Revision: 671
http://stripes.svn.sourceforge.net/stripes/?rev=671&view=rev
Author: bengunter
Date: 2007-12-11 21:29:33 -0800 (Tue, 11 Dec 2007)
Log Message:
-----------
STS-452: Allow encryption and decryption of ActionBean properties.
DefaultPopulationStrategy always returns a plaintext value. I.e., if a value is
pulled from a request parameter and the corresponding ActionBean property is
flagged as encrypted, the value will be decrypted before being returned. Values
are now encrypted by InputTagSupport before being written out. Encrypted values
are now supported by all form tags that extend InputTagSupport.
Modified Paths:
--------------
trunk/stripes/src/net/sourceforge/stripes/tag/DefaultPopulationStrategy.java
trunk/stripes/src/net/sourceforge/stripes/tag/InputTagSupport.java
Modified:
trunk/stripes/src/net/sourceforge/stripes/tag/DefaultPopulationStrategy.java
===================================================================
---
trunk/stripes/src/net/sourceforge/stripes/tag/DefaultPopulationStrategy.java
2007-12-12 05:25:54 UTC (rev 670)
+++
trunk/stripes/src/net/sourceforge/stripes/tag/DefaultPopulationStrategy.java
2007-12-12 05:29:33 UTC (rev 671)
@@ -14,11 +14,14 @@
*/
package net.sourceforge.stripes.tag;
+import java.security.GeneralSecurityException;
+
import javax.servlet.http.HttpServletRequest;
import net.sourceforge.stripes.action.ActionBean;
import net.sourceforge.stripes.config.Configuration;
import net.sourceforge.stripes.exception.StripesJspException;
+import net.sourceforge.stripes.util.CryptoUtil;
import net.sourceforge.stripes.util.Log;
import net.sourceforge.stripes.util.bean.BeanUtil;
import net.sourceforge.stripes.util.bean.ExpressionException;
@@ -64,7 +67,6 @@
public Object getValue(InputTagSupport tag) throws StripesJspException {
// Look first for something that the user submitted in the current
request
Object value = getValuesFromRequest(tag);
- boolean fromRequest = value != null;
// If that's not there, let's look on the ActionBean
if (value == null) {
@@ -76,24 +78,6 @@
value = getValueFromTag(tag);
}
- /*
- * If the value was pulled from a request parameter, then it should
already be encrypted and
- * should repopulate as-is. Otherwise, if the validation directive
says it should be
- * encrypted, then prepare it for encryption now.
- */
- if (!fromRequest) {
- Class<? extends ActionBean> beanType =
config.getActionResolver().getActionBeanType(
- tag.getParentFormTag().getAction());
- if (beanType != null) {
- ValidationMetadata validate =
config.getValidationMetadataProvider()
- .getValidationMetadata(beanType, tag.getName());
- if (validate != null && validate.encrypted()) {
- value = new EncryptedValue(value, ((HttpServletRequest)
tag.getPageContext()
- .getRequest()));
- }
- }
- }
-
return value;
}
@@ -105,7 +89,44 @@
* @return a String[] if values are found, null otherwise
*/
protected String[] getValuesFromRequest(InputTagSupport tag) throws
StripesJspException {
- return
tag.getPageContext().getRequest().getParameterValues(tag.getName());
+ String[] value =
tag.getPageContext().getRequest().getParameterValues(tag.getName());
+
+ /*
+ * If the value was pulled from a request parameter and the ActionBean
property it would
+ * bind to is flagged as encrypted, then the value needs to be
decrypted now.
+ */
+ if (value != null) {
+ // find the action bean class we're dealing with
+ Class<? extends ActionBean> beanClass = null;
+ ActionBean bean = tag.getActionBean();
+ if (bean != null) {
+ beanClass = bean.getClass();
+ }
+ else {
+ beanClass = config.getActionResolver().getActionBeanType(
+ tag.getParentFormTag().getAction());
+ }
+
+ if (beanClass != null) {
+ ValidationMetadata validate =
config.getValidationMetadataProvider()
+ .getValidationMetadata(beanClass, tag.getName());
+ if (validate != null && validate.encrypted()) {
+ try {
+ String[] copy = new String[value.length];
+ for (int i = 0; i < copy.length; i++) {
+ copy[i] = CryptoUtil.decrypt(value[i],
((HttpServletRequest) tag
+ .getPageContext().getRequest()));
+ }
+ value = copy;
+ }
+ catch (GeneralSecurityException e) {
+ throw new StripesJspException(e);
+ }
+ }
+ }
+ }
+
+ return value;
}
/**
Modified: trunk/stripes/src/net/sourceforge/stripes/tag/InputTagSupport.java
===================================================================
--- trunk/stripes/src/net/sourceforge/stripes/tag/InputTagSupport.java
2007-12-12 05:25:54 UTC (rev 670)
+++ trunk/stripes/src/net/sourceforge/stripes/tag/InputTagSupport.java
2007-12-12 05:29:33 UTC (rev 671)
@@ -15,15 +15,19 @@
package net.sourceforge.stripes.tag;
import net.sourceforge.stripes.action.ActionBean;
+import net.sourceforge.stripes.config.Configuration;
import net.sourceforge.stripes.controller.StripesFilter;
import net.sourceforge.stripes.exception.StripesJspException;
+import net.sourceforge.stripes.exception.StripesRuntimeException;
import net.sourceforge.stripes.format.Formatter;
import net.sourceforge.stripes.format.FormatterFactory;
import net.sourceforge.stripes.localization.LocalizationUtility;
import net.sourceforge.stripes.validation.ValidationError;
import net.sourceforge.stripes.validation.ValidationErrors;
import net.sourceforge.stripes.validation.BooleanTypeConverter;
+import net.sourceforge.stripes.validation.ValidationMetadata;
+import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.JspWriter;
import javax.servlet.jsp.tagext.TryCatchFinally;
@@ -250,7 +254,44 @@
return "";
}
- FormatterFactory factory =
StripesFilter.getConfiguration().getFormatterFactory();
+ Configuration config = StripesFilter.getConfiguration();
+ try {
+ // find the action bean class we're dealing with
+ Class<? extends ActionBean> beanClass = null;
+ ActionBean bean = getActionBean();
+ if (bean != null) {
+ beanClass = bean.getClass();
+ }
+ else {
+ beanClass = config.getActionResolver().getActionBeanType(
+ getParentFormTag().getAction());
+ }
+
+ // if a bean class was found then check the encrypted flag on this
property
+ if (beanClass != null) {
+ // ascend the tag stack until a tag name is found
+ String name = getName();
+ if (name == null) {
+ InputTagSupport tag = getParentTag(InputTagSupport.class);
+ while (name == null && tag != null) {
+ name = tag.getName();
+ }
+ }
+
+ // check validation for encryption flag
+ ValidationMetadata validate =
config.getValidationMetadataProvider()
+ .getValidationMetadata(beanClass, name);
+ if (validate != null && validate.encrypted()) {
+ input = new EncryptedValue(input, (HttpServletRequest)
getPageContext()
+ .getRequest());
+ }
+ }
+ }
+ catch (JspException e) {
+ throw new StripesRuntimeException(e);
+ }
+
+ FormatterFactory factory = config.getFormatterFactory();
Formatter formatter = factory.getFormatter(input.getClass(),
getPageContext().getRequest().getLocale(),
this.formatType,
This was sent by the SourceForge.net collaborative development platform, the
world's largest Open Source development site.
-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://sourceforge.net/services/buy/index.php
_______________________________________________
Stripes-development mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/stripes-development
