com.opensymphony.xwork2.interceptor: public class: ParametersInterceptor

com.opensymphony.xwork2.interceptor
public class: ParametersInterceptor [javadoc | source]

java.lang.Object
   com.opensymphony.xwork2.interceptor.AbstractInterceptor
      com.opensymphony.xwork2.interceptor.MethodFilterInterceptor
         com.opensymphony.xwork2.interceptor.ParametersInterceptor

All Implemented Interfaces:
Interceptor

This interceptor sets all parameters on the value stack.

This interceptor gets all parameters from ActionContext#getParameters() and sets them on the value stack by calling ValueStack#setValue(String, Object) , typically resulting in the values submitted in a form request being applied to an action in the value stack. Note that the parameter map must contain a String key and often containers a String[] for the value.

The interceptor takes one parameter named 'ordered'. When set to true action properties are guaranteed to be set top-down which means that top action's properties are set first. Then it's subcomponents properties are set. The reason for this order is to enable a 'factory' pattern. For example, let's assume that one has an action that contains a property named 'modelClass' that allows to choose what is the underlying implementation of model. By assuring that modelClass property is set before any model properties are set, it's possible to choose model implementation during action.setModelClass() call. Similiarily it's possible to use action.setPrimaryKey() property set call to actually load the model class from persistent storage. Without any assumption on parameter order you have to use patterns like 'Preparable'.

Because parameter names are effectively OGNL statements, it is important that security be taken in to account. This interceptor will not apply any values in the parameters map if the expression contains an assignment (=), multiple expressions (,), or references any objects in the context (#). This is all done in the #acceptableName(String) method. In addition to this method, if the action being invoked implements the ParameterNameAware interface, the action will be consulted to determine if the parameter should be set.

In addition to these restrictions, a flag (ReflectionContextState#DENY_METHOD_EXECUTION ) is set such that no methods are allowed to be invoked. That means that any expression such as person.doSomething() or person.getName() will be explicitely forbidden. This is needed to make sure that your application is not exposed to attacks by malicious users.

While this interceptor is being invoked, a flag (ReflectionContextState#CREATE_NULL_OBJECTS ) is turned on to ensure that any null reference is automatically created - if possible. See the type conversion documentation and the InstantiatingNullHandler javadocs for more information.

Finally, a third flag (XWorkConverter#REPORT_CONVERSION_ERRORS ) is set that indicates any errors when converting the the values to their final data type (String[] -> int) an unrecoverable error occured. With this flag set, the type conversion errors will be reported in the action context. See the type conversion documentation and the XWorkConverter javadocs for more information.

If you are looking for detailed logging information about your parameters, turn on DEBUG level logging for this interceptor. A detailed log of all the parameter keys and values will be reported.

Note: Since XWork 2.0.2, this interceptor extends MethodFilterInterceptor , therefore being able to deal with excludeMethods / includeMethods parameters. See [Workflow Interceptor] (class DefaultWorkflowInterceptor ) for documentation and examples on how to use this feature.

Interceptor parameters:

ordered - set to true if you want the top-down property setter behaviour

Extending the interceptor:

The best way to add behavior to this interceptor is to utilize the ParameterNameAware interface in your actions. However, if you wish to apply a global rule that isn't implemented in your action, then you could extend this interceptor and override the #acceptableName(String) method.

Example code:


<action name="someAction" class="com.examples.SomeAction">
    <interceptor-ref name="params"/>
    <result name="success">good_result.ftl</result>
</action>

author: Patrick - Lightbody

Field Summary
boolean	ordered
Set<Pattern>	excludeParams
Set<Pattern>	acceptParams
static boolean	devMode
static final Comparator<String>	rbCollator	Compares based on number of '.' characters (fewer is higher)

Fields inherited from com.opensymphony.xwork2.interceptor.MethodFilterInterceptor:
log, excludeMethods, includeMethods

Method from com.opensymphony.xwork2.interceptor.ParametersInterceptor Summary:
acceptableName, addParametersToContext, doIntercept, getExcludeParamsSet, getOrderedComparator, isAccepted, isExcluded, isOrdered, retrieveParameters, setAcceptParamNames, setDevMode, setExcludeParams, setOrdered, setParameters, setValueStackFactory

Methods from com.opensymphony.xwork2.interceptor.MethodFilterInterceptor:
applyInterceptor, doIntercept, getExcludeMethodsSet, getIncludeMethodsSet, intercept, setExcludeMethods, setIncludeMethods

Methods from com.opensymphony.xwork2.interceptor.AbstractInterceptor:
destroy, init, intercept

Methods from java.lang.Object:
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method from com.opensymphony.xwork2.interceptor.ParametersInterceptor Detail:
protected boolean acceptableName(String name) { if (isAccepted(name) && !isExcluded(name)) { return true; } return false; }
protected void addParametersToContext(ActionContext ac, Map<String, Object> newParams) { } Adds the parameters into context's ParameterMap
public String doIntercept(ActionInvocation invocation) throws Exception { Object action = invocation.getAction(); if (!(action instanceof NoParameters)) { ActionContext ac = invocation.getInvocationContext(); final Map< String, Object > parameters = retrieveParameters(ac); if (LOG.isDebugEnabled()) { LOG.debug("Setting params " + getParameterLogMap(parameters)); } if (parameters != null) { Map< String, Object > contextMap = ac.getContextMap(); try { ReflectionContextState.setCreatingNullObjects(contextMap, true); ReflectionContextState.setDenyMethodExecution(contextMap, true); ReflectionContextState.setReportingConversionErrors(contextMap, true); ValueStack stack = ac.getValueStack(); setParameters(action, stack, parameters); } finally { ReflectionContextState.setCreatingNullObjects(contextMap, false); ReflectionContextState.setDenyMethodExecution(contextMap, false); ReflectionContextState.setReportingConversionErrors(contextMap, false); } } } return invocation.invoke(); }
protected Set getExcludeParamsSet() { return excludeParams; } Gets a set of regular expressions of parameters to remove from the parameter map
protected Comparator<String> getOrderedComparator() { return rbCollator; } Gets an instance of the comparator to use for the ordered sorting. Override this method to customize the ordering of the parameters as they are set to the action.
protected boolean isAccepted(String paramName) { if (!this.acceptParams.isEmpty()) { for (Pattern pattern : acceptParams) { Matcher matcher = pattern.matcher(paramName); if (matcher.matches()) { return true; } } return false; } else return acceptedPattern.matcher(paramName).matches(); }
protected boolean isExcluded(String paramName) { if (!this.excludeParams.isEmpty()) { for (Pattern pattern : excludeParams) { Matcher matcher = pattern.matcher(paramName); if (matcher.matches()) { return true; } } } return false; }
public boolean isOrdered() { return ordered; } Whether to order the parameters or not
protected Map<String, Object> retrieveParameters(ActionContext ac) { return ac.getParameters(); } Gets the parameter map to apply from wherever appropriate
public void setAcceptParamNames(String commaDelim) { Collection< String > acceptPatterns = asCollection(commaDelim); if (acceptPatterns != null) { acceptParams = new HashSet< Pattern >(); for (String pattern : acceptPatterns) { acceptParams.add(Pattern.compile(pattern)); } } }
public static void setDevMode(String mode) { devMode = "true".equals(mode); }
public void setExcludeParams(String commaDelim) { Collection< String > excludePatterns = asCollection(commaDelim); if (excludePatterns != null) { excludeParams = new HashSet< Pattern >(); for (String pattern : excludePatterns) { excludeParams.add(Pattern.compile(pattern)); } } } Sets a comma-delimited list of regular expressions to match parameters that should be removed from the parameter map.
public void setOrdered(boolean ordered) { this.ordered = ordered; } Set whether to order the parameters by object depth or not
protected void setParameters(Object action, ValueStack stack, Map<String, Object> parameters) { ParameterNameAware parameterNameAware = (action instanceof ParameterNameAware) ? (ParameterNameAware) action : null; Map< String, Object > params; Map< String, Object > acceptableParameters; if (ordered) { params = new TreeMap< String, Object >(getOrderedComparator()); acceptableParameters = new TreeMap< String, Object >(getOrderedComparator()); params.putAll(parameters); } else { params = new TreeMap< String, Object >(parameters); acceptableParameters = new TreeMap< String, Object >(); } for (Map.Entry< String, Object > entry : params.entrySet()) { String name = entry.getKey(); boolean acceptableName = acceptableName(name) && (parameterNameAware == null \|\| parameterNameAware.acceptableParameterName(name)); if (acceptableName) { acceptableParameters.put(name, entry.getValue()); } } ValueStack newStack = valueStackFactory.createValueStack(stack); boolean clearableStack = newStack instanceof ClearableValueStack; if (clearableStack) { //if the stack's context can be cleared, do that to prevent OGNL //from having access to objects in the stack, see XW-641 ((ClearableValueStack)newStack).clearContextValues(); Map< String, Object > context = newStack.getContext(); ReflectionContextState.setCreatingNullObjects(context, true); ReflectionContextState.setDenyMethodExecution(context, true); ReflectionContextState.setReportingConversionErrors(context, true); //keep locale from original context context.put(ActionContext.LOCALE, stack.getContext().get(ActionContext.LOCALE)); } boolean memberAccessStack = newStack instanceof MemberAccessValueStack; if (memberAccessStack) { //block or allow access to properties //see WW-2761 for more details MemberAccessValueStack accessValueStack = (MemberAccessValueStack) newStack; accessValueStack.setAcceptProperties(acceptParams); accessValueStack.setExcludeProperties(excludeParams); } for (Map.Entry< String, Object > entry : acceptableParameters.entrySet()) { String name = entry.getKey(); Object value = entry.getValue(); try { newStack.setValue(name, value); } catch (RuntimeException e) { if (devMode) { String developerNotification = LocalizedTextUtil.findText(ParametersInterceptor.class, "devmode.notification", ActionContext.getContext().getLocale(), "Developer Notification:\n{0}", new Object[]{ "Unexpected Exception caught setting '" + name + "' on '" + action.getClass() + ": " + e.getMessage() }); LOG.error(developerNotification); if (action instanceof ValidationAware) { ((ValidationAware) action).addActionMessage(developerNotification); } } } } if (clearableStack && (stack.getContext() != null) && (newStack.getContext() != null)) stack.getContext().put(ActionContext.CONVERSION_ERRORS, newStack.getContext().get(ActionContext.CONVERSION_ERRORS)); addParametersToContext(ActionContext.getContext(), acceptableParameters); }
public void setValueStackFactory(ValueStackFactory valueStackFactory) { this.valueStackFactory = valueStackFactory; }