What is the AspectJ declarative syntax for overwritting an argument

3
votes

This has been answered before with annotation syntax: Aspectj overwrite an argument of a method

But I can't figure out how to do it with the AspectJ declarative syntax. The following should add "Poop" in front of each string in the method but it does not.

public aspect UserInputSanitizerAdvisor {

    pointcut unSafeString() : execution(@RequestMapping * * (..));

    Object around() : unSafeString() {
        //thisJoinPoint.getArgs();
        //proceed();
        System.out.println("I'm Around");
        Object[] args = thisJoinPoint.getArgs();
        if (args != null) {
            for (int i = 0; i < args.length; i++) {
                Object o = args[i];
                if (o != null && o instanceof String) {
                    String s = (String) o;
                    args[i] = "poop: " + s;
                }
            }
        }

        return proceed();
    }

}

I can't figure out how to give "proceed()" all the arguments.

2
javaaspectj

2 Answers

7
votes

I got the annotation version working:

@SuppressWarnings("unused")
@Aspect
public class UserInputSanitizerAdivsor {

    @Around("execution(@RequestMapping * * (..))")
    public Object check(final ProceedingJoinPoint jp) throws Throwable {
        Object[] args = jp.getArgs();
        if (args != null) {
            for (int i = 0; i < args.length; i++) {
                Object o = args[i];
                if (o != null && o instanceof String) {
                    String s = (String) o;
                    args[i] = UserInputSanitizer.sanitize(s);
                }
            }
        }
        return jp.proceed(args);
    }
}

Now I have XSS protection for all my Spring MVC controllers. I was hoping to get the aspectJ syntax working though.

0
votes

Does return thisJoinPoint.proceed(args); do what you want?