Yeah... basically conversion isn't needed in that case ;-) 2014-11-20 15:32 GMT+01:00 JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>: > I jsut used the annotation: > private String parameterArray[] = null; > @TypeConversion(rule= ConversionRule.COLLECTION, type = > ConversionType.CLASS, converter = "com.xxx.yyy.util.conversion. > struts2.JSoupConversor") > public void setParameterArray(String parameterArray[]) { > this.parameterArray = parameterArray; > LOG.debug("parameterArray " +Arrays.toString(parameterArray)); > } > > Anyway, I discovered why it is not used when the parameter is an array of > String. In the process to look for the apropiate setter for the > parameter(which is always an array of String), Ognl uses the method > OgnlRuntime.getAppropriateMethod. This method returns the most appropriate > setter for the parameter. If it not find it calls > getConvertedMethodAndArgs, which in turn calls XWorkConverter to convert > the value, which in turn calls the custom converter. But if there is a > perfect match for the setter, then XWorkConverter is not used. > > In the case of the parameter "parameter", the setter receives a single > String, and since originally the parameter is an array of String, there is > no perfect match, and Ognl uses XWorkConverter to do the job. But in the > case of the parameter "parameterArray" the setter received an array of > String, so there is a perfect match and therefore XWorkConverter is not > used, it just calls the setter with the parameter, so the converter is not > used. > > 2014-11-20 7:48 GMT-05:00 Lukasz Lenart <lukaszlen...@apache.org>: > >> How did you register it? >> >> 2014-11-19 12:55 GMT+01:00 JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>: >> > Quick question here. I'm working on the approach to use a custom >> conversor. >> > It works fine for standard parameters (Just a String), but I'm having >> > issues when the getter receives a String[] parameters >> > >> > private String parameter = null; >> > @TypeConversion(type = ConversionType.CLASS, converter = >> > "com.xxx.yyy.util.conversion.struts2.JSoupConversor") >> > public void setParameter(String parameter) { >> > this.parameter = parameter; >> > LOG.debug("simple parameter "+parameter); >> > } >> > >> > private String parameterArray[] = null; >> > @TypeConversion(rule= ConversionRule.COLLECTION, type = >> > ConversionType.CLASS, converter = >> > "com.xxx.yyy.util.conversion.struts2.JSoupConversor") >> > public void setParameterArray(String parameterArray[]) { >> > this.parameterArray = parameterArray; >> > LOG.debug("parameterArray " +Arrays.toString(parameterArray)); >> > } >> > >> > the JSoupConversor has a minimal implementation of the conversion: >> > >> > public Object convertValue(Map context, Object o, Class toClass) { >> > LOG.debug("convertValue "+o); >> > return super.convertValue(context,o, toClass); >> > } >> > >> > public Object convertFromString(Map context, String[] values, Class >> > toClass) { >> > LOG.debug("convertFromString "+Arrays.toString(values)); >> > return null; >> > } >> > >> > public String convertToString(Map context, Object o) { >> > LOG.debug("convertToString " +o); >> > if (o != null) >> > return o.toString(); >> > return null; >> > } >> > protected Object performFallbackConversion(Map context, Object o, >> Class >> > toClass) { >> > LOG.debug("performFallbackConversion "+o); >> > return super.convertValue(context, o, toClass); >> > } >> > >> > The issue is that it the converter is not being called for the >> > parameterArray, although the setter is being called. The logs are as >> > follows: >> > >> > com.opensymphony.xwork2.interceptor.ParametersInterceptor - Setting >> params >> > parameter => [ value1 ] parameterArray => *[ value2, value3 ]* >> > >> com.opensymphony.xwork2.conversion.impl.DefaultConversionAnnotationProcessor >> > - TypeConversion [com.xxx.yyy.util.conversion.struts2.JSoupConversor] >> with >> > key: [parameter] >> > >> *com.opensymphony.xwork2.conversion.impl.DefaultConversionAnnotationProcessor >> > - TypeConversion [com.xxx.yyy.util.conversion.struts2.JSoupConversor] >> with >> > key: [parameterArray]* >> > com.xxx.yyy.util.conversion.struts2.JSoupConversor - convertValue >> > [Ljava.lang.String;@1028f08 >> > com.xxx.yyy.util.conversion.struts2.JSoupConversor - convertToString >> > [Ljava.lang.String;@1028f08 >> > com.xxx.yyy.modules.test.controller.action.json.TestJSON - simple >> > parameter [Ljava.lang.String;@1028f08 >> > com.xxx.yyy.modules.test.controller.action.json.TestJSON - >> *parameterArray >> > [value2, value3]* >> > com.opensymphony.xwork2.validator.ValidationInterceptor - Invoking >> > validate() on action >> > com.spb.eco.modules.test.controller.action.json.TestJSON@1f4ca39 >> > >> > So I see the converter being called for parameter, but not for >> > parameterArray, but the parameterArray is actually being set. What am I >> > missing? >> > >> > Thanks >> > >> > >> > 2014-11-19 6:18 GMT-05:00 JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>: >> > >> >> Thanks for the ideas. Overwriting retrieveParameters(ActionContext ac) >> >> method seems a good solution, although that would imply doing it to all >> >> parameters. While that could be ok, I would like to take a less >> aggressive >> >> approach.One option I'm considering is to user a custom Converter that >> >> could take care of this, so I could setup the converter only in those >> >> parameters I know I need to filter. What do you think? >> >> >> >> 2014-11-19 4:57 GMT-05:00 Lukasz Lenart <lukaszlen...@apache.org>: >> >> >> >> 2014-11-19 4:57 GMT+01:00 JOSE L MARTINEZ-AVIAL <jlm...@gmail.com>: >> >>> > Hello, >> >>> > We are using Struts 2.3.16.3 for our application. Due to security >> >>> > reasons, we need to "clean" the user's input in order to avoid XSS. >> We >> >>> are >> >>> > using JSoup for that, with success( >> >>> > http://jsoup.org/cookbook/cleaning-html/whitelist-sanitizer). >> >>> > >> >>> > The issues is that we haven't find a really good way to integrate >> it >> >>> with >> >>> > Struts. Basically we need to pass every String parameter through >> JSoup >> >>> to >> >>> > sanitize it, and right now we are doing it manully on the execute >> >>> method of >> >>> > the action, after the parameters have been loaded in the action and >> >>> > validated. We would like to do it automatically when the parametes >> are >> >>> set >> >>> > in the action. In the normal actions we can do it in the getter, but >> >>> some >> >>> > actions have java beans for parameters, and we don't want to >> integrate >> >>> the >> >>> > Jsoup call in the bean methods. Any suggestions about how to do this? >> >>> >> >>> You can override ParametersInterceptor's >> >>> retrieveParameters(ActionContext ac) method and then build your custom >> >>> stack. Or you can develop custom interceptor and put it on the top of >> >>> your stack and do ActionContext.get/setParameters() in intercept() >> >>> method. >> >>> >> >>> >> >>> Regards >> >>> -- >> >>> Ćukasz >> >>> + 48 606 323 122 http://www.lenart.org.pl/ >> >>> >> >>> --------------------------------------------------------------------- >> >>> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> >>> For additional commands, e-mail: user-h...@struts.apache.org >> >>> >> >>> >> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org >> For additional commands, e-mail: user-h...@struts.apache.org >> >>
--------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@struts.apache.org For additional commands, e-mail: user-h...@struts.apache.org