Cleaning parameter values is perfect for an interceptor, and it's pretty easy to do.
For example, we had interceptors that removed trailing spaces, HTML-safed input, etc. A filter would work as well, but I tend to use S2-specific artifacts when the entire system is S2. Dave On Mon, Jul 28, 2014 at 1:02 PM, rgm <str...@rgm.nu> wrote: > I've got a problem where my PostgreSQL database won't store a String that > contains a null charcter, and I'm trying to figure out the best place to > sanitize the parameter. Your advice is appreciated. > > If it were a one-off issue, I'd handle it in the validate() method of the > action, but in this case, I feel comfortable declaring that no String > parameters in my app should ever contain nulls (or control characters) in > their value. > > Do you have recommendations about the best place to reject paramters > containing nulls app-wide? A normal Java Filter, or perhaps a Struts > Interceptor (subclass ParametersInterceptor to create > ParameterValueInterceptor)? Or maybe I should sub-class String (ew) and > then make my own StrutsTypeConverter? (that last one feels dirty and would > require many changes). > > This problem came up while attempting to log a message to the database > about a login failure for a user that was provided like this: > > https://myserver.com/myapp/login?user=%00 > > I'd rather just pretend that the String excluded that 0x00 character, and > was "null". > -- e: davelnew...@gmail.com m: 908-380-8699 s: davelnewton_skype t: @dave_newton <https://twitter.com/dave_newton> b: Bucky Bits <http://buckybits.blogspot.com/> g: davelnewton <https://github.com/davelnewton> so: Dave Newton <http://stackoverflow.com/users/438992/dave-newton>
