Revision: 664
http://stripes.svn.sourceforge.net/stripes/?rev=664&view=rev
Author: bengunter
Date: 2007-12-11 10:26:09 -0800 (Tue, 11 Dec 2007)
Log Message:
-----------
STS-452: Allow encryption and decryption of ActionBean properties. If
@Validate(encrypted=true) is set on an ActionBean property then that property's
value will be encrypted when written to a page and *must* be encrypted for
binding to succeed when it is submitted.
Currently encryption is only supported for form population and repopulation.
Encryption support will be added to ParamTag next.
Modified Paths:
--------------
trunk/stripes/src/net/sourceforge/stripes/controller/DefaultActionBeanPropertyBinder.java
trunk/stripes/src/net/sourceforge/stripes/format/DefaultFormatterFactory.java
trunk/stripes/src/net/sourceforge/stripes/tag/DefaultPopulationStrategy.java
trunk/stripes/src/net/sourceforge/stripes/validation/Validate.java
trunk/stripes/src/net/sourceforge/stripes/validation/ValidationMetadata.java
Modified:
trunk/stripes/src/net/sourceforge/stripes/controller/DefaultActionBeanPropertyBinder.java
===================================================================
---
trunk/stripes/src/net/sourceforge/stripes/controller/DefaultActionBeanPropertyBinder.java
2007-12-11 18:05:05 UTC (rev 663)
+++
trunk/stripes/src/net/sourceforge/stripes/controller/DefaultActionBeanPropertyBinder.java
2007-12-11 18:26:09 UTC (rev 664)
@@ -778,28 +778,34 @@
// Dig up the type converter
TypeConverter converter = null;
+ HttpServletRequest request = bean.getContext().getRequest();
if (validationInfo != null && validationInfo.converter() != null) {
converter =
this.configuration.getTypeConverterFactory().getInstance(
- validationInfo.converter(),
bean.getContext().getRequest().getLocale());
+ validationInfo.converter(), request.getLocale());
}
else {
converter =
this.configuration.getTypeConverterFactory().getTypeConverter(propertyType,
- bean.getContext().getRequest().getLocale());
+ request.getLocale());
}
log.debug("Converting ", values.length, " value(s) using converter ",
converter);
for (int i = 0; i < values.length; ++i) {
- if (!"".equals(values[i])) {
+ String value = values[i];
+ if (!"".equals(value)) {
try {
+ if (validationInfo != null && validationInfo.encrypted()) {
+ value = CryptoUtil.decrypt(values[i], request);
+ }
+
Object retval = null;
if (converter != null) {
- retval = converter.convert(values[i], propertyType,
errors);
+ retval = converter.convert(value, propertyType,
errors);
}
else {
Constructor constructor =
propertyType.getConstructor(String.class);
if (constructor != null) {
- retval = constructor.newInstance(values[i]);
+ retval = constructor.newInstance(value);
}
else {
log.debug("Could not find a way to convert the
parameter ",
@@ -817,7 +823,7 @@
// Set the field name and value on the error
for (ValidationError error : errors) {
error.setFieldName(propertyName.getStrippedName());
- error.setFieldValue(values[i]);
+ error.setFieldValue(value);
}
}
catch (Exception e) {
Modified:
trunk/stripes/src/net/sourceforge/stripes/format/DefaultFormatterFactory.java
===================================================================
---
trunk/stripes/src/net/sourceforge/stripes/format/DefaultFormatterFactory.java
2007-12-11 18:05:05 UTC (rev 663)
+++
trunk/stripes/src/net/sourceforge/stripes/format/DefaultFormatterFactory.java
2007-12-11 18:26:09 UTC (rev 664)
@@ -20,6 +20,7 @@
import java.util.Map;
import net.sourceforge.stripes.config.Configuration;
+import net.sourceforge.stripes.tag.EncryptedValue;
import net.sourceforge.stripes.util.Log;
/**
@@ -135,6 +136,9 @@
else if (Enum.class.isAssignableFrom(targetClass)) {
formatterClass = EnumFormatter.class;
}
+ else if (EncryptedValue.class.isAssignableFrom(targetClass)) {
+ formatterClass = EncryptedValueFormatter.class;
+ }
}
// cache it, even if it's null
Modified:
trunk/stripes/src/net/sourceforge/stripes/tag/DefaultPopulationStrategy.java
===================================================================
---
trunk/stripes/src/net/sourceforge/stripes/tag/DefaultPopulationStrategy.java
2007-12-11 18:05:05 UTC (rev 663)
+++
trunk/stripes/src/net/sourceforge/stripes/tag/DefaultPopulationStrategy.java
2007-12-11 18:26:09 UTC (rev 664)
@@ -14,6 +14,8 @@
*/
package net.sourceforge.stripes.tag;
+import javax.servlet.http.HttpServletRequest;
+
import net.sourceforge.stripes.action.ActionBean;
import net.sourceforge.stripes.config.Configuration;
import net.sourceforge.stripes.exception.StripesJspException;
@@ -21,6 +23,7 @@
import net.sourceforge.stripes.util.bean.BeanUtil;
import net.sourceforge.stripes.util.bean.ExpressionException;
import net.sourceforge.stripes.validation.ValidationErrors;
+import net.sourceforge.stripes.validation.ValidationMetadata;
/**
* <p>Default implementation of the form input tag population strategy. First
looks to see if there
@@ -61,6 +64,7 @@
public Object getValue(InputTagSupport tag) throws StripesJspException {
// Look first for something that the user submitted in the current
request
Object value = getValuesFromRequest(tag);
+ boolean fromRequest = value != null;
// If that's not there, let's look on the ActionBean
if (value == null) {
@@ -72,6 +76,24 @@
value = getValueFromTag(tag);
}
+ /*
+ * If the value was pulled from a request parameter, then it should
already be encrypted and
+ * should repopulate as-is. Otherwise, if the validation directive
says it should be
+ * encrypted, then prepare it for encryption now.
+ */
+ if (!fromRequest) {
+ Class<? extends ActionBean> beanType =
config.getActionResolver().getActionBeanType(
+ tag.getParentFormTag().getAction());
+ if (beanType != null) {
+ ValidationMetadata validate =
config.getValidationMetadataProvider()
+ .getValidationMetadata(beanType, tag.getName());
+ if (validate != null && validate.encrypted()) {
+ value = new EncryptedValue(value, ((HttpServletRequest)
tag.getPageContext()
+ .getRequest()));
+ }
+ }
+ }
+
return value;
}
Modified: trunk/stripes/src/net/sourceforge/stripes/validation/Validate.java
===================================================================
--- trunk/stripes/src/net/sourceforge/stripes/validation/Validate.java
2007-12-11 18:05:05 UTC (rev 663)
+++ trunk/stripes/src/net/sourceforge/stripes/validation/Validate.java
2007-12-11 18:26:09 UTC (rev 664)
@@ -22,7 +22,7 @@
/**
* Primary annotation used to specify validations for form fields. Allows
quick and easy
- * specifiction of the most common types of validation logic, as well as a way
to specify
+ * specification of the most common types of validation logic, as well as a
way to specify
* custom validations.
*
* @author Tim Fennell
@@ -39,6 +39,14 @@
String field() default "";
/**
+ * If true, then a parameter value to be bound to this field must be an
encrypted string. It
+ * also implies that when the value of this field is rendered by certain
tags (e.g.,
+ * [EMAIL PROTECTED] InputHiddenTag}) that it is to be rendered as an
encrypted string. This prevents
+ * clients from injecting random values.
+ */
+ boolean encrypted() default false;
+
+ /**
* If set to true, requires that a non-null, non-empty value must be
submitted for the field.
*/
boolean required() default false;
Modified:
trunk/stripes/src/net/sourceforge/stripes/validation/ValidationMetadata.java
===================================================================
---
trunk/stripes/src/net/sourceforge/stripes/validation/ValidationMetadata.java
2007-12-11 18:05:05 UTC (rev 663)
+++
trunk/stripes/src/net/sourceforge/stripes/validation/ValidationMetadata.java
2007-12-11 18:26:09 UTC (rev 664)
@@ -32,8 +32,9 @@
* @since Stripes 1.5
*/
public class ValidationMetadata {
- String property;
- boolean required;
+ private String property;
+ private boolean encrypted;
+ private boolean required;
private Set<String> on;
private boolean onIsPositive;
private boolean ignore;
@@ -42,7 +43,7 @@
private Pattern mask;
private String expression;
@SuppressWarnings("unchecked")
- Class<? extends TypeConverter> converter;
+ private Class<? extends TypeConverter> converter;
/**
* Constructs a ValidationMetadata object for the specified property.
Further constraints
@@ -65,6 +66,7 @@
public ValidationMetadata(String property, Validate validate) {
// Copy over all the simple values
this.property = property;
+ encrypted(validate.encrypted());
required(validate.required());
ignore(validate.ignore());
if (validate.minlength() != -1) minlength(validate.minlength());
@@ -82,6 +84,15 @@
return this.property;
}
+ /** Sets the encrypted flag for this field. True = encrypted, false =
plain text. */
+ public ValidationMetadata encrypted(boolean encrypted) {
+ this.encrypted = encrypted;
+ return this;
+ }
+
+ /** Returns true if the field in question is encrypted. */
+ public boolean encrypted() { return encrypted; }
+
/** Sets the required-ness of this field. True = required, false = not
required. */
public ValidationMetadata required(boolean required) {
this.required = required;
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
