Class ParametersInterceptor

All Implemented Interfaces:
ConditionalInterceptor, Interceptor, Serializable
Direct Known Subclasses:
ActionMappingParametersInterceptor, ParametersInterceptor

public class ParametersInterceptor extends MethodFilterInterceptor
This interceptor sets all parameters on the value stack.
See Also:
  • Field Details

    • PARAM_NAME_MAX_LENGTH

      protected static final int PARAM_NAME_MAX_LENGTH
      See Also:
    • ordered

      protected boolean ordered
  • Constructor Details

    • ParametersInterceptor

      public ParametersInterceptor()
  • Method Details

    • setValueStackFactory

      public void setValueStackFactory(ValueStackFactory valueStackFactory)
    • setDevMode

      public void setDevMode(String mode)
    • setExcludedPatterns

      public void setExcludedPatterns(ExcludedPatternsChecker excludedPatterns)
    • setAcceptedPatterns

      public void setAcceptedPatterns(AcceptedPatternsChecker acceptedPatterns)
    • setDynamicMethodInvocation

      protected void setDynamicMethodInvocation(String dmiEnabled)
    • setParamNameMaxLength

      public void setParamNameMaxLength(int paramNameMaxLength)
      If the param name exceeds the configured maximum length it will not be accepted.
      Parameters:
      paramNameMaxLength - Maximum length of param names
    • doIntercept

      public String doIntercept(ActionInvocation invocation) throws Exception
      Description copied from class: MethodFilterInterceptor
      Subclasses must override to implement the interceptor logic.
      Specified by:
      doIntercept in class MethodFilterInterceptor
      Parameters:
      invocation - the action invocation
      Returns:
      the result of invocation
      Throws:
      Exception - in case of any errors
    • retrieveParameters

      protected HttpParameters retrieveParameters(ActionContext actionContext)
      Gets the parameter map to apply from wherever appropriate
      Parameters:
      actionContext - The action context
      Returns:
      The parameter map to apply
    • addParametersToContext

      protected void addParametersToContext(ActionContext ac, Map<String,?> newParams)
      Adds the parameters into context's ParameterMap

      In this class this is a no-op, since the parameters were fetched from the same location. In subclasses both this and retrieveParameters(com.opensymphony.xwork2.ActionContext) should be overridden.

      Parameters:
      ac - The action context
      newParams - The parameter map to apply
    • setParameters

      @Deprecated protected void setParameters(Object action, ValueStack stack, HttpParameters parameters)
    • applyParameters

      protected void applyParameters(Object action, ValueStack stack, HttpParameters parameters)
    • batchApplyReflectionContextState

      protected void batchApplyReflectionContextState(Map<String,Object> context, boolean value)
    • toNewStack

      protected ValueStack toNewStack(ValueStack stack)
    • applyMemberAccessProperties

      protected void applyMemberAccessProperties(ValueStack stack)
    • toAcceptableParameters

      protected Map<String,Parameter> toAcceptableParameters(HttpParameters parameters, Object action)
    • initParameterMap

      protected Map<String,Parameter> initParameterMap()
    • initNewHttpParameters

      protected HttpParameters initNewHttpParameters(HttpParameters parameters)
    • applyParametersOnStack

      protected void applyParametersOnStack(ValueStack stack, Map<String,Parameter> parameters, Object action)
    • notifyDeveloperParameterException

      protected void notifyDeveloperParameterException(Object action, String property, String message)
    • isAcceptableParameter

      protected boolean isAcceptableParameter(String name, Object action)
      Checks if name of parameter can be accepted or thrown away
      Parameters:
      name - parameter name
      action - current action
      Returns:
      true if parameter is accepted
    • isAcceptableParameterNameAware

      protected boolean isAcceptableParameterNameAware(String name, Object action)
    • isAcceptableParameterValue

      protected boolean isAcceptableParameterValue(Parameter param, Object action)
      Checks if parameter value can be accepted or thrown away
      Parameters:
      param - the parameter
      action - current action
      Returns:
      true if parameter is accepted
    • isAcceptableParameterValueAware

      protected boolean isAcceptableParameterValueAware(Parameter param, Object action)
    • getOrderedComparator

      protected Comparator<String> getOrderedComparator()
      Gets an instance of the comparator to use for the ordered sorting. Override this method to customize the ordering of the parameters as they are set to the action.
      Returns:
      A comparator to sort the parameters
    • getParameterLogMap

      protected String getParameterLogMap(HttpParameters parameters)
    • acceptableName

      protected boolean acceptableName(String name)
      Deprecated.
    • isAcceptableName

      protected boolean isAcceptableName(String name)
      Validates the name passed is: * Within the max length of a parameter name * Is not excluded * Is accepted
      Parameters:
      name - - Name to check
      Returns:
      true if accepted
    • acceptableValue

      protected boolean acceptableValue(String name, String value)
    • isAcceptableValue

      protected boolean isAcceptableValue(String name, String value)
      Validates: * Value is null/blank * Value is not excluded * Value is accepted
      Parameters:
      name - - Param name (for logging)
      value - - value to check
      Returns:
      true if accepted
    • isWithinLengthLimit

      protected boolean isWithinLengthLimit(String name)
    • isAccepted

      protected boolean isAccepted(String paramName)
    • isExcluded

      protected boolean isExcluded(String paramName)
    • isParamValueExcluded

      protected boolean isParamValueExcluded(String value)
    • isParamValueAccepted

      protected boolean isParamValueAccepted(String value)
    • isOrdered

      public boolean isOrdered()
      Whether to order the parameters or not
      Returns:
      True to order
    • setOrdered

      public void setOrdered(boolean ordered)
      Set whether to order the parameters by object depth or not
      Parameters:
      ordered - True to order them
    • setAcceptParamNames

      public void setAcceptParamNames(String commaDelim)
      Sets a comma-delimited list of regular expressions to match parameters that are allowed in the parameter map (aka whitelist).

      Don't change the default unless you know what you are doing in terms of security implications.

      Parameters:
      commaDelim - A comma-delimited list of regular expressions
    • setExcludeParams

      public void setExcludeParams(String commaDelim)
      Sets a comma-delimited list of regular expressions to match parameters that should be removed from the parameter map.
      Parameters:
      commaDelim - A comma-delimited list of regular expressions
    • setAcceptedValuePatterns

      public void setAcceptedValuePatterns(String commaDelimitedPatterns)
      Sets a comma-delimited list of regular expressions to match values of parameters that should be accepted and included in the parameter map.
      Parameters:
      commaDelimitedPatterns - A comma-delimited set of regular expressions
    • setExcludedValuePatterns

      public void setExcludedValuePatterns(String commaDelimitedPatterns)
      Sets a comma-delimited list of regular expressions to match values of parameters that should be removed from the parameter map.
      Parameters:
      commaDelimitedPatterns - A comma-delimited set of regular expressions