Revision: 664
          http://stripes.svn.sourceforge.net/stripes/?rev=664&view=rev
Author:   bengunter
Date:     2007-12-11 10:26:09 -0800 (Tue, 11 Dec 2007)

Log Message:
-----------
STS-452: Allow encryption and decryption of ActionBean properties. If 
@Validate(encrypted=true) is set on an ActionBean property then that property's 
value will be encrypted when written to a page and *must* be encrypted for 
binding to succeed when it is submitted.

Currently encryption is only supported for form population and repopulation. 
Encryption support will be added to ParamTag next.

Modified Paths:
--------------
    
trunk/stripes/src/net/sourceforge/stripes/controller/DefaultActionBeanPropertyBinder.java
    
trunk/stripes/src/net/sourceforge/stripes/format/DefaultFormatterFactory.java
    trunk/stripes/src/net/sourceforge/stripes/tag/DefaultPopulationStrategy.java
    trunk/stripes/src/net/sourceforge/stripes/validation/Validate.java
    trunk/stripes/src/net/sourceforge/stripes/validation/ValidationMetadata.java

Modified: 
trunk/stripes/src/net/sourceforge/stripes/controller/DefaultActionBeanPropertyBinder.java
===================================================================
--- 
trunk/stripes/src/net/sourceforge/stripes/controller/DefaultActionBeanPropertyBinder.java
   2007-12-11 18:05:05 UTC (rev 663)
+++ 
trunk/stripes/src/net/sourceforge/stripes/controller/DefaultActionBeanPropertyBinder.java
   2007-12-11 18:26:09 UTC (rev 664)
@@ -778,28 +778,34 @@
 
         // Dig up the type converter
         TypeConverter converter = null;
+        HttpServletRequest request = bean.getContext().getRequest();
         if (validationInfo != null && validationInfo.converter() != null) {
             converter = 
this.configuration.getTypeConverterFactory().getInstance(
-                    validationInfo.converter(), 
bean.getContext().getRequest().getLocale());
+                    validationInfo.converter(), request.getLocale());
         }
         else {
             converter = 
this.configuration.getTypeConverterFactory().getTypeConverter(propertyType,
-                    bean.getContext().getRequest().getLocale());
+                    request.getLocale());
         }
 
         log.debug("Converting ", values.length, " value(s) using converter ", 
converter);
 
         for (int i = 0; i < values.length; ++i) {
-            if (!"".equals(values[i])) {
+            String value = values[i];
+            if (!"".equals(value)) {
                 try {
+                    if (validationInfo != null && validationInfo.encrypted()) {
+                        value = CryptoUtil.decrypt(values[i], request);
+                    }
+
                     Object retval = null;
                     if (converter != null) {
-                        retval = converter.convert(values[i], propertyType, 
errors);
+                        retval = converter.convert(value, propertyType, 
errors);
                     }
                     else {
                         Constructor constructor = 
propertyType.getConstructor(String.class);
                         if (constructor != null) {
-                            retval = constructor.newInstance(values[i]);
+                            retval = constructor.newInstance(value);
                         }
                         else {
                             log.debug("Could not find a way to convert the 
parameter ",
@@ -817,7 +823,7 @@
                     // Set the field name and value on the error
                     for (ValidationError error : errors) {
                         error.setFieldName(propertyName.getStrippedName());
-                        error.setFieldValue(values[i]);
+                        error.setFieldValue(value);
                     }
                 }
                 catch (Exception e) {

Modified: 
trunk/stripes/src/net/sourceforge/stripes/format/DefaultFormatterFactory.java
===================================================================
--- 
trunk/stripes/src/net/sourceforge/stripes/format/DefaultFormatterFactory.java   
    2007-12-11 18:05:05 UTC (rev 663)
+++ 
trunk/stripes/src/net/sourceforge/stripes/format/DefaultFormatterFactory.java   
    2007-12-11 18:26:09 UTC (rev 664)
@@ -20,6 +20,7 @@
 import java.util.Map;
 
 import net.sourceforge.stripes.config.Configuration;
+import net.sourceforge.stripes.tag.EncryptedValue;
 import net.sourceforge.stripes.util.Log;
 
 /**
@@ -135,6 +136,9 @@
             else if (Enum.class.isAssignableFrom(targetClass)) {
                 formatterClass = EnumFormatter.class;
             }
+            else if (EncryptedValue.class.isAssignableFrom(targetClass)) {
+                formatterClass = EncryptedValueFormatter.class;
+            }
         }
 
         // cache it, even if it's null

Modified: 
trunk/stripes/src/net/sourceforge/stripes/tag/DefaultPopulationStrategy.java
===================================================================
--- 
trunk/stripes/src/net/sourceforge/stripes/tag/DefaultPopulationStrategy.java    
    2007-12-11 18:05:05 UTC (rev 663)
+++ 
trunk/stripes/src/net/sourceforge/stripes/tag/DefaultPopulationStrategy.java    
    2007-12-11 18:26:09 UTC (rev 664)
@@ -14,6 +14,8 @@
  */
 package net.sourceforge.stripes.tag;
 
+import javax.servlet.http.HttpServletRequest;
+
 import net.sourceforge.stripes.action.ActionBean;
 import net.sourceforge.stripes.config.Configuration;
 import net.sourceforge.stripes.exception.StripesJspException;
@@ -21,6 +23,7 @@
 import net.sourceforge.stripes.util.bean.BeanUtil;
 import net.sourceforge.stripes.util.bean.ExpressionException;
 import net.sourceforge.stripes.validation.ValidationErrors;
+import net.sourceforge.stripes.validation.ValidationMetadata;
 
 /**
  * <p>Default implementation of the form input tag population strategy. First 
looks to see if there
@@ -61,6 +64,7 @@
     public Object getValue(InputTagSupport tag) throws StripesJspException {
         // Look first for something that the user submitted in the current 
request
         Object value = getValuesFromRequest(tag);
+        boolean fromRequest = value != null;
 
         // If that's not there, let's look on the ActionBean
         if (value == null) {
@@ -72,6 +76,24 @@
             value = getValueFromTag(tag);
         }
 
+        /*
+         * If the value was pulled from a request parameter, then it should 
already be encrypted and
+         * should repopulate as-is. Otherwise, if the validation directive 
says it should be
+         * encrypted, then prepare it for encryption now.
+         */
+        if (!fromRequest) {
+            Class<? extends ActionBean> beanType = 
config.getActionResolver().getActionBeanType(
+                    tag.getParentFormTag().getAction());
+            if (beanType != null) {
+                ValidationMetadata validate = 
config.getValidationMetadataProvider()
+                        .getValidationMetadata(beanType, tag.getName());
+                if (validate != null && validate.encrypted()) {
+                    value = new EncryptedValue(value, ((HttpServletRequest) 
tag.getPageContext()
+                            .getRequest()));
+                }
+            }
+        }
+
         return value;
     }
 

Modified: trunk/stripes/src/net/sourceforge/stripes/validation/Validate.java
===================================================================
--- trunk/stripes/src/net/sourceforge/stripes/validation/Validate.java  
2007-12-11 18:05:05 UTC (rev 663)
+++ trunk/stripes/src/net/sourceforge/stripes/validation/Validate.java  
2007-12-11 18:26:09 UTC (rev 664)
@@ -22,7 +22,7 @@
 
 /**
  * Primary annotation used to specify validations for form fields.  Allows 
quick and easy
- * specifiction of the most common types of validation logic, as well as a way 
to specify
+ * specification of the most common types of validation logic, as well as a 
way to specify
  * custom validations.
  *
  * @author Tim Fennell
@@ -39,6 +39,14 @@
     String field() default "";
 
     /**
+     * If true, then a parameter value to be bound to this field must be an 
encrypted string. It
+     * also implies that when the value of this field is rendered by certain 
tags (e.g.,
+     * [EMAIL PROTECTED] InputHiddenTag}) that it is to be rendered as an 
encrypted string. This prevents
+     * clients from injecting random values.
+     */
+    boolean encrypted() default false;
+
+    /**
      * If set to true, requires that a non-null, non-empty value must be 
submitted for the field.
      */
     boolean required() default false;

Modified: 
trunk/stripes/src/net/sourceforge/stripes/validation/ValidationMetadata.java
===================================================================
--- 
trunk/stripes/src/net/sourceforge/stripes/validation/ValidationMetadata.java    
    2007-12-11 18:05:05 UTC (rev 663)
+++ 
trunk/stripes/src/net/sourceforge/stripes/validation/ValidationMetadata.java    
    2007-12-11 18:26:09 UTC (rev 664)
@@ -32,8 +32,9 @@
  * @since Stripes 1.5
  */
 public class ValidationMetadata {
-    String property;
-    boolean required;
+    private String property;
+    private boolean encrypted;
+    private boolean required;
     private Set<String> on;
     private boolean onIsPositive;
     private boolean ignore;
@@ -42,7 +43,7 @@
     private Pattern mask;
     private String expression;
     @SuppressWarnings("unchecked")
-       Class<? extends TypeConverter> converter;
+       private Class<? extends TypeConverter> converter;
 
     /**
      * Constructs a ValidationMetadata object for the specified property. 
Further constraints
@@ -65,6 +66,7 @@
     public ValidationMetadata(String property, Validate validate) {
         // Copy over all the simple values
         this.property = property;
+        encrypted(validate.encrypted());
         required(validate.required());
         ignore(validate.ignore());
         if (validate.minlength() != -1) minlength(validate.minlength());
@@ -82,6 +84,15 @@
         return this.property;
     }
 
+    /** Sets the encrypted flag for this field. True = encrypted, false = 
plain text. */
+    public ValidationMetadata encrypted(boolean encrypted) {
+        this.encrypted = encrypted;
+        return this;
+    }
+
+    /** Returns true if the field in question is encrypted. */
+    public boolean encrypted() { return encrypted; }
+
     /** Sets the required-ness of this field. True = required, false = not 
required. */
     public ValidationMetadata required(boolean required) {
         this.required = required;


This was sent by the SourceForge.net collaborative development platform, the 
world's largest Open Source development site.

-------------------------------------------------------------------------
SF.Net email is sponsored by: 
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development

Reply via email to