The default Interceptor stack is designed to serve the needs of most applications. Most applications willnot needto add Interceptors or change the Interceptor stack.
Many Actions share common concerns. Some Actions need input validated. Other Actions may need a file uploadto be pre-processed. Another Action might need protection from a double submit. Many Actions need drop-down listsand other controls pre-populated before the page displays.
The framework makes it easy to share solutions to these concerns using an “Interceptor” strategy. When you requesta resource that maps to an “action”, the framework invokes the Action object. But, before the Action is executed,the invocation can be intercepted by another object. After the Action executes, the invocation could be interceptedagain. Unsurprisingly, we call these objects “Interceptors.”
Interceptors can execute code before and after an Action is invoked. Most of the framework’s core functionality isimplemented as Interceptors. Features like double-submit guards, type conversion, object population, validation,file upload, page preparation, and more, are all implemented with the help of Interceptors. Each and every Interceptoris pluggable, so you can decide exactly which features an Action needs to support.
Interceptors can be configured on a per-action basis. Your own custom Interceptors can be mixed-and-matched withthe Interceptors bundled with the framework. Interceptors “set the stage” for the Action classes, doing much ofthe “heavy lifting” before the Action executes.
Action Lifecycle
In some cases, an Interceptor might keep an Action from firing, because of a double-submit or because validation failed.Interceptors can also change the state of an Action before it executes.
The Interceptors are defined in a stack that specifies the execution order. In some cases, the order of the Interceptorson the stack can be very important.
struts.xml
<packagename="default"extends="struts-default"><interceptors><interceptorname="timer"class=".."/><interceptorname="logger"class=".."/></interceptors><actionname="login"class="tutorial.Login"><interceptor-refname="timer"/><interceptor-refname="logger"/><resultname="input">login.jsp</result><resultname="success"type="redirectAction">/secure/home</result></action></package>With most web applications, we find ourselves wanting to apply the same set of Interceptors over and over again. Ratherthan reiterate the same list of Interceptors, we can bundle these Interceptors together using an Interceptor Stack.
struts.xml
<packagename="default"extends="struts-default"><interceptors><interceptorname="timer"class=".."/><interceptorname="logger"class=".."/><interceptor-stackname="myStack"><interceptor-refname="timer"/><interceptor-refname="logger"/></interceptor-stack></interceptors><actionname="login"class="tutuorial.Login"><interceptor-refname="myStack"/><resultname="input">login.jsp</result><resultname="success"type="redirectAction">/secure/home</result></action></package>Looking insidestruts-default.xml, we can see how it’s done.
<?xml version="1.0" encoding="UTF-8" ?><!--/* * Licensed to the Apache Software Foundation (ASF) under one * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */--><!DOCTYPE struts PUBLIC "-//Apache Software Foundation//DTD Struts Configuration 6.0//EN" "https://struts.apache.org/dtds/struts-6.0.dtd"><struts><includefile="struts-excluded-classes.xml"/><includefile="struts-beans.xml"/><packagename="struts-default"abstract="true"><result-types><result-typename="chain"class="org.apache.struts2.result.ActionChainResult"/><result-typename="dispatcher"class="org.apache.struts2.result.ServletDispatcherResult"default="true"/><result-typename="freemarker"class="org.apache.struts2.views.freemarker.FreemarkerResult"/><result-typename="httpheader"class="org.apache.struts2.result.HttpHeaderResult"/><result-typename="redirect"class="org.apache.struts2.result.ServletRedirectResult"/><result-typename="redirectAction"class="org.apache.struts2.result.ServletActionRedirectResult"/><result-typename="stream"class="org.apache.struts2.result.StreamResult"/><result-typename="plainText"class="org.apache.struts2.result.PlainTextResult"/><result-typename="postback"class="org.apache.struts2.result.PostbackResult"/></result-types><interceptors><interceptorname="alias"class="org.apache.struts2.interceptor.AliasInterceptor"/><interceptorname="chain"class="org.apache.struts2.interceptor.ChainingInterceptor"/><interceptorname="coep"class="org.apache.struts2.interceptor.CoepInterceptor"/><interceptorname="conversionError"class="org.apache.struts2.interceptor.StrutsConversionErrorInterceptor"/><interceptorname="cookie"class="org.apache.struts2.interceptor.CookieInterceptor"/><interceptorname="cookieProvider"class="org.apache.struts2.interceptor.CookieProviderInterceptor"/><interceptorname="clearSession"class="org.apache.struts2.interceptor.ClearSessionInterceptor"/><interceptorname="coop"class="org.apache.struts2.interceptor.CoopInterceptor"/><interceptorname="createSession"class="org.apache.struts2.interceptor.CreateSessionInterceptor"/><interceptorname="csp"class="org.apache.struts2.interceptor.csp.CspInterceptor"/><interceptorname="debugging"class="org.apache.struts2.interceptor.debugging.DebuggingInterceptor"/><interceptorname="execAndWait"class="org.apache.struts2.interceptor.ExecuteAndWaitInterceptor"/><interceptorname="exception"class="org.apache.struts2.interceptor.ExceptionMappingInterceptor"/><interceptorname="actionFileUpload"class="org.apache.struts2.interceptor.ActionFileUploadInterceptor"/><interceptorname="i18n"class="org.apache.struts2.interceptor.I18nInterceptor"/><interceptorname="logger"class="org.apache.struts2.interceptor.LoggingInterceptor"/><interceptorname="modelDriven"class="org.apache.struts2.interceptor.ModelDrivenInterceptor"/><interceptorname="scopedModelDriven"class="org.apache.struts2.interceptor.ScopedModelDrivenInterceptor"/><interceptorname="params"class="org.apache.struts2.interceptor.parameter.ParametersInterceptor"/><interceptorname="paramRemover"class="org.apache.struts2.interceptor.ParameterRemoverInterceptor"/><interceptorname="actionMappingParams"class="org.apache.struts2.interceptor.ActionMappingParametersInterceptor"/><interceptorname="prepare"class="org.apache.struts2.interceptor.PrepareInterceptor"/><interceptorname="staticParams"class="org.apache.struts2.interceptor.StaticParametersInterceptor"/><interceptorname="scope"class="org.apache.struts2.interceptor.ScopeInterceptor"/><interceptorname="servletConfig"class="org.apache.struts2.interceptor.ServletConfigInterceptor"/><interceptorname="token"class="org.apache.struts2.interceptor.TokenInterceptor"/><interceptorname="tokenSession"class="org.apache.struts2.interceptor.TokenSessionStoreInterceptor"/><interceptorname="validation"class="org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor"/><interceptorname="workflow"class="org.apache.struts2.interceptor.DefaultWorkflowInterceptor"/><interceptorname="store"class="org.apache.struts2.interceptor.MessageStoreInterceptor"/><interceptorname="checkbox"class="org.apache.struts2.interceptor.CheckboxInterceptor"/><interceptorname="datetime"class="org.apache.struts2.interceptor.DateTextFieldInterceptor"/><interceptorname="roles"class="org.apache.struts2.interceptor.RolesInterceptor"/><interceptorname="annotationWorkflow"class="org.apache.struts2.interceptor.annotations.AnnotationWorkflowInterceptor"/><interceptorname="multiselect"class="org.apache.struts2.interceptor.MultiselectInterceptor"/><interceptorname="noop"class="org.apache.struts2.interceptor.NoOpInterceptor"/><interceptorname="fetchMetadata"class="org.apache.struts2.interceptor.FetchMetadataInterceptor"/><interceptorname="httpMethod"class="org.apache.struts2.interceptor.httpmethod.HttpMethodInterceptor"/><!-- Empty stack - performs no operations --><interceptor-stackname="emptyStack"><interceptor-refname="noop"/></interceptor-stack><!-- Basic stack --><interceptor-stackname="basicStack"><interceptor-refname="exception"/><interceptor-refname="servletConfig"/><interceptor-refname="httpMethod"/><interceptor-refname="prepare"/><interceptor-refname="checkbox"/><interceptor-refname="datetime"/><interceptor-refname="multiselect"/><interceptor-refname="actionMappingParams"/><interceptor-refname="params"/><interceptor-refname="conversionError"/></interceptor-stack><!-- Sample validation and workflow stack --><interceptor-stackname="validationWorkflowStack"><interceptor-refname="basicStack"/><interceptor-refname="validation"/><interceptor-refname="workflow"/></interceptor-stack><!-- Action based file upload stack --><interceptor-stackname="actionFileUploadStack"><interceptor-refname="actionFileUpload"/><interceptor-refname="basicStack"/></interceptor-stack><!-- Sample model-driven stack --><interceptor-stackname="modelDrivenStack"><interceptor-refname="modelDriven"/><interceptor-refname="basicStack"/></interceptor-stack><!-- Sample action chaining stack --><interceptor-stackname="chainStack"><interceptor-refname="chain"/><interceptor-refname="basicStack"/></interceptor-stack><!-- Sample i18n stack --><interceptor-stackname="i18nStack"><interceptor-refname="i18n"/><interceptor-refname="basicStack"/></interceptor-stack><!-- An example of the paramsPrepareParams trick. This stack is exactly the same as the defaultStack, except that it includes one extra interceptor before the prepare interceptor: the params interceptor. This is useful for when you wish to apply parameters directly to an object that you wish to load externally (such as a DAO or database or service layer), but can't load that object until at least the ID parameter has been loaded. By loading the parameters twice, you can retrieve the object in the prepare() method, allowing the second params interceptor to apply the values on the object. --><interceptor-stackname="paramsPrepareParamsStack"><interceptor-refname="exception"/><interceptor-refname="alias"/><interceptor-refname="i18n"/><interceptor-refname="checkbox"/><interceptor-refname="datetime"/><interceptor-refname="multiselect"/><interceptor-refname="params"/><interceptor-refname="servletConfig"/><interceptor-refname="httpMethod"/><interceptor-refname="prepare"/><interceptor-refname="chain"/><interceptor-refname="modelDriven"/><interceptor-refname="actionFileUpload"/><interceptor-refname="staticParams"/><interceptor-refname="actionMappingParams"/><interceptor-refname="params"/><interceptor-refname="conversionError"/><interceptor-refname="validation"><paramname="excludeMethods">input,back,cancel,browse</param></interceptor-ref><interceptor-refname="workflow"><paramname="excludeMethods">input,back,cancel,browse</param></interceptor-ref></interceptor-stack><!-- A complete stack with all the common interceptors in place. Generally, this stack should be the one you use, though it may do more than you need. Also, the ordering can be switched around (ex: if you wish to have your servlet-related objects applied before prepare() is called, you'd need to move servletConfig interceptor up. This stack also excludes from the normal validation and workflow the method names input, back, and cancel. These typically are associated with requests that should not be validated. --><interceptor-stackname="defaultStack"><interceptor-refname="exception"/><interceptor-refname="alias"/><interceptor-refname="servletConfig"/><interceptor-refname="httpMethod"/><interceptor-refname="i18n"/><interceptor-refname="csp"><paramname="disabled">false</param><paramname="enforcingMode">false</param></interceptor-ref><interceptor-refname="prepare"/><interceptor-refname="chain"/><interceptor-refname="scopedModelDriven"/><interceptor-refname="modelDriven"/><interceptor-refname="actionFileUpload"/><interceptor-refname="checkbox"/><interceptor-refname="datetime"/><interceptor-refname="multiselect"/><interceptor-refname="staticParams"/><interceptor-refname="actionMappingParams"/><interceptor-refname="params"/><interceptor-refname="conversionError"/><interceptor-refname="coep"><paramname="disabled">false</param><paramname="enforcingMode">false</param><paramname="exemptedPaths"/></interceptor-ref><interceptor-refname="coop"><paramname="disabled">false</param><paramname="exemptedPaths"/><paramname="mode">same-origin</param></interceptor-ref><interceptor-refname="fetchMetadata"><paramname="disabled">false</param></interceptor-ref><interceptor-refname="validation"><paramname="excludeMethods">input,back,cancel,browse</param></interceptor-ref><interceptor-refname="workflow"><paramname="excludeMethods">input,back,cancel,browse</param></interceptor-ref><interceptor-refname="debugging"/></interceptor-stack><!-- The completeStack is here for backwards compatibility for applications that still refer to the defaultStack by the old name --><interceptor-stackname="completeStack"><interceptor-refname="defaultStack"/></interceptor-stack><!-- Sample execute and wait stack. Note: execAndWait should always be the *last* interceptor. --><interceptor-stackname="executeAndWaitStack"><interceptor-refname="execAndWait"><paramname="excludeMethods">input,back,cancel</param></interceptor-ref><interceptor-refname="defaultStack"/><interceptor-refname="execAndWait"><paramname="excludeMethods">input,back,cancel</param></interceptor-ref></interceptor-stack></interceptors><default-interceptor-refname="defaultStack"/><default-class-refclass="org.apache.struts2.ActionSupport"/><global-allowed-methods>execute,input,back,cancel,browse,save,delete,list,index</global-allowed-methods></package></struts>Since thestruts-default.xml is included in the application’s configuration by default, all the predefinedinterceptors and stacks are available “out of the box”.
Interceptor classes are also defined using a key-value pair specified in the Struts configuration file. The namesspecified below come specified instruts-default.xml. If you extend thestruts-defaultpackage, then you can use the names below. Otherwise, they must be defined in your package with a name-class pairspecified in the<interceptors/> tag.
| Interceptor | Name | Description |
|---|---|---|
| Action File Upload Interceptor | actionFileUpload | Available since Struts 6.4.0: an Interceptor that adds easy access to file upload support. |
| Alias Interceptor | alias | Converts similar parameters that may be named differently between requests. |
| Annotation Parameter Filter Interceptor | annotationParameterFilter | Annotation based version ofParameter Filter Interceptor. |
| Annotation Workflow Interceptor | annotationWorkflow | Invokes any annotated methods on the action. |
| Chaining Interceptor | chain | Makes the previous Action’s properties available to the current Action. Commonly used together with |
| Checckbox Interceptor | checkbox | Adds automatic checkbox handling code that detect an unchecked checkbox and add it as a parameter with a default (usually ‘false’) value. Uses a specially named hidden field to detect unsubmitted checkboxes. The default unchecked value is overridable for non-boolean value’d checkboxes. |
| Cross-Origin Embedder Policy Interceptor | coep | Implements the Cross-Origin Embedder Policy on incoming requests used to protect a document from loading any non-same-origin resources which don’t explicitly grant the document permission to be loaded. |
| Conversion Error Interceptor | conversionError | Adds conversion errors from the ActionContext to the Action’s field errors |
| Cookie Interceptor | cookie | Inject cookie with a certain configurable name / value into action. (Since 2.0.7.) |
| Cookie Provider Interceptor | cookieProvider | Transfer cookies from action to response (Since 2.3.15.) |
| Cross-Origin Opener Policy Interceptor | coop | Implements the Cross-Origin Opener Policy on incoming requests used to isolate resources against side-channel attacks and information leaks. |
| Create Session Interceptor | createSession | Create an HttpSession automatically, useful with certain Interceptors that require a HttpSession to work properly (like the TokenInterceptor) |
| Clear Session Interceptor | clearSession | This interceptor clears the HttpSession. |
| Content Security Policy Interceptor | csp | Adds support for Content Security policy. |
| Debugging Interceptor | debugging | Provides several different debugging screens to provide insight into the data behind the page. |
| Default Workflow Interceptor | workflow | Calls the validate method in your Action class. If Action errors are created then it returns the INPUT view. |
| Exception Interceptor | exception | Maps exceptions to a result. |
| Execute and Wait Interceptor | execAndWait | Executes the Action in the background and then sends the user off to an intermediate waiting page. |
| Fetch Metadata Interceptor | fetchMetadata | Implements the Resource Isolation Policies on incoming requests used to protect against CSRF, XSSI, and cross-origin information leaks. |
| File Upload Interceptor | fileUpload | DEPRECTED since Struts 6.4.0,REMOVED since Struts 7.0.0: an Interceptor that adds easy access to file upload support. |
| I18n Interceptor | i18n | Remembers the locale selected for a user’s session. |
| Logging Interceptor | logger | Outputs the name of the Action. |
| Message Store Interceptor | store | Store and retrieve action messages / errors / field errors for action that implements ValidationAware interface into session. |
| Model Driven Interceptor | modelDriven | If the Action implements ModelDriven, pushes the getModel Result onto the Value Stack. |
| Multiselect Interceptor | multiselect | Like the checkbox interceptor detects that no value was selected for a field with multiple values (like a select) and adds an empty parameter |
| NoOp Interceptor | noop | Does nothing, just passes invocation further, used in empty stack |
| Parameter Filter Interceptor | parameterFilter | Removes parameters from the list of those available to Actions |
| Parameters Interceptor | params | Sets the request parameters onto the Action. |
| Parameter Remover Interceptor | paramRemover | Removes a parameter from parameters map. |
| Prepare Interceptor | prepare | If the Action implements Preparable, calls its prepare method. |
| Roles Interceptor | roles | Action will only be executed if the user has the correct JAAS role. |
| Scope Interceptor | scope | Simple mechanism for storing Action state in the session or application scope. |
| Scoped Model Driven Interceptor | scopedModelDriven | If the Action implements ScopedModelDriven, the interceptor retrieves and stores the model from a scope and sets it on the action calling setModel. |
| Servlet Config Interceptor | servletConfig | Provide access to Maps representing HttpServletRequest and HttpServletResponse. |
| Static Parameters Interceptor | staticParams | Sets the struts.xml defined parameters onto the action. These are the tags that are direct children of the tag. |
| Timer Interceptor | timer | Outputs how long the Action takes to execute (including nested Interceptors and View) |
| Token Interceptor | token | Checks for valid token presence in Action, prevents duplicate form submission. |
| Token Session Interceptor | tokenSession | Same as Token Interceptor, but stores the submitted data in session when handed an invalid token |
| Validation Interceptor | validation | Performs validation using the validators defined inaction -validation.xml |
Since 2.0.7, Interceptors and Results with hyphenated names were converted to camelCase. (The former model-driven isnow modelDriven.) The original hyphenated names are retained as “aliases” until Struts 2.1.0. For clarity,the hyphenated versions are not listed here, but might be referenced in prior versions of the documentation.
MethodFilterInterceptor is an abstractInterceptor used as a base class for interceptors that will filter executionbased on method names according to specified included/excluded method lists.
Settable parameters are as follows:
If method name are available in both includeMethods and excludeMethods, it will be considered as an included method:includeMethods takes precedence over excludeMethods.
Interceptors that extends this capability include:
TokenInterceptorTokenSessionStoreInterceptorDefaultWorkflowInterceptorValidationInterceptorInterceptor’s parameter could be overridden through the following ways :
Method 1:
<actionname="myAction"class="myActionClass"><interceptor-refname="exception"/><interceptor-refname="alias"/><interceptor-refname="params"/><interceptor-refname="servletConfig"/><interceptor-refname="prepare"/><interceptor-refname="i18n"/><interceptor-refname="chain"/><interceptor-refname="modelDriven"/><interceptor-refname="actionFileUpload"/><interceptor-refname="staticParams"/><interceptor-refname="params"/><interceptor-refname="conversionError"/><interceptor-refname="validation"><paramname="excludeMethods">myValidationExcludeMethod</param></interceptor-ref><interceptor-refname="workflow"><paramname="excludeMethods">myWorkflowExcludeMethod</param></interceptor-ref></action>Method 2:
<actionname="myAction"class="myActionClass"><interceptor-refname="defaultStack"><paramname="validation.excludeMethods">myValidationExcludeMethod</param><paramname="workflow.excludeMethods">myWorkflowExcludeMethod</param></interceptor-ref></action>In the first method, the whole default stack is copied and the parameter then changed accordingly.
In the second method, theinterceptor-ref refers to an existing interceptor-stack, namelydefaultStack in thisexample, and override thevalidator andworkflow interceptorexcludeMethods attribute. Note that in theparamtag, the name attribute contains a dot (.) the word before the dot(.) specifies the interceptor name whose parameter isto be overridden and the word after the dot (.) specifies the parameter itself. The syntax is as follows:
<interceptor-name>.<parameter-name>Note also that in this case theinterceptor-ref name attribute is used to indicate an interceptor stack which makessense as if it is referring to the interceptor itself it would be just using Method 1 describe above.
Method 3:
<interceptors><interceptor-stackname="parentStack"><interceptor-refname="defaultStack"><paramname="params.excludeParams">token</param></interceptor-ref></interceptor-stack></interceptors><default-interceptor-refname="parentStack"/>Parameters override are not inherited in interceptors, meaning that the last set of overridden parameters will be used.For example, if a stack overrides the parameter “defaultBlock” for the “postPrepareParameterFilter” interceptor as:
<interceptor-stackname="parentStack"><interceptor-refname="postPrepareParameterFilter"><paramname="defaultBlock">true</param></interceptor-ref></interceptor-stack>and an action overrides the “allowed” for “postPrepareParameterFilter”:
<packagename="child2"namespace="/child"extends="parentPackage"><actionname="list"class="SomeAction"><interceptor-refname="parentStack"><paramname="postPrepareParameterFilter.allowed">myObject.name</param></interceptor-ref></action></package>Then, only “allowed” will be overridden for the “postPrepareParameterFilter” interceptor in that action,the other params will be null.
This functionality was added in Struts 2.5.9
It is possible to define an interceptor with parameters evaluated during action invocation. In such casethe interceptor must be marked withWithLazyParams interface. This must be developer’s decision as interceptormust be aware of having those parameters set during invocation and not when the interceptor is created as it happensin normal way.
Params are evaluated as any other expression starting with from action as a top object.
<actionname="LazyFoo"class="com.opensymphony.xwork2.SimpleAction"><resultname="success">result.jsp</result><interceptor-refname="lazy"><paramname="foo">${bar}</param></interceptor-ref></action>publicclassMockLazyInterceptorextendsAbstractInterceptorimplementsWithLazyParams{privateStringfoo="";publicvoidsetFoo(Stringfoo){this.foo=foo;}publicStringintercept(ActionInvocationinvocation)throwsException{....returninvocation.invoke();}}Please be aware that order of interceptors can matter when want to access parameters passed via request as thoseparameters are set byParameters Interceptor.
Since Struts 6.1.0 it is possible todisable a given interceptor which won’t be executed during action invocation.All the interceptors extending theAbstractInterceptor class (all the base interceptors do so) can use the parametersoverriding logic to set thedisabled parameter totrue to skip processing of a given interceptor.
An example how to disable the Validation interceptor:
<actionname="myAction"class="myActionClass"><interceptor-refname="defaultStack"><paramname="validation.disabled">true</param></interceptor-ref></action>Interceptors provide an excellent means to wrap before/after processing. The concept reduces code duplication (thinkAOP).
<interceptor-stackname="xaStack"><interceptor-refname="thisWillRunFirstInterceptor"/><interceptor-refname="thisWillRunNextInterceptor"/><interceptor-refname="followedByThisInterceptor"/><interceptor-refname="thisWillRunLastInterceptor"/></interceptor-stack>Note that some Interceptors will interrupt the stack/chain/flow … so the order is very important.
Interceptors implementingcom.opensymphony.xwork2.interceptor.PreResultListener will run after the Action executesbut before the Result executes.
thisWillRunFirstInterceptor thisWillRunNextInterceptor followedByThisInterceptor thisWillRunLastInterceptor MyAction1 MyAction2 (chain) MyPreResultListener MyResult (result) thisWillRunLastInterceptor followedByThisInterceptor thisWillRunNextInterceptorthisWillRunFirstInterceptor