net.sourceforge.stripes.action
Annotation Type StrictBinding


@Retention(value=RUNTIME)
@Target(value=TYPE)
@Documented
public @interface StrictBinding

When applied to an ActionBean, this annotation turns on binding access controls. The default policy is to deny binding to all properties. To enable binding on any given property, the preferred method is to apply a Validate annotation to the property. (For nested properties, use ValidateNestedProperties.) Even if validation is not necessary for the property in question, a naked Validate annotation may still be used to enable binding. Alternatively, binding can be enabled or disabled through the use of the allow() and deny() elements of this annotation.

Properties may be named explicitly or by using globs. A single star (*) matches any property of an element. Two stars (**) indicate any property of an element, including properties of that property and so on. For security reasons, partial matches are not allowed so globs like user.pass* will never match anything. Some examples:

The allow() and deny() elements are of type String[], but each string in the array may be a comma-separated list of properties. Thus the @StrictBinding(allow="user, user.*") is equivalent to @StrictBinding(allow={ "user", "user.*" }.

Author:
Ben Gunter

Optional Element Summary
 String[] allow
          The list of properties that may be bound.
 StrictBinding.Policy defaultPolicy
          The policy to observe when a property name matches both the deny and allow lists, or when a property name does not match either list.
 String[] deny
          The list of properties that may not be bound.
 

defaultPolicy

public abstract StrictBinding.Policy defaultPolicy
The policy to observe when a property name matches both the deny and allow lists, or when a property name does not match either list.

Default:
net.sourceforge.stripes.action.StrictBinding.Policy.DENY

allow

public abstract String[] allow
The list of properties that may be bound.

Default:
""

deny

public abstract String[] deny
The list of properties that may not be bound.

Default:
""


© Copyright 2005-2006, Stripes Development Team.