The 2.3 HttpServletRequest interface provides a setAttribute() method to change the values of a given attribute. It does NOT however provide a similar setParameter() method, allowing you to programatically modify the values that accompany the request - I assume this means that we shouldn't be able to change these values.
What I've discovered however, is that if I _can_ modify parameter values by calling getParameterValues() (which returns String[]) and set the values that way. For instance:
Enumeration enum = req.getParameterNames(); while (enum.hasMoreElements()) { String key =(String) enum.nextElement(); String vals[] = req.getParameterValues(key); for (int i=0, max=vals.length; i<max; i++) { if (key.equalsIgnoreCase("password")) vals[i] = "********"; logger.info("...key:"+key+" value:"+vals[i]); } }
This has the surprising (to me anyway) effect of actually _modifying_ the underlying value for the particular key. Is this simply an implementation oversight? I had assumed that the method would be returning a copy of the underlying data structure, rather than a reference to the structure itself.
This isn't really a problem for me, but I thought it was interesting and I'm curious to know if this was intentional or not. Anyone care to comment?
This is a bug. The String[] returned by req.getParameterValues() should have been a clone.
I just committed a fix.
Thanks,
Jan
Thanks much, Christian ---------------------------------------------- Christian Cryder Internet Architect, ATMReports.com Project Chair, BarracudaMVC - http://barracudamvc.org ---------------------------------------------- "Coffee? I could quit anytime, just not today"
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
