RolesInterceptor

概述

软件包

类

使用

树

已过时

索引

帮助

上一个类 下一个类

框架 无框架

摘要：嵌套 | 字段 | 构造方法 | 方法

详细信息：字段 | 构造方法 | 方法

org.apache.struts2.interceptor
类 RolesInterceptor

java.lang.Object
  com.opensymphony.xwork2.interceptor.AbstractInterceptor
      org.apache.struts2.interceptor.RolesInterceptor

所有已实现的接口：: com.opensymphony.xwork2.interceptor.Interceptor, Serializable

public class RolesInterceptor
extends com.opensymphony.xwork2.interceptor.AbstractInterceptor
extends com.opensymphony.xwork2.interceptor.AbstractInterceptor

This interceptor ensures that the action will only be executed if the user has the correct role.

Interceptor parameters:

allowedRoles - a comma-separated list of roles to allow
disallowedRoles - a comma-separated list of roles to disallow

When both allowedRoles and disallowedRoles are configured, then disallowedRoles takes precedence, applying the following logic: (if ((inRole(role1) || inRole(role2) || ... inRole(roleN)) && !inRole(roleA) && !inRole(roleB) && ... !inRole(roleZ)) { //permit ...

There are three extensions to the existing interceptor:

isAllowed(HttpServletRequest,Object) - whether or not to allow the passed action execution with this request
handleRejection(ActionInvocation) - handles an unauthorized request.
areRolesValid(List roles) - allows subclasses to lookup roles to ensure they are valid. If not valid, RolesInterceptor will log the error and cease to function. This helps prevent security misconfiguration flaws.

  <!-- START SNIPPET: example -->
  <!-- only allows the admin and member roles -->
  <action name="someAction" class="com.examples.SomeAction">
      <interceptor-ref name="completeStack"/>
      <interceptor-ref name="roles">
        <param name="allowedRoles">admin,member</param>
      </interceptor-ref>
      <result name="success">good_result.ftl</result>
  </action>
  <!-- END SNIPPET: example -->

另请参见：: 序列化表格

构造方法摘要
`RolesInterceptor()`

方法摘要
`String`	`intercept(com.opensymphony.xwork2.ActionInvocation invocation)`
`void`	`setAllowedRoles(String roles)`
`void`	`setDisallowedRoles(String roles)`

从类 com.opensymphony.xwork2.interceptor.AbstractInterceptor 继承的方法
`destroy, init`

从类 java.lang.Object 继承的方法
`equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait`

构造方法详细信息

RolesInterceptor

public RolesInterceptor()

方法详细信息

setAllowedRoles

public void setAllowedRoles(String roles)

setDisallowedRoles

public void setDisallowedRoles(String roles)

intercept

public String intercept(com.opensymphony.xwork2.ActionInvocation invocation)
                 throws Exception

指定者：: 接口 com.opensymphony.xwork2.interceptor.Interceptor 中的 intercept
指定者：: 类 com.opensymphony.xwork2.interceptor.AbstractInterceptor 中的 intercept