Repository: struts Updated Branches: refs/heads/master 5cf3381b8 -> 16fa0ed80
WW-4342 Moves snippets directly to the Wiki Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/16fa0ed8 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/16fa0ed8 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/16fa0ed8 Branch: refs/heads/master Commit: 16fa0ed80c7ad26a9d9f79db3f5a9e0fadab01bd Parents: 5cf3381 Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Tue Aug 11 16:14:42 2015 +0200 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Tue Aug 11 16:15:12 2015 +0200 ---------------------------------------------------------------------- .../xwork2/interceptor/ParameterNameAware.java | 6 -- .../interceptor/ParametersInterceptor.java | 92 -------------------- 2 files changed, 98 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/16fa0ed8/core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java b/core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java index ba623fd..78f53f1 100644 --- a/core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java +++ b/core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java @@ -16,16 +16,10 @@ package com.opensymphony.xwork2.interceptor; /** - * <!-- START SNIPPET: javadoc --> - * <p> * This interface is implemented by actions that want to declare acceptable parameters. Works in conjunction with {@link * ParametersInterceptor}. For example, actions may want to create a white list of parameters they will accept or a * blacklist of parameters they will reject to prevent clients from setting other unexpected (and possibly dangerous) * parameters. - * </p> - * <!-- END SNIPPET: javadoc --> - * - * @author Bob Lee (crazy...@google.com) */ public interface ParameterNameAware { http://git-wip-us.apache.org/repos/asf/struts/blob/16fa0ed8/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java b/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java index eac4d8b..52f4f36 100644 --- a/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java +++ b/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java @@ -34,100 +34,8 @@ import java.util.Comparator; import java.util.Map; import java.util.TreeMap; - /** - * <!-- START SNIPPET: description --> * This interceptor sets all parameters on the value stack. - * - * This interceptor gets all parameters from {@link ActionContext#getParameters()} and sets them on the value stack by - * calling {@link ValueStack#setValue(String, Object)}, typically resulting in the values submitted in a form - * request being applied to an action in the value stack. Note that the parameter map must contain a String key and - * often containers a String[] for the value. - * - * The interceptor takes one parameter named 'ordered'. When set to true action properties are guaranteed to be - * set top-down which means that top action's properties are set first. Then it's subcomponents properties are set. - * The reason for this order is to enable a 'factory' pattern. For example, let's assume that one has an action - * that contains a property named 'modelClass' that allows to choose what is the underlying implementation of model. - * By assuring that modelClass property is set before any model properties are set, it's possible to choose model - * implementation during action.setModelClass() call. Similiarily it's possible to use action.setPrimaryKey() - * property set call to actually load the model class from persistent storage. Without any assumption on parameter - * order you have to use patterns like 'Preparable'. - * - * Because parameter names are effectively OGNL statements, it is important that security be taken in to account. - * This interceptor will not apply any values in the parameters map if the expression contains an assignment (=), - * multiple expressions (,), or references any objects in the context (#). This is all done in the {@link - * #acceptableName(String)} method. In addition to this method, if the action being invoked implements the {@link - * ParameterNameAware} interface, the action will be consulted to determine if the parameter should be set. - * - * In addition to these restrictions, a flag ({@link ReflectionContextState#DENY_METHOD_EXECUTION}) is set such that - * no methods are allowed to be invoked. That means that any expression such as <i>person.doSomething()</i> or - * <i>person.getName()</i> will be explicitely forbidden. This is needed to make sure that your application is not - * exposed to attacks by malicious users. - * - * While this interceptor is being invoked, a flag ({@link ReflectionContextState#CREATE_NULL_OBJECTS}) is turned - * on to ensure that any null reference is automatically created - if possible. See the type conversion documentation - * and the {@link InstantiatingNullHandler} javadocs for more information. - * - * Finally, a third flag ({@link XWorkConverter#REPORT_CONVERSION_ERRORS}) is set that indicates any errors when - * converting the the values to their final data type (String[] -> int) an unrecoverable error occured. With this - * flag set, the type conversion errors will be reported in the action context. See the type conversion documentation - * and the {@link XWorkConverter} javadocs for more information. - * - * If you are looking for detailed logging information about your parameters, turn on DEBUG level logging for this - * interceptor. A detailed log of all the parameter keys and values will be reported. - * - * <b>Note:</b> Since XWork 2.0.2, this interceptor extends {@link MethodFilterInterceptor}, therefore being - * able to deal with excludeMethods / includeMethods parameters. See [Workflow Interceptor] - * (class {@link DefaultWorkflowInterceptor}) for documentation and examples on how to use this feature. - * <!-- END SNIPPET: description --> - * - * <u>Interceptor parameters:</u> - * - * <!-- START SNIPPET: parameters --> - * - * <ul> - * <li>ordered - set to true if you want the top-down property setter behaviour</li> - * <li>acceptParamNames - a comma delimited list of regular expressions to describe a whitelist of accepted parameter names. - * Don't change the default unless you know what you are doing in terms of security implications</li> - * <li>excludeParams - a comma delimited list of regular expressions to describe a blacklist of not allowed parameter names</li> - * <li>paramNameMaxLength - the maximum length of parameter names; parameters with longer names will be ignored; the default is 100 characters</li> - * </ul> - * - * <!-- END SNIPPET: parameters --> - * - * <u>Extending the interceptor:</u> - * - * <!-- START SNIPPET: extending --> - * - * The best way to add behavior to this interceptor is to utilize the {@link ParameterNameAware} interface in your - * actions. However, if you wish to apply a global rule that isn't implemented in your action, then you could extend - * this interceptor and override the {@link #acceptableName(String)} method. - * - * <!-- END SNIPPET: extending --> - * - * - * <!-- START SNIPPET: extending-warning --> - * Using {@link ParameterNameAware} could be dangerous as {@link ParameterNameAware#acceptableParameterName(String)} takes precedence - * over ParametersInterceptor which means if ParametersInterceptor excluded given parameter name you can accept it with - * {@link ParameterNameAware#acceptableParameterName(String)}. - * - * The best idea is to define very tight restrictions with ParametersInterceptor and relax them per action with - * {@link ParameterNameAware#acceptableParameterName(String)} - * <!-- END SNIPPET: extending-warning --> - * - * - * <u>Example code:</u> - * - * <pre> - * <!-- START SNIPPET: example --> - * <action name="someAction" class="com.examples.SomeAction"> - * <interceptor-ref name="params"/> - * <result name="success">good_result.ftl</result> - * </action> - * <!-- END SNIPPET: example --> - * </pre> - * - * @author Patrick Lightbody */ public class ParametersInterceptor extends MethodFilterInterceptor {
