com.atlassian.jira.webwork
Class JiraSafeActionParameterSetter

java.lang.Object
  extended by com.atlassian.jira.webwork.JiraSafeActionParameterSetter

public class JiraSafeActionParameterSetter
extends java.lang.Object

This class is a replacement for the broken and dangerous webwork1 'el' based BeanUtil.setProperties(java.util.Map, Object)

This uses a different set of rules when accepting input from the web, with some nods towards webwork1 to keep its old behaviour but lose its dangerous nature.

Top Level Code Only

Only Action level public java.beans setters can be invoked. You can not longer navigate away from an Action into other code. In the old days one could invoke nearly arbitrary code. Uncool!

Null Values Are Never Set

Null parameter values are never set into the action. This is old behaviour.

Only Certain Data Types

See the class KnownParameterConverters for a complete list but basically its Strings, Longs, Integers, Shorts, Bytes and so on.

String / String[] / Other Types Precedence

The webwork1 code used the above precedence in choosing a setter. More by accident that by design I suspect.

webwork.action.IllegalArgumentAware

If an action is IllegalArgumentAware, then it will be told about bad parameters and the exception will be ignored. All JiraWebActionSupport actions implements IllegalArgumentAware. JIRA is aware!

Introduced / changed as part of JRA-15664

Since:
v3.13.2

Constructor Summary
JiraSafeActionParameterSetter()
           
 
Method Summary
 void setSafeParameters(webwork.action.Action action, java.util.Map<java.lang.String,?> webParameters)
          This is called to set a map of parameters into an action.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

JiraSafeActionParameterSetter

public JiraSafeActionParameterSetter()
Method Detail

setSafeParameters

public void setSafeParameters(webwork.action.Action action,
                              java.util.Map<java.lang.String,?> webParameters)
This is called to set a map of parameters into an action. This is the designated way we want input from the web to be set into into web actions.

The action MUST not be a SafeAction and an assertions is made to that end.

Parameters:
action - the action in play
webParameters - the map of web request parameters


Copyright © 2002-2011 Atlassian. All Rights Reserved.