Stripes

Can the @StrictBinding facility enhanced to allow the optional throwing of an exception rather than only the logging of a warning?

Details

Description

Sometimes, crazy schlubs like myself would like more concrete ability to insert arbitrary logic in the event of @StrictBinding filtering off request parameters from binding. If the StrictBinding facility were enhanced to optionally throw a RuntimeException, then I would be able to create an ExceptionHandler to perform said arbitrary logic. Does that sound like a workable idea?

Attachments

  1. Text File
    BindingDenied.patch
    20/Apr/11 1:33 PM
    9 kB
    Richard Hauswald
  2. Text File
    BindingDeniedException.patch
    20/Apr/11 12:59 PM
    9 kB
    Richard Hauswald

Activity

Ascending order - Click to sort in descending order
Hide
Permalink
Richard Hauswald added a comment - 20/Apr/11 12:59 PM

Added patch for throwing Exception when in debug mode. Please comment if this is not the preferred solution

Show
Richard Hauswald added a comment - 20/Apr/11 12:59 PM Added patch for throwing Exception when in debug mode. Please comment if this is not the preferred solution
Hide
Permalink
Richard Hauswald added a comment - 20/Apr/11 1:33 PM

After talking with Ben we came to the conclusion that this only happens if:
a) One forget to use the @Validate Annotation when developing the application. In this case the warn message has been improved.
b) A bad guy tried to hack the application. In such a case it is the best to log the attempt and ignore it. Doing more than this is kind of dangerous. It gives the bad guy the opportunity to make the system react to his actions which may be used to compromise the system.

If there is another use case I forgot to think about please comment.

Show
Richard Hauswald added a comment - 20/Apr/11 1:33 PM After talking with Ben we came to the conclusion that this only happens if: a) One forget to use the @Validate Annotation when developing the application. In this case the warn message has been improved. b) A bad guy tried to hack the application. In such a case it is the best to log the attempt and ignore it. Doing more than this is kind of dangerous. It gives the bad guy the opportunity to make the system react to his actions which may be used to compromise the system. If there is another use case I forgot to think about please comment.

People

Vote (2)
Watch (2)

Dates

  • Created:
    27/Mar/09 4:24 PM
    Updated:
    20/Apr/11 1:33 PM
Atlassian JIRA (v4.2#587) | Report a problem
Powered by a free Atlassian JIRA open source license for Stripes Framework. Try JIRA - bug tracking software for your team.