Class JuneauXmlHandler
- All Implemented Interfaces:
AuthorizationAwareContentTypeHandler,ContentTypeHandler
Implements AuthorizationAwareContentTypeHandler: when
ParameterAuthorizationContext.isActive() is true, performs a post-parse walk
over the parsed result and copies only authorized properties to the target. Without an active
context, behavior is unchanged (Juneau parses, then BeanUtils.copyProperties populates
the target).
Note: Juneau's parser builds the entire result tree before our authorization walk runs, so
setter side effects on transient nested objects may fire even for unauthorized properties —
those transient objects are then discarded. This is functionally equivalent to the legacy
two-phase copy in ContentTypeInterceptor, with the same security model. Only the
Jackson-based handlers (JacksonJsonHandler, JacksonXmlHandler) achieve the
stronger guarantee where unauthorized subtrees are never instantiated at all.
-
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionfromObject(ActionInvocation invocation, Object obj, String resultCode, Writer stream) Gets the content type for this handlerGets the extension this handler supportsvoidtoObject(ActionInvocation invocation, Reader in, Object target)
-
Constructor Details
-
JuneauXmlHandler
public JuneauXmlHandler()
-
-
Method Details
-
toObject
- Specified by:
toObjectin interfaceContentTypeHandler- Throws:
IOException
-
fromObject
public String fromObject(ActionInvocation invocation, Object obj, String resultCode, Writer stream) throws IOException - Specified by:
fromObjectin interfaceContentTypeHandler- Throws:
IOException
-
getContentType
Description copied from interface:ContentTypeHandlerGets the content type for this handler- Specified by:
getContentTypein interfaceContentTypeHandler- Returns:
- The mime type
-
getExtension
Description copied from interface:ContentTypeHandlerGets the extension this handler supports- Specified by:
getExtensionin interfaceContentTypeHandler- Returns:
- The extension
-