You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2015/08/11 16:15:21 UTC
struts git commit: WW-4342 Moves snippets directly to the Wiki
Repository: struts
Updated Branches:
refs/heads/master 5cf3381b8 -> 16fa0ed80
WW-4342 Moves snippets directly to the Wiki
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/16fa0ed8
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/16fa0ed8
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/16fa0ed8
Branch: refs/heads/master
Commit: 16fa0ed80c7ad26a9d9f79db3f5a9e0fadab01bd
Parents: 5cf3381
Author: Lukasz Lenart <lu...@apache.org>
Authored: Tue Aug 11 16:14:42 2015 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Tue Aug 11 16:15:12 2015 +0200
----------------------------------------------------------------------
.../xwork2/interceptor/ParameterNameAware.java | 6 --
.../interceptor/ParametersInterceptor.java | 92 --------------------
2 files changed, 98 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/16fa0ed8/core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java b/core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
index ba623fd..78f53f1 100644
--- a/core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
+++ b/core/src/main/java/com/opensymphony/xwork2/interceptor/ParameterNameAware.java
@@ -16,16 +16,10 @@
package com.opensymphony.xwork2.interceptor;
/**
- * <!-- START SNIPPET: javadoc -->
- * <p>
* This interface is implemented by actions that want to declare acceptable parameters. Works in conjunction with {@link
* ParametersInterceptor}. For example, actions may want to create a white list of parameters they will accept or a
* blacklist of parameters they will reject to prevent clients from setting other unexpected (and possibly dangerous)
* parameters.
- * </p>
- * <!-- END SNIPPET: javadoc -->
- *
- * @author Bob Lee (crazybob@google.com)
*/
public interface ParameterNameAware {
http://git-wip-us.apache.org/repos/asf/struts/blob/16fa0ed8/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java b/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
index eac4d8b..52f4f36 100644
--- a/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
+++ b/core/src/main/java/com/opensymphony/xwork2/interceptor/ParametersInterceptor.java
@@ -34,100 +34,8 @@ import java.util.Comparator;
import java.util.Map;
import java.util.TreeMap;
-
/**
- * <!-- START SNIPPET: description -->
* This interceptor sets all parameters on the value stack.
- *
- * This interceptor gets all parameters from {@link ActionContext#getParameters()} and sets them on the value stack by
- * calling {@link ValueStack#setValue(String, Object)}, typically resulting in the values submitted in a form
- * request being applied to an action in the value stack. Note that the parameter map must contain a String key and
- * often containers a String[] for the value.
- *
- * The interceptor takes one parameter named 'ordered'. When set to true action properties are guaranteed to be
- * set top-down which means that top action's properties are set first. Then it's subcomponents properties are set.
- * The reason for this order is to enable a 'factory' pattern. For example, let's assume that one has an action
- * that contains a property named 'modelClass' that allows to choose what is the underlying implementation of model.
- * By assuring that modelClass property is set before any model properties are set, it's possible to choose model
- * implementation during action.setModelClass() call. Similiarily it's possible to use action.setPrimaryKey()
- * property set call to actually load the model class from persistent storage. Without any assumption on parameter
- * order you have to use patterns like 'Preparable'.
- *
- * Because parameter names are effectively OGNL statements, it is important that security be taken in to account.
- * This interceptor will not apply any values in the parameters map if the expression contains an assignment (=),
- * multiple expressions (,), or references any objects in the context (#). This is all done in the {@link
- * #acceptableName(String)} method. In addition to this method, if the action being invoked implements the {@link
- * ParameterNameAware} interface, the action will be consulted to determine if the parameter should be set.
- *
- * In addition to these restrictions, a flag ({@link ReflectionContextState#DENY_METHOD_EXECUTION}) is set such that
- * no methods are allowed to be invoked. That means that any expression such as <i>person.doSomething()</i> or
- * <i>person.getName()</i> will be explicitely forbidden. This is needed to make sure that your application is not
- * exposed to attacks by malicious users.
- *
- * While this interceptor is being invoked, a flag ({@link ReflectionContextState#CREATE_NULL_OBJECTS}) is turned
- * on to ensure that any null reference is automatically created - if possible. See the type conversion documentation
- * and the {@link InstantiatingNullHandler} javadocs for more information.
- *
- * Finally, a third flag ({@link XWorkConverter#REPORT_CONVERSION_ERRORS}) is set that indicates any errors when
- * converting the the values to their final data type (String[] -> int) an unrecoverable error occured. With this
- * flag set, the type conversion errors will be reported in the action context. See the type conversion documentation
- * and the {@link XWorkConverter} javadocs for more information.
- *
- * If you are looking for detailed logging information about your parameters, turn on DEBUG level logging for this
- * interceptor. A detailed log of all the parameter keys and values will be reported.
- *
- * <b>Note:</b> Since XWork 2.0.2, this interceptor extends {@link MethodFilterInterceptor}, therefore being
- * able to deal with excludeMethods / includeMethods parameters. See [Workflow Interceptor]
- * (class {@link DefaultWorkflowInterceptor}) for documentation and examples on how to use this feature.
- * <!-- END SNIPPET: description -->
- *
- * <u>Interceptor parameters:</u>
- *
- * <!-- START SNIPPET: parameters -->
- *
- * <ul>
- * <li>ordered - set to true if you want the top-down property setter behaviour</li>
- * <li>acceptParamNames - a comma delimited list of regular expressions to describe a whitelist of accepted parameter names.
- * Don't change the default unless you know what you are doing in terms of security implications</li>
- * <li>excludeParams - a comma delimited list of regular expressions to describe a blacklist of not allowed parameter names</li>
- * <li>paramNameMaxLength - the maximum length of parameter names; parameters with longer names will be ignored; the default is 100 characters</li>
- * </ul>
- *
- * <!-- END SNIPPET: parameters -->
- *
- * <u>Extending the interceptor:</u>
- *
- * <!-- START SNIPPET: extending -->
- *
- * The best way to add behavior to this interceptor is to utilize the {@link ParameterNameAware} interface in your
- * actions. However, if you wish to apply a global rule that isn't implemented in your action, then you could extend
- * this interceptor and override the {@link #acceptableName(String)} method.
- *
- * <!-- END SNIPPET: extending -->
- *
- *
- * <!-- START SNIPPET: extending-warning -->
- * Using {@link ParameterNameAware} could be dangerous as {@link ParameterNameAware#acceptableParameterName(String)} takes precedence
- * over ParametersInterceptor which means if ParametersInterceptor excluded given parameter name you can accept it with
- * {@link ParameterNameAware#acceptableParameterName(String)}.
- *
- * The best idea is to define very tight restrictions with ParametersInterceptor and relax them per action with
- * {@link ParameterNameAware#acceptableParameterName(String)}
- * <!-- END SNIPPET: extending-warning -->
- *
- *
- * <u>Example code:</u>
- *
- * <pre>
- * <!-- START SNIPPET: example -->
- * <action name="someAction" class="com.examples.SomeAction">
- * <interceptor-ref name="params"/>
- * <result name="success">good_result.ftl</result>
- * </action>
- * <!-- END SNIPPET: example -->
- * </pre>
- *
- * @author Patrick Lightbody
*/
public class ParametersInterceptor extends MethodFilterInterceptor {