Shulou(Shulou.com)06/03 Report--

This article mainly introduces how to use the ParametersInterceptor interceptor for Struts2 source code analysis. It is very detailed and has certain reference value. Friends who are interested must finish reading it.

Preface

The main function of ParametersInterceptor interceptor is to set the request parameters in ActionContext to ValueStack, if the top of the stack is the current Action, then set the request parameters to Action, if the top of the stack is a model (Action implements the ModelDriven interface), then set the parameters to model.

The following is the doIntercept method source code for the interceptor:

@ Overridepublic String doIntercept (ActionInvocation invocation) throws Exception {Object action = invocation.getAction (); / / get the currently executed Action object if (! (action instanceof NoParameters)) {/ / determine whether the Action implements the NoParameters interface, which means that the Action does not have any request parameters ActionContext ac = invocation.getInvocationContext (); / / get the ActionContext object final Map parameters = retrieveParameters (ac) / / get the request parameter Map// omitted... if (parameters! = null) {/ / if the request parameter is not nullMap contextMap = ac.getContextMap (); / / get the contextMap inside the ActionContext, that is, the OgnlContext object try {/ / omitted... ValueStack stack = ac.getValueStack (); / / get the value stack setParameters (action, stack, parameters); / / set the parameter} finally {/ / omitted.}} return invocation.invoke (); / / call the next interceptor} return invocation.invoke ()

The setParameters method is the main logic of the interceptor, and now enter this method:

Protected void setParameters (Object action, ValueStack stack, final Map parameters) {ParameterNameAware parameterNameAware = (action instanceof ParameterNameAware)? (ParameterNameAware) action: null;// determines whether Action implements the ParameterNameAware interface Map params;Map acceptableParameters;// legal parameter set / / determines whether the parameter set is ordered, that is, unordered if (ordered) {params = new TreeMap (getOrderedComparator ()); / / if ordered, get the comparator acceptableParameters = new TreeMap (getOrderedComparator ()); params.putAll (parameters);} else {params = new TreeMap (parameters); acceptableParameters = new TreeMap () } / / iterative request parameter for (Map.Entry entry: params.entrySet ()) {String name = entry.getKey (); / / determine whether the parameter is legal. If Action implements ParameterNameAware, acceptableName (name) returns true and parameterNameAware.acceptableParameterName (name) / / also returns true. This parameter is legal. If Action does not implement ParameterNameAware, it is up to the acceptableName (name) method to determine whether the parameter is legal or not. Boolean acceptableName = acceptableName (name) & & (parameterNameAware = = null | | parameterNameAware.acceptableParameterName (name)); / / if the parameter is legal, if (acceptableName) {acceptableParameters.put (name, entry.getValue ()); / / add the valid parameter to the legal parameter set} ValueStack newStack = valueStackFactory.createValueStack (stack) / / omit... for (Map.Entry entry: acceptableParameters.entrySet ()) {/ / iterative parameter String name = entry.getKey (); / / parameter name Object value = entry.getValue (); / / parameter value try {newStack.setValue (name, value) / / set this parameter to ValueStack} catch (RuntimeException e) {/ / omit.} / / omit. / see that the name of the method is to add the legal parameter to the ActionContext, but in the interceptor, the method is empty and no code / / the method is declared as protected, that is, the subclass can override the method to change the behavior of addParametersToContext (ActionContext.getContext (), acceptableParameters);}

According to the above comments, you should be able to find that the logic of the setParameters method is very clear, that is, first judge whether the submitted parameters are legal, because the submitted parameters will affect the value stack, so struts2 should check the validity of the submitted parameters in order to prevent malicious users from attacking. All expressions in the request parameters that contain equal signs (=), commas (,), and # (#) are illegal expressions. Now take a look at exactly how to determine whether a parameter is legal or not.

As mentioned in the above note, if Action implements ParameterNameAware, it is necessary to judge the acceptableParameterName (name) method declared in the ParameterNameAware interface (logic is implemented by yourself) and the acceptableName (name) method of the interceptor. We assume that Action does not implement the ParameterNameAware interface, and whether the parameters are legal is determined by the acceptableName (name) method. The following is the source code of this method:

Protected boolean acceptableName (String name) {/ / call isAccepted and isExcluded methods to judge if (isAccepted (name) & &! isExcluded (name)) {return true;} return false;}

IsAccepted and isExcluded method source code:

Protected boolean isAccepted (String paramName) {if (! this.acceptParams.isEmpty ()) {for (Pattern pattern: acceptParams) {Matcher matcher = pattern.matcher (paramName); if (matcher.matches ()) {return true;}} return false;} elsereturn acceptedPattern.matcher (paramName). Matches ();} protected boolean isExcluded (String paramName) {if (! this.excludeParams.isEmpty ()) {for (Pattern pattern: excludeParams) {Matcher matcher = pattern.matcher (paramName); if (matcher.matches ()) {return true } return false;}

As mentioned above, the interceptor is configured with parameter filtering and a parameter named excludeParams, which is used to specify which parameters to exclude, that is, illegal. When we pass the string, the interceptor parses the string and converts it into a corresponding Pattern object for regular expression verification. The isAccepted and isExcluded methods use these regular expressions for verification, and the logic is very simple. That's all I have to say.

The final parameter assignment is the setValue method of the called ValueStack, which is assigned internally by the OGNL expression engine. Although the interior is very complicated, we only need to know that when the OGNL expression engine sets the request parameter to ValueStack, it looks from the top of the stack to the bottom of the stack to find the object with the corresponding setter method. If the parameter being assigned finds an object with a setter method in ValueStack, the value of the parameter is assigned to the object. If it is not found, it is inherited to look at the bottom of the stack until it is found, and if the bottom of the stack is not found, the assignment is not successful.

The above is all the content of this article entitled "how to use ParametersInterceptor interceptor for Struts2 source code analysis". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.