struts-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christoph Nenning <Christoph.Nenn...@lex-com.net>
Subject Re: Secure parameters
Date Thu, 08 Oct 2015 13:30:28 GMT
> From: Lukasz Lenart <lukaszlenart@apache.org>
> To: Struts Developers List <dev@struts.apache.org>, 
> Date: 06.10.2015 08:28
> Subject: Secure parameters
> 
> Hi,
> 
> I have started on introducing typed parameters instead of a Map of
> objects as we have right now [1]. Basically I am trying to introduce a
> dedicated class which will represent HTTP parameters [2]. This isn't
> finished yet as I need to figure out how to handle pushing objects
> onto parameters (ie. FileuploadInterceptor is pushing files [3]) - the
> problem is that HTTP params are arrays of strings but we have used it
> internally to "transport" other objects.
> 
> Any insights welcome :)
> 
> [1] https://github.com/apache/struts/pull/53
> [2] https://github.com/apache/struts/pull/53/files#diff-12
> [3] https://github.com/apache/struts/pull/53/files#diff-18
> 
> 


Basically I love the idea to have some more meta data about each 
parameter.

I would expect new 'Parameter' interface would provide a method like 
'isExternal()' or 'isUserProvided()' but maybe this is yet to come ;)



> as I need to figure out how to handle pushing objects
> onto parameters

One way could be to add methods like these to 'Parameter':

Object getValueNonString()
Object[] getValuesNonString()
boolean hasValueNonString()


Most places dealing with parameters just need Strings. They can use 
methods 'getValue()' and 'getMultipleValue()' and don't need to cast. 
Those few places that need other types than Strings can use 'NonString' 
methods and have to cast on their own.



Regards,
Christoph

This Email was scanned by Sophos Anti Virus

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message