Class ParameterFilterInterceptor
java.lang.Object
com.opensymphony.xwork2.interceptor.AbstractInterceptor
com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor
- All Implemented Interfaces:
ConditionalInterceptor
,Interceptor
,Serializable
Deprecated.
The Parameter Filter Interceptor blocks parameters from getting
to the rest of the stack or your action. You can use multiple
parameter filter interceptors for a given action, so, for example,
you could use one in your default stack that filtered parameters
you wanted blocked from every action and those you wanted blocked
from an individual action you could add an additional interceptor
for each action.
- allowed - a comma delimited list of parameter prefixes that are allowed to pass to the action
- blocked - a comma delimited list of parameter prefixes that are not allowed to pass to the action
- defaultBlock - boolean (default to false) whether by default a given parameter is blocked. If true, then a parameter must have a prefix in the allowed list in order to be able to pass to the action
The way parameters are filtered for the least configuration is that if a string is in the allowed or blocked lists, then any parameter that is a member of the object represented by the parameter is allowed or blocked respectively.
For example, if the parameters are:
- blocked: person,person.address.createDate,personDao
- allowed: person.address
- defaultBlock: false
The parameters person.name, person.phoneNum etc would be blocked because 'person' is in the blocked list. However, person.address.street and person.address.city would be allowed because person.address is in the allowed list (the longer string determines permissions).
There are no known extension points to this interceptor.<interceptors> ... <interceptor name="parameterFilter" class="com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor"/> ... </interceptors> <action ....> ... <interceptor-ref name="parameterFilter"> <param name="blocked">person,person.address.createDate,personDao</param> </interceptor-ref> ... </action>
- Author:
- Gabe
- See Also:
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionDeprecated.Deprecated.intercept
(ActionInvocation invocation) Deprecated.Override to handle interceptionboolean
Deprecated.void
setAllowed
(String allowed) Deprecated.void
setAllowedCollection
(Collection<String> allowed) Deprecated.void
setBlocked
(String blocked) Deprecated.void
setBlockedCollection
(Collection<String> blocked) Deprecated.void
setDefaultBlock
(boolean defaultExclude) Deprecated.Methods inherited from class com.opensymphony.xwork2.interceptor.AbstractInterceptor
destroy, init, setDisabled, shouldIntercept
-
Constructor Details
-
ParameterFilterInterceptor
public ParameterFilterInterceptor()Deprecated.
-
-
Method Details
-
intercept
Deprecated.Description copied from class:AbstractInterceptor
Override to handle interception- Specified by:
intercept
in interfaceInterceptor
- Specified by:
intercept
in classAbstractInterceptor
- Parameters:
invocation
- the action invocation- Returns:
- the return code, either returned from
ActionInvocation.invoke()
, or from the interceptor itself. - Throws:
Exception
- any system-level error, as defined inAction.execute()
.
-
isDefaultBlock
public boolean isDefaultBlock()Deprecated.- Returns:
- Returns the defaultBlock.
-
setDefaultBlock
public void setDefaultBlock(boolean defaultExclude) Deprecated.- Parameters:
defaultExclude
- The defaultExclude to set.
-
getBlockedCollection
Deprecated.- Returns:
- Returns the blocked.
-
setBlockedCollection
Deprecated.- Parameters:
blocked
- The blocked to set.
-
setBlocked
Deprecated.- Parameters:
blocked
- The blocked paramters as comma separated String.
-
getAllowedCollection
Deprecated.- Returns:
- Returns the allowed.
-
setAllowedCollection
Deprecated.- Parameters:
allowed
- The allowed to set.
-
setAllowed
Deprecated.- Parameters:
allowed
- The allowed paramters as comma separated String.
-
ParametersInterceptor
.