How did you register it?
2014-11-19 12:55 GMT+01:00 JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>:
> Quick question here. I'm working on the approach to use a custom conversor.
> It works fine for standard parameters (Just a String), but I'm having
> issues when the getter receives a String[] parameters
>
> private String parameter = null;
> @TypeConversion(type = ConversionType.CLASS, converter =
> "com.xxx.yyy.util.conversion.struts2.JSoupConversor")
> public void setParameter(String parameter) {
> this.parameter = parameter;
> LOG.debug("simple parameter "+parameter);
> }
>
> private String parameterArray[] = null;
> @TypeConversion(rule= ConversionRule.COLLECTION, type =
> ConversionType.CLASS, converter =
> "com.xxx.yyy.util.conversion.struts2.JSoupConversor")
> public void setParameterArray(String parameterArray[]) {
> this.parameterArray = parameterArray;
> LOG.debug("parameterArray " +Arrays.toString(parameterArray));
> }
>
> the JSoupConversor has a minimal implementation of the conversion:
>
> public Object convertValue(Map context, Object o, Class toClass) {
> LOG.debug("convertValue "+o);
> return super.convertValue(context,o, toClass);
> }
>
> public Object convertFromString(Map context, String[] values, Class
> toClass) {
> LOG.debug("convertFromString "+Arrays.toString(values));
> return null;
> }
>
> public String convertToString(Map context, Object o) {
> LOG.debug("convertToString " +o);
> if (o != null)
> return o.toString();
> return null;
> }
> protected Object performFallbackConversion(Map context, Object o, Class
> toClass) {
> LOG.debug("performFallbackConversion "+o);
> return super.convertValue(context, o, toClass);
> }
>
> The issue is that it the converter is not being called for the
> parameterArray, although the setter is being called. The logs are as
> follows:
>
> com.opensymphony.xwork2.interceptor.ParametersInterceptor - Setting params
> parameter => [ value1 ] parameterArray => *[ value2, value3 ]*
> com.opensymphony.xwork2.conversion.impl.DefaultConversionAnnotationProcessor
> - TypeConversion [com.xxx.yyy.util.conversion.struts2.JSoupConversor] with
> key: [parameter]
> *com.opensymphony.xwork2.conversion.impl.DefaultConversionAnnotationProcessor
> - TypeConversion [com.xxx.yyy.util.conversion.struts2.JSoupConversor] with
> key: [parameterArray]*
> com.xxx.yyy.util.conversion.struts2.JSoupConversor - convertValue
> [Ljava.lang.String;@1028f08
> com.xxx.yyy.util.conversion.struts2.JSoupConversor - convertToString
> [Ljava.lang.String;@1028f08
> com.xxx.yyy.modules.test.controller.action.json.TestJSON - simple
> parameter [Ljava.lang.String;@1028f08
> com.xxx.yyy.modules.test.controller.action.json.TestJSON - *parameterArray
> [value2, value3]*
> com.opensymphony.xwork2.validator.ValidationInterceptor - Invoking
> validate() on action
> com.spb.eco.modules.test.controller.action.json.TestJSON@1f4ca39
>
> So I see the converter being called for parameter, but not for
> parameterArray, but the parameterArray is actually being set. What am I
> missing?
>
> Thanks
>
>
> 2014-11-19 6:18 GMT-05:00 JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>:
>
>> Thanks for the ideas. Overwriting retrieveParameters(ActionContext ac)
>> method seems a good solution, although that would imply doing it to all
>> parameters. While that could be ok, I would like to take a less aggressive
>> approach.One option I'm considering is to user a custom Converter that
>> could take care of this, so I could setup the converter only in those
>> parameters I know I need to filter. What do you think?
>>
>> 2014-11-19 4:57 GMT-05:00 Lukasz Lenart <lukaszlen...@apache.org>:
>>
>> 2014-11-19 4:57 GMT+01:00 JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>:
>>> > Hello,
>>> > We are using Struts 2.3.16.3 for our application. Due to security
>>> > reasons, we need to "clean" the user's input in order to avoid XSS. We
>>> are
>>> > using JSoup for that, with success(
>>> > http://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer).
>>> >
>>> > The issues is that we haven't find a really good way to integrate it
>>> with
>>> > Struts. Basically we need to pass every String parameter through JSoup
>>> to
>>> > sanitize it, and right now we are doing it manully on the execute
>>> method of
>>> > the action, after the parameters have been loaded in the action and
>>> > validated. We would like to do it automatically when the parametes are
>>> set
>>> > in the action. In the normal actions we can do it in the getter, but
>>> some
>>> > actions have java beans for parameters, and we don't want to integrate
>>> the
>>> > Jsoup call in the bean methods. Any suggestions about how to do this?
>>>
>>> You can override ParametersInterceptor's
>>> retrieveParameters(ActionContext ac) method and then build your custom
>>> stack. Or you can develop custom interceptor and put it on the top of
>>> your stack and do ActionContext.get/setParameters() in intercept()
>>> method.
>>>
>>>
>>> Regards
>>> --
>>> Ćukasz
>>> + 48 606 323 122 http://www.lenart.org.pl/
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
>>> For additional commands, e-mail: user-h...@struts.apache.org
>>>
>>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
