com.opensymphony.xwork2.interceptor: public class: ParameterFilterInterceptor

com.opensymphony.xwork2.interceptor
public class: ParameterFilterInterceptor [javadoc | source]

java.lang.Object
   com.opensymphony.xwork2.interceptor.AbstractInterceptor
      com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor

All Implemented Interfaces:
Interceptor

The Parameter Filter Interceptor blocks parameters from getting to the rest of the stack or your action. You can use multiple parameter filter interceptors for a given action, so, for example, you could use one in your default stack that filtered parameters you wanted blocked from every action and those you wanted blocked from an individual action you could add an additional interceptor for each action.

allowed - a comma delimited list of parameter prefixes that are allowed to pass to the action
blocked - a comma delimited list of parameter prefixes that are not allowed to pass to the action
defaultBlock - boolean (default to false) whether by default a given parameter is blocked. If true, then a parameter must have a prefix in the allowed list in order to be able to pass to the action

The way parameters are filtered for the least configuration is that if a string is in the allowed or blocked lists, then any parameter that is a member of the object represented by the parameter is allowed or blocked respectively.

For example, if the parameters are:

blocked: person,person.address.createDate,personDao
allowed: person.address
defaultBlock: false

The parameters person.name, person.phoneNum etc would be blocked because 'person' is in the blocked list. However, person.address.street and person.address.city would be allowed because person.address is in the allowed list (the longer string determines permissions).

There are no known extension points to this interceptor.


<interceptors>
  ...
  <interceptor name="parameterFilter" class="com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor"/>
  ...
</interceptors>

<action ....>
  ...
  <interceptor-ref name="parameterFilter">
    <param name="blocked">person,person.address.createDate,personDao</param>
  </interceptor-ref>
  ...
</action>

author: Gabe -

Method from com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor Summary:
getAllowedCollection, getBlockedCollection, intercept, isDefaultBlock, setAllowed, setAllowedCollection, setBlocked, setBlockedCollection, setDefaultBlock

Methods from com.opensymphony.xwork2.interceptor.AbstractInterceptor:
destroy, init, intercept

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor Detail:
public Collection<String> getAllowedCollection() { return allowed; }
public Collection<String> getBlockedCollection() { return blocked; }
public String intercept(ActionInvocation invocation) throws Exception { Map< String, Object > parameters = invocation.getInvocationContext().getParameters(); HashSet< String > paramsToRemove = new HashSet< String >(); Map< String, Boolean > includesExcludesMap = getIncludesExcludesMap(); for (Object o : parameters.keySet()) { String param = o.toString(); boolean currentAllowed = !isDefaultBlock(); boolean foundApplicableRule = false; for (Object o1 : includesExcludesMap.keySet()) { String currRule = (String) o1; if (param.startsWith(currRule) && (param.length() == currRule.length() \|\| isPropSeperator(param.charAt(currRule.length())))) { currentAllowed = includesExcludesMap.get(currRule).booleanValue(); } else { if (foundApplicableRule) { foundApplicableRule = false; break; } } } if (!currentAllowed) { paramsToRemove.add(param); } } if (LOG.isDebugEnabled()) { LOG.debug("Params to remove: " + paramsToRemove); } for (Object aParamsToRemove : paramsToRemove) { parameters.remove(aParamsToRemove); } return invocation.invoke(); }
public boolean isDefaultBlock() { return defaultBlock; }
public void setAllowed(String allowed) { setAllowedCollection(asCollection(allowed)); }
public void setAllowedCollection(Collection<String> allowed) { this.allowed = allowed; }
public void setBlocked(String blocked) { setBlockedCollection(asCollection(blocked)); }
public void setBlockedCollection(Collection<String> blocked) { this.blocked = blocked; }
public void setDefaultBlock(boolean defaultExclude) { this.defaultBlock = defaultExclude; }