> From: Lukasz Lenart <lukaszlen...@apache.org> > To: Struts Developers List <dev@struts.apache.org>, > Date: 06.10.2015 08:28 > Subject: Secure parameters > > Hi, > > I have started on introducing typed parameters instead of a Map of > objects as we have right now [1]. Basically I am trying to introduce a > dedicated class which will represent HTTP parameters [2]. This isn't > finished yet as I need to figure out how to handle pushing objects > onto parameters (ie. FileuploadInterceptor is pushing files [3]) - the > problem is that HTTP params are arrays of strings but we have used it > internally to "transport" other objects. > > Any insights welcome :) > > [1] https://github.com/apache/struts/pull/53 > [2] https://github.com/apache/struts/pull/53/files#diff-12 > [3] https://github.com/apache/struts/pull/53/files#diff-18 > >
Basically I love the idea to have some more meta data about each parameter. I would expect new 'Parameter' interface would provide a method like 'isExternal()' or 'isUserProvided()' but maybe this is yet to come ;) > as I need to figure out how to handle pushing objects > onto parameters One way could be to add methods like these to 'Parameter': Object getValueNonString() Object[] getValuesNonString() boolean hasValueNonString() Most places dealing with parameters just need Strings. They can use methods 'getValue()' and 'getMultipleValue()' and don't need to cast. Those few places that need other types than Strings can use 'NonString' methods and have to cast on their own. Regards, Christoph This Email was scanned by Sophos Anti Virus
