public class


extends Object
   ↳ com.atlassian.jira.webwork.JiraSafeActionParameterSetter

Class Overview

This class is a replacement for the broken and dangerous webwork1 'el' based setProperties(java.util.Map, Object)

This uses a different set of rules when accepting input from the web, with some nods towards webwork1 to keep its old behaviour but lose its dangerous nature.

Top Level Code Only

Only Action level public java.beans setters can be invoked. You can not longer navigate away from an Action into other code. In the old days one could invoke nearly arbitrary code. Uncool!

Null Values Are Never Set

Null parameter values are never set into the action. This is old behaviour.

Only Certain Data Types

See the class KnownParameterConverters for a complete list but basically its Strings, Longs, Integers, Shorts, Bytes and so on.

String / String[] / Other Types Precedence

The webwork1 code used the above precedence in choosing a setter. More by accident that by design I suspect.


If an action is IllegalArgumentAware, then it will be told about bad parameters and the exception will be ignored. All JiraWebActionSupport actions implements IllegalArgumentAware. JIRA is aware!

Introduced / changed as part of JRA-15664


Public Constructors
Public Methods
void setSafeParameters(Action action, Map<String, ?> webParameters)
This is called to set a map of parameters into an action.
Inherited Methods
From class java.lang.Object

Public Constructors

public JiraSafeActionParameterSetter ()

Public Methods

public void setSafeParameters (Action action, Map<String, ?> webParameters)

This is called to set a map of parameters into an action. This is the designated way we want input from the web to be set into into web actions.

The action MUST not be a SafeAction and an assertions is made to that end.

action the action in play
webParameters the map of web request parameters