util

tfenne Thu, 10 Aug 2006 15:31:16 -0700

Revision: 366
Author:   tfenne
Date:     2006-08-10 15:30:46 -0700 (Thu, 10 Aug 2006)
ViewCVS:  http://svn.sourceforge.net/stripes/?rev=366&view=rev


Log Message:
-----------
Fix for STS-236: Way to specify the start event(s) in a wizard so that stripes 
to make it easier to start wizard flows

Modified Paths:
--------------
    trunk/stripes/src/net/sourceforge/stripes/action/Wizard.java
    
trunk/stripes/src/net/sourceforge/stripes/controller/DefaultActionBeanPropertyBinder.java

Added Paths:
-----------
    trunk/stripes/src/net/sourceforge/stripes/util/CollectionUtil.java
Modified: trunk/stripes/src/net/sourceforge/stripes/action/Wizard.java
===================================================================
--- trunk/stripes/src/net/sourceforge/stripes/action/Wizard.java        
2006-08-10 02:20:30 UTC (rev 365)
+++ trunk/stripes/src/net/sourceforge/stripes/action/Wizard.java        
2006-08-10 22:30:46 UTC (rev 366)
@@ -37,4 +37,13 @@
 @Retention(RetentionPolicy.RUNTIME)
 @Documented
 public @interface Wizard {
+    /**
+     * An optional list of events which mark the start of the wizard flow. An 
event is a
+     * start event if it is executed <i>before</i> the first page in the 
wizard flow is
+     * rendered - <b>not</b> if it is the result of a form that targets the 
wizard action.
+     * The list is used by Stripes to disable security validation of the 
'fields present'
+     * field in the request, as it is not necessary for start events in a 
wizard flow, and
+     * can cause problems.
+     */
+    String[] startEvents() default {};
 }

Modified: 
trunk/stripes/src/net/sourceforge/stripes/controller/DefaultActionBeanPropertyBinder.java
===================================================================
--- 
trunk/stripes/src/net/sourceforge/stripes/controller/DefaultActionBeanPropertyBinder.java
   2006-08-10 02:20:30 UTC (rev 365)
+++ 
trunk/stripes/src/net/sourceforge/stripes/controller/DefaultActionBeanPropertyBinder.java
   2006-08-10 22:30:46 UTC (rev 366)
@@ -24,6 +24,7 @@
 import net.sourceforge.stripes.util.HtmlUtil;
 import net.sourceforge.stripes.util.Log;
 import net.sourceforge.stripes.util.ReflectUtil;
+import net.sourceforge.stripes.util.CollectionUtil;
 import net.sourceforge.stripes.util.bean.ExpressionException;
 import net.sourceforge.stripes.util.bean.NoSuchPropertyException;
 import net.sourceforge.stripes.util.bean.PropertyExpression;
@@ -413,19 +414,20 @@
      * @return a non-null (though possibly empty) list of field names
      */
     protected Collection<String> getFieldsPresentInfo(ActionBean bean) {
-        HttpServletRequest request = bean.getContext().getRequest();
+        ActionBeanContext ctx = bean.getContext();
+        HttpServletRequest request = ctx.getRequest();
         String fieldsPresent = 
request.getParameter(StripesConstants.URL_KEY_FIELDS_PRESENT);
-        boolean isWizard = bean.getClass().getAnnotation(Wizard.class) != null;
+        Wizard wizard = bean.getClass().getAnnotation(Wizard.class);
+        boolean isWizard = wizard != null;
 
         if (fieldsPresent == null || "".equals(fieldsPresent)) {
-            if (isWizard) {
-                //FIXME: might want to let the ActionBean handle the initial 
request somehow?
+            if (isWizard && !CollectionUtil.contains(wizard.startEvents(), 
ctx.getEventName())) {
                 throw new StripesRuntimeException(
                         "Submission of a wizard form in Stripes absolutely 
requires that " +
-                                "the hidden field Stripes writes containing 
the names of the fields " +
-                                "present on the form is present and encrypted 
(as Stripes write it). " +
-                                "This is necessary to prevent a user from 
spoofing the system and " +
-                                "getting around any security/data checks."
+                        "the hidden field Stripes writes containing the names 
of the fields " +
+                        "present on the form is present and encrypted (as 
Stripes write it). " +
+                        "This is necessary to prevent a user from spoofing the 
system and " +
+                        "getting around any security/data checks."
                 );
             }
             else {

Added: trunk/stripes/src/net/sourceforge/stripes/util/CollectionUtil.java
===================================================================
--- trunk/stripes/src/net/sourceforge/stripes/util/CollectionUtil.java          
                (rev 0)
+++ trunk/stripes/src/net/sourceforge/stripes/util/CollectionUtil.java  
2006-08-10 22:30:46 UTC (rev 366)
@@ -0,0 +1,44 @@
+/* Copyright 2005-2006 Tim Fennell
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package net.sourceforge.stripes.util;
+
+/**
+ * Utility methods for working with Collections and Arrays.
+ *
+ * @author Tim Fennell
+ * @since Stripes 1.4
+ */
+public class CollectionUtil {
+    /**
+     * Checks to see if an array contains an item. Works on unsorted arrays. 
If the array is
+     * null this method will always return false.  If the item is null, will 
return true if the
+     * array contains a null entry, false otherwise.  In all other cases, 
item.equals() is used
+     * to determine equality.
+     *
+     * @param arr the array to scan for the item.
+     * @param item the item to be looked for
+     * @return true if item is contained in the array, false otherwise
+     */
+    public static boolean contains(Object[] arr, Object item) {
+        if (arr == null) return false;
+
+        for (int i=0; i<arr.length; ++i) {
+            if (item == null && arr[i] == null) return true;
+            if (item != null && item.equals(arr[i])) return true;
+        }
+
+        return false;
+    }
+}


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development

[Stripes-dev] SF.net SVN: stripes: [366] trunk/stripes/src/net/sourceforge/stripes/util

Reply via email to