com.liferay.portal.kernel.bean.AutoEscapeBeanHandler Maven / Gradle / Ivy
/**
* Copyright (c) 2000-present Liferay, Inc. All rights reserved.
*
* This library is free software; you can redistribute it and/or modify it under
* the terms of the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 2.1 of the License, or (at your option)
* any later version.
*
* This library is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
* FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
* details.
*/
package com.liferay.portal.kernel.bean;
import com.liferay.portal.kernel.util.HtmlUtil;
import java.io.Serializable;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
/**
* Wraps a bean so that all strings returned from @AutoEscape
* annotated methods are automatically HTML escaped.
*
* @author Shuyang Zhou
* @see AutoEscape
*/
public class AutoEscapeBeanHandler implements InvocationHandler, Serializable {
public AutoEscapeBeanHandler(Object bean) {
_bean = (Serializable)bean;
}
public Object getBean() {
return _bean;
}
@Override
public Object invoke(Object proxy, Method method, Object[] arguments)
throws Throwable {
String methodName = method.getName();
if (methodName.startsWith("set")) {
throw new IllegalAccessException(
"Setter methods cannot be called on an escaped bean");
}
if (methodName.equals("getWrappedModel")) {
return _bean;
}
else if (methodName.endsWith("isEscapedModel")) {
return true;
}
else if (methodName.endsWith("toEscapedModel")) {
return proxy;
}
Object result = null;
try {
result = method.invoke(_bean, arguments);
}
catch (InvocationTargetException ite) {
throw ite.getTargetException();
}
if (method.getAnnotation(AutoEscape.class) != null) {
result = HtmlUtil.escape((String)result);
}
return result;
}
private final Serializable _bean;
}