1   /**
2    * Copyright (c) 2000-2010 Liferay, Inc. All rights reserved.
3    *
4    * This library is free software; you can redistribute it and/or modify it under
5    * the terms of the GNU Lesser General Public License as published by the Free
6    * Software Foundation; either version 2.1 of the License, or (at your option)
7    * any later version.
8    *
9    * This library is distributed in the hope that it will be useful, but WITHOUT
10   * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
11   * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
12   * details.
13   */
14  
15  package com.liferay.portal.kernel.bean;
16  
17  import com.liferay.portal.kernel.annotation.AutoEscape;
18  import com.liferay.portal.kernel.util.HtmlUtil;
19  
20  import java.lang.reflect.InvocationHandler;
21  import java.lang.reflect.InvocationTargetException;
22  import java.lang.reflect.Method;
23  
24  /**
25   * <a href="AutoEscapeBeanHandler.java.html"><b><i>View Source</i></b></a>
26   *
27   * @author Shuyang Zhou
28   */
29  public class AutoEscapeBeanHandler implements InvocationHandler {
30  
31      public AutoEscapeBeanHandler(Object bean) {
32          _bean = bean;
33      }
34  
35      public Object getBean() {
36          return _bean;
37      }
38  
39      public Object invoke(Object proxy, Method method, Object[] args)
40          throws Throwable {
41  
42          String methodName = method.getName();
43  
44          if (methodName.startsWith("set")) {
45              throw new IllegalAccessException(
46                  "Setter methods cannot be called on an escaped bean");
47          }
48  
49          if (methodName.endsWith("isEscapedModel")) {
50              return true;
51          }
52  
53          Object result = null;
54  
55          try {
56              result = method.invoke(_bean, args);
57          }
58          catch(InvocationTargetException ite) {
59              throw ite.getTargetException();
60          }
61  
62          if (method.getAnnotation(AutoEscape.class) != null) {
63              result = HtmlUtil.escape((String)result);
64          }
65  
66          return result;
67      }
68  
69      private Object _bean;
70  
71  }