I think the class name is very confusing. Can it just be StrutsParameters? The "secure" thing I don't think is accurate. On Oct 8, 2015 8:31 AM, "Christoph Nenning" <christoph.nenn...@lex-com.net> wrote:
> > From: Lukasz Lenart <lukaszlen...@apache.org> > > To: Struts Developers List <dev@struts.apache.org>, > > Date: 06.10.2015 08:28 > > Subject: Secure parameters > > > > Hi, > > > > I have started on introducing typed parameters instead of a Map of > > objects as we have right now [1]. Basically I am trying to introduce a > > dedicated class which will represent HTTP parameters [2]. This isn't > > finished yet as I need to figure out how to handle pushing objects > > onto parameters (ie. FileuploadInterceptor is pushing files [3]) - the > > problem is that HTTP params are arrays of strings but we have used it > > internally to "transport" other objects. > > > > Any insights welcome :) > > > > [1] https://github.com/apache/struts/pull/53 > > [2] https://github.com/apache/struts/pull/53/files#diff-12 > > [3] https://github.com/apache/struts/pull/53/files#diff-18 > > > > > > > Basically I love the idea to have some more meta data about each > parameter. > > I would expect new 'Parameter' interface would provide a method like > 'isExternal()' or 'isUserProvided()' but maybe this is yet to come ;) > > > > > as I need to figure out how to handle pushing objects > > onto parameters > > One way could be to add methods like these to 'Parameter': > > Object getValueNonString() > Object[] getValuesNonString() > boolean hasValueNonString() > > > Most places dealing with parameters just need Strings. They can use > methods 'getValue()' and 'getMultipleValue()' and don't need to cast. > Those few places that need other types than Strings can use 'NonString' > methods and have to cast on their own. > > > > Regards, > Christoph > > This Email was scanned by Sophos Anti Virus >