Class ParameterFilterInterceptor

java.lang.Object
com.opensymphony.xwork2.interceptor.AbstractInterceptor
com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor
All Implemented Interfaces:
ConditionalInterceptor, Interceptor, Serializable

@Deprecated public class ParameterFilterInterceptor extends AbstractInterceptor
Deprecated.
since 6.4.0, use ParametersInterceptor.
The Parameter Filter Interceptor blocks parameters from getting to the rest of the stack or your action. You can use multiple parameter filter interceptors for a given action, so, for example, you could use one in your default stack that filtered parameters you wanted blocked from every action and those you wanted blocked from an individual action you could add an additional interceptor for each action.
  • allowed - a comma delimited list of parameter prefixes that are allowed to pass to the action
  • blocked - a comma delimited list of parameter prefixes that are not allowed to pass to the action
  • defaultBlock - boolean (default to false) whether by default a given parameter is blocked. If true, then a parameter must have a prefix in the allowed list in order to be able to pass to the action

The way parameters are filtered for the least configuration is that if a string is in the allowed or blocked lists, then any parameter that is a member of the object represented by the parameter is allowed or blocked respectively.

For example, if the parameters are:

  • blocked: person,person.address.createDate,personDao
  • allowed: person.address
  • defaultBlock: false

The parameters person.name, person.phoneNum etc would be blocked because 'person' is in the blocked list. However, person.address.street and person.address.city would be allowed because person.address is in the allowed list (the longer string determines permissions).

There are no known extension points to this interceptor.
 
 <interceptors>
   ...
   <interceptor name="parameterFilter" class="com.opensymphony.xwork2.interceptor.ParameterFilterInterceptor"/>
   ...
 </interceptors>

 <action ....>
   ...
   <interceptor-ref name="parameterFilter">
     <param name="blocked">person,person.address.createDate,personDao</param>
   </interceptor-ref>
   ...
 </action>
 
 
Author:
Gabe
See Also:
  • Constructor Details

    • ParameterFilterInterceptor

      public ParameterFilterInterceptor()
      Deprecated.
  • Method Details

    • intercept

      public String intercept(ActionInvocation invocation) throws Exception
      Deprecated.
      Description copied from class: AbstractInterceptor
      Override to handle interception
      Specified by:
      intercept in interface Interceptor
      Specified by:
      intercept in class AbstractInterceptor
      Parameters:
      invocation - the action invocation
      Returns:
      the return code, either returned from ActionInvocation.invoke(), or from the interceptor itself.
      Throws:
      Exception - any system-level error, as defined in Action.execute().
    • isDefaultBlock

      public boolean isDefaultBlock()
      Deprecated.
      Returns:
      Returns the defaultBlock.
    • setDefaultBlock

      public void setDefaultBlock(boolean defaultExclude)
      Deprecated.
      Parameters:
      defaultExclude - The defaultExclude to set.
    • getBlockedCollection

      public Collection<String> getBlockedCollection()
      Deprecated.
      Returns:
      Returns the blocked.
    • setBlockedCollection

      public void setBlockedCollection(Collection<String> blocked)
      Deprecated.
      Parameters:
      blocked - The blocked to set.
    • setBlocked

      public void setBlocked(String blocked)
      Deprecated.
      Parameters:
      blocked - The blocked paramters as comma separated String.
    • getAllowedCollection

      public Collection<String> getAllowedCollection()
      Deprecated.
      Returns:
      Returns the allowed.
    • setAllowedCollection

      public void setAllowedCollection(Collection<String> allowed)
      Deprecated.
      Parameters:
      allowed - The allowed to set.
    • setAllowed

      public void setAllowed(String allowed)
      Deprecated.
      Parameters:
      allowed - The allowed paramters as comma separated String.