public class ParameterFilterInterceptor extends AbstractInterceptor
The way parameters are filtered for the least configuration is that if a string is in the allowed or blocked lists, then any parameter that is a member of the object represented by the parameter is allowed or blocked respectively.
For example, if the parameters are:
The parameters person.name, person.phoneNum etc would be blocked because 'person' is in the blocked list. However, person.address.street and person.address.city would be allowed because person.address is in the allowed list (the longer string determines permissions).
There are no known extension points to this interceptor.<interceptors> ... <interceptor name="parameterFilter" class="com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor"/> ... </interceptors> <action ....> ... <interceptor-ref name="parameterFilter"> <param name="blocked">person,person.address.createDate,personDao</param> </interceptor-ref> ... </action>
Constructor and Description |
---|
ParameterFilterInterceptor() |
Modifier and Type | Method and Description |
---|---|
Collection<String> |
getAllowedCollection() |
Collection<String> |
getBlockedCollection() |
String |
intercept(ActionInvocation invocation)
Override to handle interception
|
boolean |
isDefaultBlock() |
void |
setAllowed(String allowed) |
void |
setAllowedCollection(Collection<String> allowed) |
void |
setBlocked(String blocked) |
void |
setBlockedCollection(Collection<String> blocked) |
void |
setDefaultBlock(boolean defaultExclude) |
destroy, init
public String intercept(ActionInvocation invocation) throws Exception
AbstractInterceptor
intercept
in interface Interceptor
intercept
in class AbstractInterceptor
invocation
- the action invocationActionInvocation.invoke()
, or from the interceptor itself.Exception
- any system-level error, as defined in Action.execute()
.public boolean isDefaultBlock()
public void setDefaultBlock(boolean defaultExclude)
defaultExclude
- The defaultExclude to set.public Collection<String> getBlockedCollection()
public void setBlockedCollection(Collection<String> blocked)
blocked
- The blocked to set.public void setBlocked(String blocked)
blocked
- The blocked paramters as comma separated String.public Collection<String> getAllowedCollection()
public void setAllowedCollection(Collection<String> allowed)
allowed
- The allowed to set.public void setAllowed(String allowed)
allowed
- The allowed paramters as comma separated String.Copyright © 2000–2020 Apache Software Foundation. All rights reserved.