org.codehaus.waffle.action.intercept
Class SecurityMethodInterceptor

java.lang.Object
  extended by org.codehaus.waffle.action.intercept.SecurityMethodInterceptor
All Implemented Interfaces:
MethodInterceptor

public class SecurityMethodInterceptor
extends java.lang.Object
implements MethodInterceptor

This interceptor ensure that only ActionMethod annotated methods are invokable as Actions. Usage of this will help protect your application against malicious attacks.

Author:
Micheal Ward

Constructor Summary
SecurityMethodInterceptor()
           
SecurityMethodInterceptor(MessageResources messageResources)
           
 
Method Summary
 boolean accept(java.lang.reflect.Method actionMethod)
          Will always return true (intercepts ALL action methods) Determines if the implementation should intercept the call to the Action Method.
 java.lang.Object intercept(ControllerDefinition controllerDefinition, java.lang.reflect.Method method, InterceptorChain chain, java.lang.Object... arguments)
           Ensure that the action method to be invoked is annotated with the ActionMethod annotation.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SecurityMethodInterceptor

public SecurityMethodInterceptor()

SecurityMethodInterceptor

public SecurityMethodInterceptor(MessageResources messageResources)
Method Detail

accept

public boolean accept(java.lang.reflect.Method actionMethod)
Will always return true (intercepts ALL action methods) Determines if the implementation should intercept the call to the Action Method.

Specified by:
accept in interface MethodInterceptor
Parameters:
actionMethod - is the action method that is to be invoked (or intercepted)
Returns:
true if this should intercept the invocation

intercept

public java.lang.Object intercept(ControllerDefinition controllerDefinition,
                                  java.lang.reflect.Method method,
                                  InterceptorChain chain,
                                  java.lang.Object... arguments)
                           throws java.lang.IllegalAccessException,
                                  java.lang.reflect.InvocationTargetException

Ensure that the action method to be invoked is annotated with the ActionMethod annotation. If no annotation is present a ActionMethodInvocationException will be thrown.

This method allows an ActionMethod call to be intercepted. To continue onto the next MethodInterceptor, or ActionMethod, the implementation should call InterceptorChain.proceed(ControllerDefinition, Method, Object[]).

Specified by:
intercept in interface MethodInterceptor
Parameters:
controllerDefinition - the controller definition instance which owns the action method being invoked
method - the actual action method to be invoked
chain - is the InterceptorChain managing the method interceptors
arguments - are the argument values to satisfy the action method invocation
Returns:
the result from the action method's invocation, or result from this or another MethodInterceptor
Throws:
java.lang.IllegalAccessException
java.lang.reflect.InvocationTargetException


Copyright © 2008. All Rights Reserved.