001
014
015 package com.liferay.portal.kernel.bean;
016
017 import com.liferay.portal.kernel.util.HtmlUtil;
018 import com.liferay.portal.model.BaseModel;
019
020 import java.io.Serializable;
021
022 import java.lang.reflect.InvocationHandler;
023 import java.lang.reflect.InvocationTargetException;
024 import java.lang.reflect.Method;
025
026
041 public class AutoEscapeBeanHandler implements InvocationHandler, Serializable {
042
043 public AutoEscapeBeanHandler(BaseModel<?> baseModel) {
044 _baseModel = baseModel;
045 }
046
047 public Object getBean() {
048 return _baseModel;
049 }
050
051 public Object invoke(Object proxy, Method method, Object[] arguments)
052 throws Throwable {
053
054 String methodName = method.getName();
055
056 if (methodName.startsWith("set")) {
057 throw new IllegalAccessException(
058 "Setter methods cannot be called on an escaped bean");
059 }
060
061 if (methodName.endsWith("isEscapedModel")) {
062 return true;
063 }
064 else if (methodName.endsWith("toEscapedModel")) {
065 return proxy;
066 }
067
068 Object result = null;
069
070 try {
071 result = method.invoke(_baseModel, arguments);
072 }
073 catch (InvocationTargetException ite) {
074 throw ite.getTargetException();
075 }
076
077 if (method.getAnnotation(AutoEscape.class) != null) {
078 result = HtmlUtil.escape((String)result);
079 }
080
081 return result;
082 }
083
084 private BaseModel<?> _baseModel;
085
086 }