptor
- extends AbstractInterceptor
The Parameter Filter Interceptor blocks parameters from getting
to the rest of the stack or your action. You can use multiple
parameter filter interceptors for a given action, so, for example,
you could use one in your default stack that filtered parameters
you wanted blocked from every action and those you wanted blocked
from an individual action you could add an additional interceptor
for each action.
- allowed - a comma delimited list of parameter prefixes
that are allowed to pass to the action
- blocked - a comma delimited list of parameter prefixes
that are not allowed to pass to the action
- defaultBlock - boolean (default to false) whether by
default a given parameter is blocked. If true, then a parameter
must have a prefix in the allowed list in order to be able
to pass to the action
The way parameters are filtered for the least configuration is that
if a string is in the allowed or blocked lists, then any parameter
that is a member of the object represented by the parameter is allowed
or blocked respectively.
For example, if the parameters are:
- blocked: person,person.address.createDate,personDao
- allowed: person.address
- defaultBlock: false
The parameters person.name, person.phoneNum etc would be blocked
because 'person' is in the blocked list. However, person.address.street
and person.address.city would be allowed because person.address is
in the allowed list (the longer string determines permissions).
There are no known extension points to this interceptor.
<interceptors>
...
<interceptor name="parameterFilter" class="com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor"/>
...
</interceptors>
<action ....>
...
<interceptor-ref name="parameterFilter">
<param name="blocked">person,person.address.createDate,personDao</param>
</interceptor-ref>
...
</action>
- Author:
- Gabe
- See Also:
- Serialized Form
| Methods inherited from class java.lang.Object |
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
ParameterFilterInterceptor
public ParameterFilterInterceptor()
intercept
public String intercept(ActionInvocation invocation)
throws Exception
- Description copied from class:
AbstractInterceptor
- Override to handle interception
- Specified by:
intercept in interface Interceptor- Specified by:
intercept in class AbstractInterceptor
- Parameters:
invocation - the action invocation
- Returns:
- the return code, either returned from
ActionInvocation.invoke(), or from the interceptor itself.
- Throws:
Exception - any system-level error, as defined in Action.execute().
isDefaultBlock
public boolean isDefaultBlock()
- Returns:
- Returns the defaultBlock.
setDefaultBlock
public void setDefaultBlock(boolean defaultExclude)
- Parameters:
defaultExclude - The defaultExclude to set.
getBlockedCollection
public Collection<String> getBlockedCollection()
- Returns:
- Returns the blocked.
setBlockedCollection
public void setBlockedCollection(Collection<String> blocked)
- Parameters:
blocked - The blocked to set.
setBlocked
public void setBlocked(String blocked)
- Parameters:
blocked - The blocked paramters as comma separated String.
getAllowedCollection
public Collection<String> getAllowedCollection()
- Returns:
- Returns the allowed.
setAllowedCollection
public void setAllowedCollection(Collection<String> allowed)
- Parameters:
allowed - The allowed to set.
setAllowed
public void setAllowed(String allowed)
- Parameters:
allowed - The allowed paramters as comma separated String.
Copyright © 2009 OpenSymphony. All Rights Reserved.