CODEWITHSUNDEEP
javadesign-patternsencryptionstruts2type-conversion
dpilwal
dpilwal

Reputation: 431

String to String Type Conversion in Struts 2 not working?

I want to encrypt user input and store it in a database. I am using Struts 2 type conversion, all user input is treated as a String, and conversions such as the following work correctly:

But when I attempt a conversion to the target type: String, it does not work and the convertFromString() method is not invoked.

@Override
public Object convertFromString(Map context, String[] value, Class arg2) {
    String val = value[0];      

    try {
        return ASEEncDecUtil.encrypt(val.getBytes("UTF-8"));
    } catch (UnsupportedEncodingException e) {
        e.printStackTrace();
        return null;
    }

}

I am unable to figure out what am I doing wrong.

Is there a best practice that should be used to encrypt user input?

Upvotes: 3

Views: 674

Answers (2)

Aleksandr M
Aleksandr M

Reputation: 24396

You are most probably extending StrutsTypeConverter class in your custom converter. In it the convertFromString and convertToString methods are called from the convertValue method which looks something like that:

public Object convertValue(Map context, Object o, Class toClass) {
    if (toClass.equals(String.class)) {
        return convertToString(context, o);
    } else if (o instanceof String[]) {
        return convertFromString(context, (String[]) o, toClass);
    } else if (o instanceof String) {
        return convertFromString(context, new String[]{(String) o}, toClass);
    } else {
        return performFallbackConversion(context, o, toClass);
    }
}

So if toClass is String class then convertFromString is never called.

To achieve what you want, extend com.opensymphony.xwork2.conversion.impl.DefaultTypeConverter instead and override public Object convertValue(Map context, Object o, Class toClass) method.

Upvotes: 4

Andrea Ligios
Andrea Ligios

Reputation: 50203

The job of a Converter is to perform a conversion between different formats.

It is not the right tool to get an object in a format, perform a business on it and then returning it in the same format.

That said, for this kind of things you can use several mechanisms (orthogonal like Struts2 Interceptors and Java EE Decorators, or specific like Action Methods or even Mutators / Accessors), each one more appropriate according to factors like the number of times / places where you need to use them.

The easiest way (I'm a KISS paradigm fan) is the Accessors / Mutators way:

public class KeepItSimpleStupidAction extends ActionSupport {

    @Inject Logger LOG;

    private String text; // text is always encrypted inside the action

    public String getText() { // but it can also be read decrypted by calling the getter 
        return ASEEncDecUtil.decrypt(text.getBytes("UTF-8"));
    }

    public void setText(String text) { // the setter automatically encrypts it
        this.text = ASEEncDecUtil.encrypt(text.getBytes("UTF-8"));
    }

    public String execute() {
        LOG.debug("text decrypted: " + getText());
        LOG.debug("text encrypted: " + text);
        return SUCCESS;
    }

}

Upvotes: 2

Related Questions