layout: default title: Parameter Filter Interceptor parent: title: Interceptors url: interceptors.html ——

Parameter Filter Interceptor

The Parameter Filter Interceptor blocks parameters from getting to the rest of the stack or your action. You can use multiple parameter filter interceptors for a given action, so, for example, you could use one in your default stack that filtered parameters you wanted blocked from every action and those you wanted blocked from an individual action you could add an additional interceptor for each action.

Parameters

The way parameters are filtered for the least configuration is that if a string is in the allowed or blocked lists, then any parameter that is a member of the object represented by the parameter is allowed or blocked respectively.

For example, if the parameters are:

The parameters person.name, person.phoneNum etc would be blocked because person is in the blocked list. However, person.address.street and person.address.city would be allowed because person.address is in the allowed list (the longer string determines permissions).

Example

<interceptors>
    ... 
    <interceptor name="parameterFilter" class="com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor"/>
    ... 
</interceptors>

<action ....> 
     ... 
     <interceptor-ref name="parameterFilter"> 
          <param name="blocked">person,person.address.createDate,personDao</param> 
     </interceptor-ref> 
     ... 
</action>