public class ParametersInterceptor extends MethodFilterInterceptor
Modifier and Type | Field and Description |
---|---|
protected boolean |
ordered |
protected static int |
PARAM_NAME_MAX_LENGTH |
excludeMethods, includeMethods, log
Constructor and Description |
---|
ParametersInterceptor() |
Modifier and Type | Method and Description |
---|---|
protected boolean |
acceptableName(String name) |
protected void |
addParametersToContext(ActionContext ac,
Map<String,Object> newParams)
Adds the parameters into context's ParameterMap
|
String |
doIntercept(ActionInvocation invocation)
Subclasses must override to implement the interceptor logic.
|
protected Comparator<String> |
getOrderedComparator()
Gets an instance of the comparator to use for the ordered sorting.
|
protected String |
getParameterLogMap(Map<String,Object> parameters) |
protected boolean |
isAcceptableParameter(String name,
Object action)
Checks if name of parameter can be accepted or thrown away
|
protected boolean |
isAcceptableValue(Object value)
Checks if given value doesn't match global excluded patterns to avoid passing malicious code
|
protected boolean |
isAccepted(String paramName) |
protected boolean |
isExcluded(String paramName) |
boolean |
isOrdered()
Whether to order the parameters or not
|
protected boolean |
isWithinLengthLimit(String name) |
protected void |
notifyDeveloperParameterException(Object action,
String property,
String message) |
protected Map<String,Object> |
retrieveParameters(ActionContext ac)
Gets the parameter map to apply from wherever appropriate
|
void |
setAcceptedPatterns(AcceptedPatternsChecker acceptedPatterns) |
void |
setAcceptParamNames(String commaDelim)
Sets a comma-delimited list of regular expressions to match
parameters that are allowed in the parameter map (aka whitelist).
|
void |
setDevMode(String mode) |
void |
setExcludedPatterns(ExcludedPatternsChecker excludedPatterns) |
void |
setExcludeParams(String commaDelim)
Sets a comma-delimited list of regular expressions to match
parameters that should be removed from the parameter map.
|
void |
setOrdered(boolean ordered)
Set whether to order the parameters by object depth or not
|
protected void |
setParameters(Object action,
ValueStack stack,
Map<String,Object> parameters) |
void |
setParamNameMaxLength(int paramNameMaxLength)
If the param name exceeds the configured maximum length it will not be
accepted.
|
void |
setValueStackFactory(ValueStackFactory valueStackFactory) |
applyInterceptor, getExcludeMethodsSet, getIncludeMethodsSet, intercept, setExcludeMethods, setIncludeMethods
destroy, init
protected static final int PARAM_NAME_MAX_LENGTH
protected boolean ordered
public void setValueStackFactory(ValueStackFactory valueStackFactory)
public void setDevMode(String mode)
public void setExcludedPatterns(ExcludedPatternsChecker excludedPatterns)
public void setAcceptedPatterns(AcceptedPatternsChecker acceptedPatterns)
public void setParamNameMaxLength(int paramNameMaxLength)
paramNameMaxLength
- Maximum length of param namespublic String doIntercept(ActionInvocation invocation) throws Exception
MethodFilterInterceptor
doIntercept
in class MethodFilterInterceptor
invocation
- the action invocationException
- in case of any errorsprotected Map<String,Object> retrieveParameters(ActionContext ac)
ac
- The action contextprotected void addParametersToContext(ActionContext ac, Map<String,Object> newParams)
ac
- The action contextnewParams
- The parameter map to apply
In this class this is a no-op, since the parameters were fetched from the same location. In subclasses both retrieveParameters() and addParametersToContext() should be overridden.
protected void setParameters(Object action, ValueStack stack, Map<String,Object> parameters)
protected void notifyDeveloperParameterException(Object action, String property, String message)
protected boolean isAcceptableParameter(String name, Object action)
name
- parameter nameaction
- current actionprotected boolean isAcceptableValue(Object value)
value
- incoming parameter's valueprotected Comparator<String> getOrderedComparator()
protected boolean acceptableName(String name)
protected boolean isWithinLengthLimit(String name)
protected boolean isAccepted(String paramName)
protected boolean isExcluded(String paramName)
public boolean isOrdered()
public void setOrdered(boolean ordered)
ordered
- True to order thempublic void setAcceptParamNames(String commaDelim)
Don't change the default unless you know what you are doing in terms of security implications.
commaDelim
- A comma-delimited list of regular expressionspublic void setExcludeParams(String commaDelim)
commaDelim
- A comma-delimited list of regular expressionsCopyright © 2000-2015 Apache Software Foundation. All Rights Reserved.