org.apache.struts2.interceptor
Class RolesInterceptor

java.lang.Object
  extended by com.opensymphony.xwork2.interceptor.AbstractInterceptor
      extended by org.apache.struts2.interceptor.RolesInterceptor
All Implemented Interfaces:
Interceptor, Serializable

public class RolesInterceptor
extends AbstractInterceptor

This interceptor ensures that the action will only be executed if the user has the correct role.

Interceptor parameters:

There are two extensions to the existing interceptor:
  <!-- START SNIPPET: example -->
  <!-- only allows the admin and member roles -->
  <action name="someAction" class="com.examples.SomeAction">
      <interceptor-ref name="completeStack"/>
      <interceptor-ref name="roles">
        <param name="allowedRoles">admin,member</param>
      </interceptor-ref>
      <result name="success">good_result.ftl</result>
  </action>
  <!-- END SNIPPET: example -->
 

See Also:
Serialized Form

Field Summary
private  List<String> allowedRoles
           
private  List<String> disallowedRoles
           
 
Constructor Summary
RolesInterceptor()
           
 
Method Summary
protected  String handleRejection(ActionInvocation invocation, HttpServletResponse response)
          Handles a rejection by sending a 403 HTTP error
 String intercept(ActionInvocation invocation)
          Override to handle interception
protected  boolean isAllowed(HttpServletRequest request, Object action)
          Determines if the request should be allowed for the action
 void setAllowedRoles(String roles)
           
 void setDisallowedRoles(String roles)
           
protected  List<String> stringToList(String val)
          Splits a string into a List
 
Methods inherited from class com.opensymphony.xwork2.interceptor.AbstractInterceptor
destroy, init
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

allowedRoles

private List<String> allowedRoles

disallowedRoles

private List<String> disallowedRoles
Constructor Detail

RolesInterceptor

public RolesInterceptor()
Method Detail

setAllowedRoles

public void setAllowedRoles(String roles)

setDisallowedRoles

public void setDisallowedRoles(String roles)

intercept

public String intercept(ActionInvocation invocation)
                 throws Exception
Description copied from class: AbstractInterceptor
Override to handle interception

Specified by:
intercept in interface Interceptor
Specified by:
intercept in class AbstractInterceptor
Returns:
the return code, either returned from ActionInvocation.invoke(), or from the interceptor itself.
Throws:
Exception - any system-level error, as defined in Action.execute().

stringToList

protected List<String> stringToList(String val)
Splits a string into a List


isAllowed

protected boolean isAllowed(HttpServletRequest request,
                            Object action)
Determines if the request should be allowed for the action

Parameters:
request - The request
action - The action object
Returns:
True if allowed, false otherwise

handleRejection

protected String handleRejection(ActionInvocation invocation,
                                 HttpServletResponse response)
                          throws Exception
Handles a rejection by sending a 403 HTTP error

Parameters:
invocation - The invocation
Returns:
The result code
Throws:
Exception


Copyright © 2000-2008 Apache Software Foundation. All Rights Reserved.