org.mentawai.filter
Class BlacklistParamFilter

java.lang.Object
  extended by org.mentawai.filter.BlacklistParamFilter
All Implemented Interfaces:
Filter

public class BlacklistParamFilter
extends Object
implements Filter

Based on my discussion with Ricardo Wolosker about parameter injection security, when updating beans. It will remove from the input parameters that we do not want to allow to be updated. For example: id, active, etc.

Author:
Sergio Oliveira Jr.

Constructor Summary
BlacklistParamFilter(String... blacklist)
           
 
Method Summary
 void destroy()
          Gives a chance to the filter to deallocalte any resources before it is destroyed.
 String filter(InvocationChain chain)
          Executes the filter.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

BlacklistParamFilter

public BlacklistParamFilter(String... blacklist)
Method Detail

filter

public String filter(InvocationChain chain)
              throws Exception
Description copied from interface: Filter
Executes the filter.

Specified by:
filter in interface Filter
Parameters:
chain - The InvocationChain for the action this filter is being applied to.
Returns:
The result of the filter or the action the filter is being applied to.
Throws:
Exception

destroy

public void destroy()
Description copied from interface: Filter
Gives a chance to the filter to deallocalte any resources before it is destroyed. This is called when the web application is stopped, in other words, this has nothing to do with garbage collection.

Specified by:
destroy in interface Filter


Copyright © 2013. All Rights Reserved.