FileDocCategorySizeDatePackage
RolesInterceptor.javaAPI DocExample5258Mon Jul 23 13:26:52 BST 2007org.apache.struts2.interceptor

RolesInterceptor

public class RolesInterceptor extends com.opensymphony.xwork2.interceptor.AbstractInterceptor
This interceptor ensures that the action will only be executed if the user has the correct role.

Interceptor parameters:

  • allowedRoles - a comma-separated list of roles to allow
  • disallowedRoles - a comma-separated list of roles to disallow
There are two extensions to the existing interceptor:
  • isAllowed(HttpServletRequest,Object) - whether or not to allow the passed action execution with this request
  • handleRejection(ActionInvocation) - handles an unauthorized request.
<!-- START SNIPPET: example -->
<!-- only allows the admin and member roles -->
<action name="someAction" class="com.examples.SomeAction">
<interceptor-ref name="completeStack"/>
<interceptor-ref name="roles">
<param name="allowedRoles">admin,member</param>
</interceptor-ref>
<result name="success">good_result.ftl</result>
</action>
<!-- END SNIPPET: example -->

Fields Summary
private List
allowedRoles
private List
disallowedRoles
Constructors Summary
Methods Summary
protected java.lang.StringhandleRejection(com.opensymphony.xwork2.ActionInvocation invocation, javax.servlet.http.HttpServletResponse response)
Handles a rejection by sending a 403 HTTP error

param
invocation The invocation
return
The result code
throws
Exception

        response.sendError(HttpServletResponse.SC_FORBIDDEN);
        return null;
public java.lang.Stringintercept(com.opensymphony.xwork2.ActionInvocation invocation)

        HttpServletRequest request = ServletActionContext.getRequest();
        HttpServletResponse response = ServletActionContext.getResponse();
        String result = null;
        if (!isAllowed(request, invocation.getAction())) {
            result = handleRejection(invocation, response);
        } else {
            result = invocation.invoke();
        }
        return result;
protected booleanisAllowed(javax.servlet.http.HttpServletRequest request, java.lang.Object action)
Determines if the request should be allowed for the action

param
request The request
param
action The action object
return
True if allowed, false otherwise

        if (allowedRoles.size() > 0) {
            boolean result = false;
            for (String role : allowedRoles) {
                if (request.isUserInRole(role)) {
                    result = true;
                }
            }
            return result;
        } else if (disallowedRoles.size() > 0) {
            for (String role : disallowedRoles) {
                if (request.isUserInRole(role)) {
                    return false;
                }
            }
        }
        return true;
public voidsetAllowedRoles(java.lang.String roles)


        
        this.allowedRoles = stringToList(roles);
public voidsetDisallowedRoles(java.lang.String roles)

        this.disallowedRoles = stringToList(roles);
protected java.util.ListstringToList(java.lang.String val)
Splits a string into a List

        if (val != null) {
            String[] list = val.split("[ ]*,[ ]*");
            return Arrays.asList(list);
        } else {
            return Collections.EMPTY_LIST;
        }