Fork me on GitHub
Edit on GitHub << back to Interceptors

Roles Interceptor

This interceptor ensures that the action will only be executed if the user has the correct role.


When both allowedRoles and disallowedRoles are configured, then disallowedRoles takes precedence, applying the following logic:

  (if ((inRole(role1) || inRole(role2) || ... inRole(roleN)) &&
       !inRole(roleA) && !inRole(roleB) && ... !inRole(roleZ))
  { //permit ...


  <!-- only allows the admin and member roles -->
  <action name="someAction" class="com.examples.SomeAction">
      <interceptor-ref name="completeStack"/>
      <interceptor-ref name="roles">
        <param name="allowedRoles">admin,member</param>
      <result name="success">good_result.ftl</result>