Class JuneauXmlHandler

java.lang.Object
org.apache.struts2.rest.handler.JuneauXmlHandler
All Implemented Interfaces:
AuthorizationAwareContentTypeHandler, ContentTypeHandler

public class JuneauXmlHandler extends Object implements AuthorizationAwareContentTypeHandler
Handles XML content using Apache Juneau http://juneau.apache.org/#marshall.html

Implements AuthorizationAwareContentTypeHandler: when ParameterAuthorizationContext.isActive() is true, performs a post-parse walk over the parsed result and copies only authorized properties to the target. Without an active context, behavior is unchanged (Juneau parses, then BeanUtils.copyProperties populates the target).

Note: Juneau's parser builds the entire result tree before our authorization walk runs, so setter side effects on transient nested objects may fire even for unauthorized properties — those transient objects are then discarded. This is functionally equivalent to the legacy two-phase copy in ContentTypeInterceptor, with the same security model. Only the Jackson-based handlers (JacksonJsonHandler, JacksonXmlHandler) achieve the stronger guarantee where unauthorized subtrees are never instantiated at all.