org.apache.struts2.interceptor
Class RolesInterceptor

java.lang.Object
  extended by com.opensymphony.xwork2.interceptor.AbstractInterceptor
      extended by org.apache.struts2.interceptor.RolesInterceptor
All Implemented Interfaces:
Interceptor, java.io.Serializable

public class RolesInterceptor
extends AbstractInterceptor

This interceptor ensures that the action will only be executed if the user has the correct role.

Interceptor parameters:

There are two extensions to the existing interceptor:
  <!-- START SNIPPET: example -->
  <!-- only allows the admin and member roles -->
  <action name="someAction" class="com.examples.SomeAction">
      <interceptor-ref name="completeStack"/>
      <interceptor-ref name="roles">
        <param name="allowedRoles">admin,member</param>
      </interceptor-ref>
      <result name="success">good_result.ftl</result>
  </action>
  <!-- END SNIPPET: example -->
 

See Also:
Serialized Form

Constructor Summary
RolesInterceptor()
           
 
Method Summary
protected  java.lang.String handleRejection(ActionInvocation invocation, javax.servlet.http.HttpServletResponse response)
          Handles a rejection by sending a 403 HTTP error
 java.lang.String intercept(ActionInvocation invocation)
           
protected  boolean isAllowed(javax.servlet.http.HttpServletRequest request, java.lang.Object action)
          Determines if the request should be allowed for the action
 void setAllowedRoles(java.lang.String roles)
           
 void setDisallowedRoles(java.lang.String roles)
           
protected  java.util.List<java.lang.String> stringToList(java.lang.String val)
          Splits a string into a List
 
Methods inherited from class com.opensymphony.xwork2.interceptor.AbstractInterceptor
destroy, init
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

RolesInterceptor

public RolesInterceptor()
Method Detail

setAllowedRoles

public void setAllowedRoles(java.lang.String roles)

setDisallowedRoles

public void setDisallowedRoles(java.lang.String roles)

intercept

public java.lang.String intercept(ActionInvocation invocation)
                           throws java.lang.Exception
Specified by:
intercept in interface Interceptor
Specified by:
intercept in class AbstractInterceptor
Throws:
java.lang.Exception

stringToList

protected java.util.List<java.lang.String> stringToList(java.lang.String val)
Splits a string into a List


isAllowed

protected boolean isAllowed(javax.servlet.http.HttpServletRequest request,
                            java.lang.Object action)
Determines if the request should be allowed for the action

Parameters:
request - The request
action - The action object
Returns:
True if allowed, false otherwise

handleRejection

protected java.lang.String handleRejection(ActionInvocation invocation,
                                           javax.servlet.http.HttpServletResponse response)
                                    throws java.lang.Exception
Handles a rejection by sending a 403 HTTP error

Parameters:
invocation - The invocation
Returns:
The result code
Throws:
java.lang.Exception


Copyright © 2000-2011 Apache Software Foundation. All Rights Reserved.