You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2014/05/03 20:18:55 UTC
[1/8] git commit: Extends SecurityMemberAccess to included excluded
classes
Repository: struts
Updated Branches:
refs/heads/feature/exclude-object-class ee3c8d563 -> f84efa5f4
Extends SecurityMemberAccess to included excluded classes
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/c778297e
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/c778297e
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/c778297e
Branch: refs/heads/feature/exclude-object-class
Commit: c778297e80e19c7e16389e5c5bb3487512695c0a
Parents: ee3c8d5
Author: Lukasz Lenart <lu...@apache.org>
Authored: Sat May 3 20:12:14 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Sat May 3 20:12:14 2014 +0200
----------------------------------------------------------------------
.../xwork2/ognl/SecurityMemberAccess.java | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/c778297e/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index 7bbcbda..9d84702 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -35,6 +35,7 @@ public class SecurityMemberAccess extends DefaultMemberAccess {
private final boolean allowStaticMethodAccess;
private Set<Pattern> excludeProperties = Collections.emptySet();
private Set<Pattern> acceptProperties = Collections.emptySet();
+ private Set<Class<?>> excludedClasses = Collections.emptySet();
public SecurityMemberAccess(boolean method) {
super(false);
@@ -49,6 +50,9 @@ public class SecurityMemberAccess extends DefaultMemberAccess {
public boolean isAccessible(Map context, Object target, Member member,
String propertyName) {
+ if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
+ return false;
+ }
boolean allow = true;
int modifiers = member.getModifiers();
if (Modifier.isStatic(modifiers)) {
@@ -74,6 +78,15 @@ public class SecurityMemberAccess extends DefaultMemberAccess {
return isAcceptableProperty(propertyName);
}
+ protected boolean isClassExcluded(Class<?> targetClass, Class<?> declaringClass) {
+ for (Class excludedClass : excludedClasses) {
+ if (targetClass.isAssignableFrom(excludedClass) || declaringClass.isAssignableFrom(excludedClass)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
protected boolean isAcceptableProperty(String name) {
return name == null || ((!isExcluded(name)) && isAccepted(name));
}
@@ -115,4 +128,8 @@ public class SecurityMemberAccess extends DefaultMemberAccess {
this.acceptProperties = acceptedProperties;
}
+ public void setExcludedClasses(Set<Class<?>> excludedClasses) {
+ this.excludedClasses = excludedClasses;
+ }
+
}
[3/8] git commit: Creates default context with excluded classes
Posted by lu...@apache.org.
Creates default context with excluded classes
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/27980572
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/27980572
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/27980572
Branch: refs/heads/feature/exclude-object-class
Commit: 279805721d6223673b5cb93e29fa91a4bbe0ea90
Parents: d5bd607
Author: Lukasz Lenart <lu...@apache.org>
Authored: Sat May 3 20:15:53 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Sat May 3 20:15:53 2014 +0200
----------------------------------------------------------------------
.../com/opensymphony/xwork2/ognl/OgnlUtil.java | 78 +++++++++++++-------
1 file changed, 51 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/27980572/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index 5e06977..1c17eca 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -16,13 +16,18 @@
package com.opensymphony.xwork2.ognl;
import com.opensymphony.xwork2.XWorkConstants;
+import com.opensymphony.xwork2.XWorkException;
+import com.opensymphony.xwork2.config.ConfigurationException;
import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
+import com.opensymphony.xwork2.inject.Container;
import com.opensymphony.xwork2.inject.Inject;
+import com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor;
import com.opensymphony.xwork2.util.CompoundRoot;
import com.opensymphony.xwork2.util.TextParseUtil;
import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
import com.opensymphony.xwork2.util.reflection.ReflectionException;
+import ognl.ClassResolver;
import ognl.Ognl;
import ognl.OgnlContext;
import ognl.OgnlException;
@@ -61,7 +66,9 @@ public class OgnlUtil {
private boolean enableExpressionCache = true;
private boolean enableEvalExpression;
- private Set<String> excludedProperties = new HashSet<String>();
+ private Set<Class<?>> excludedClasses = new HashSet<Class<?>>();
+ private Container container;
+ private boolean allowStaticMethodAccess;
@Inject
public void setXWorkConverter(XWorkConverter conv) {
@@ -87,15 +94,32 @@ public class OgnlUtil {
}
}
- @Inject(value = XWorkConstants.OGNL_EXCLUDED_PROPERTIES, required = false)
- public void setExcludedProperties(String commaDelimitedProperties) {
- Set<String> props = TextParseUtil.commaDelimitedStringToSet(commaDelimitedProperties);
- for (String prop : props) {
- excludedProperties.add(prop);
- excludedProperties.add(prop + "()");
+ @Inject(value = XWorkConstants.OGNL_EXCLUDED_CLASSES, required = false)
+ public void setExcludedClasses(String commaDelimitedClasses) {
+ Set<String> classes = TextParseUtil.commaDelimitedStringToSet(commaDelimitedClasses);
+ for (String className : classes) {
+ try {
+ excludedClasses.add(Class.forName(className));
+ } catch (ClassNotFoundException e) {
+ throw new ConfigurationException("Cannot load excluded class: " + className, e);
+ }
}
}
+ public Set<Class<?>> getExcludedClasses() {
+ return excludedClasses;
+ }
+
+ @Inject
+ public void setContainer(Container container) {
+ this.container = container;
+ }
+
+ @Inject(value = XWorkConstants.ALLOW_STATIC_METHOD_ACCESS, required = false)
+ public void setAllowStaticMethodAccess(String allowStaticMethodAccess) {
+ this.allowStaticMethodAccess = Boolean.parseBoolean(allowStaticMethodAccess);
+ }
+
/**
* Sets the object's properties using the default type converter, defaulting to not throw
* exceptions for problems setting the properties.
@@ -155,7 +179,7 @@ public class OgnlUtil {
* problems setting the properties
*/
public void setProperties(Map<String, ?> properties, Object o, boolean throwPropertyExceptions) {
- Map context = Ognl.createDefaultContext(o);
+ Map context = createDefaultContext(o, null);
setProperties(properties, o, context, throwPropertyExceptions);
}
@@ -293,13 +317,11 @@ public class OgnlUtil {
if (tree == null) {
tree = Ognl.parseExpression(expression);
checkEnableEvalExpression(tree, context);
- checkExcludedPropertiesAccess(tree, null);
expressions.putIfAbsent(expression, tree);
}
} else {
tree = Ognl.parseExpression(expression);
checkEnableEvalExpression(tree, context);
- checkExcludedPropertiesAccess(tree, null);
}
@@ -309,20 +331,6 @@ public class OgnlUtil {
return exec;
}
- private void checkExcludedPropertiesAccess(Object tree, SimpleNode parent) throws OgnlException {
- if (tree instanceof SimpleNode) {
- SimpleNode node = (SimpleNode) tree;
- for (String excludedPattern : excludedProperties) {
- if (excludedPattern.equalsIgnoreCase(node.toString())) {
- throw new OgnlException("Tree [" + (parent != null ? parent : tree) + "] trying access excluded pattern [" + excludedPattern + "]");
- }
- for (int i = 0; i < node.jjtGetNumChildren(); i++) {
- checkExcludedPropertiesAccess(node.jjtGetChild(i), node);
- }
- }
- }
- }
-
public Object compile(String expression, Map<String, Object> context) throws OgnlException {
return compileAndExecute(expression,context,new OgnlTask<Object>() {
public Object execute(Object tree) throws OgnlException {
@@ -359,9 +367,9 @@ public class OgnlUtil {
}
TypeConverter conv = getTypeConverterFromContext(context);
- final Map contextFrom = Ognl.createDefaultContext(from);
+ final Map contextFrom = createDefaultContext(from, null);
Ognl.setTypeConverter(contextFrom, conv);
- final Map contextTo = Ognl.createDefaultContext(to);
+ final Map contextTo = createDefaultContext(to, null);
Ognl.setTypeConverter(contextTo, conv);
PropertyDescriptor[] fromPds;
@@ -470,7 +478,7 @@ public class OgnlUtil {
*/
public Map<String, Object> getBeanMap(final Object source) throws IntrospectionException, OgnlException {
Map<String, Object> beanMap = new HashMap<String, Object>();
- final Map sourceMap = Ognl.createDefaultContext(source);
+ final Map sourceMap = createDefaultContext(source, null);
PropertyDescriptor[] propertyDescriptors = getPropertyDescriptors(source);
for (PropertyDescriptor propertyDescriptor : propertyDescriptors) {
final String propertyName = propertyDescriptor.getDisplayName();
@@ -548,6 +556,22 @@ public class OgnlUtil {
return defaultConverter;
}
+ protected Map createDefaultContext(Object root) {
+ return createDefaultContext(root, null);
+ }
+
+ protected Map createDefaultContext(Object root, ClassResolver classResolver) {
+ ClassResolver resolver = classResolver;
+ if (resolver == null) {
+ resolver = container.getInstance(CompoundRootAccessor.class);
+ }
+
+ SecurityMemberAccess memberAccess = new SecurityMemberAccess(allowStaticMethodAccess);
+ memberAccess.setExcludedClasses(excludedClasses);
+
+ return Ognl.createDefaultContext(root, resolver, defaultConverter, memberAccess);
+ }
+
private interface OgnlTask<T> {
T execute(Object tree) throws OgnlException;
}
[4/8] git commit: Sets excluded classes during injecting OgnlUtil
Posted by lu...@apache.org.
Sets excluded classes during injecting OgnlUtil
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/2180b06f
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/2180b06f
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/2180b06f
Branch: refs/heads/feature/exclude-object-class
Commit: 2180b06f7d1d38e7701e72123e57208feb4cb444
Parents: 2798057
Author: Lukasz Lenart <lu...@apache.org>
Authored: Sat May 3 20:16:33 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Sat May 3 20:16:33 2014 +0200
----------------------------------------------------------------------
.../main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/2180b06f/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
index 76f0d3f..83be3ed 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java
@@ -79,6 +79,7 @@ public class OgnlValueStack implements Serializable, ValueStack, ClearableValueS
@Inject
public void setOgnlUtil(OgnlUtil ognlUtil) {
this.ognlUtil = ognlUtil;
+ securityMemberAccess.setExcludedClasses(ognlUtil.getExcludedClasses());
}
protected void setRoot(XWorkConverter xworkConverter, CompoundRootAccessor accessor, CompoundRoot compoundRoot,
@@ -446,7 +447,7 @@ public class OgnlValueStack implements Serializable, ValueStack, ClearableValueS
XWorkConverter xworkConverter = cont.getInstance(XWorkConverter.class);
CompoundRootAccessor accessor = (CompoundRootAccessor) cont.getInstance(PropertyAccessor.class, CompoundRoot.class.getName());
TextProvider prov = cont.getInstance(TextProvider.class, "system");
- boolean allow = "true".equals(cont.getInstance(String.class, "allowStaticMethodAccess"));
+ boolean allow = "true".equals(cont.getInstance(String.class, XWorkConstants.ALLOW_STATIC_METHOD_ACCESS));
OgnlValueStack aStack = new OgnlValueStack(xworkConverter, accessor, prov, allow);
aStack.setOgnlUtil(cont.getInstance(OgnlUtil.class));
aStack.setRoot(xworkConverter, accessor, this.root, allow);
[2/8] git commit: Renames excluded properties to excluded classes
Posted by lu...@apache.org.
Renames excluded properties to excluded classes
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/d5bd607c
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/d5bd607c
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/d5bd607c
Branch: refs/heads/feature/exclude-object-class
Commit: d5bd607c6fd0cbbf12e75492e7333439758446ea
Parents: c778297
Author: Lukasz Lenart <lu...@apache.org>
Authored: Sat May 3 20:13:10 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Sat May 3 20:13:10 2014 +0200
----------------------------------------------------------------------
.../src/main/java/com/opensymphony/xwork2/XWorkConstants.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/d5bd607c/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java b/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
index 1894372..dfbf6d5 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java
@@ -17,6 +17,6 @@ public final class XWorkConstants {
public static final String RELOAD_XML_CONFIGURATION = "reloadXmlConfiguration";
public static final String ALLOW_STATIC_METHOD_ACCESS = "allowStaticMethodAccess";
public static final String XWORK_LOGGER_FACTORY = "xwork.loggerFactory";
- public static final String OGNL_EXCLUDED_PROPERTIES = "ognlExcludedProperties";
+ public static final String OGNL_EXCLUDED_CLASSES = "ognlExcludedClasses";
}
[7/8] git commit: Updates test to use new excluded classes
Posted by lu...@apache.org.
Updates test to use new excluded classes
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/cdfb94d7
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/cdfb94d7
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/cdfb94d7
Branch: refs/heads/feature/exclude-object-class
Commit: cdfb94d712e2b71bcf42f87f6c1b7d02d784dd87
Parents: afb5af1
Author: Lukasz Lenart <lu...@apache.org>
Authored: Sat May 3 20:17:19 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Sat May 3 20:17:19 2014 +0200
----------------------------------------------------------------------
.../impl/AnnotationXWorkConverterTest.java | 10 +-
.../opensymphony/xwork2/ognl/OgnlUtilTest.java | 115 ++++++++-----------
.../xwork2/ognl/OgnlValueStackTest.java | 1 +
3 files changed, 54 insertions(+), 72 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/cdfb94d7/xwork-core/src/test/java/com/opensymphony/xwork2/conversion/impl/AnnotationXWorkConverterTest.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/conversion/impl/AnnotationXWorkConverterTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/conversion/impl/AnnotationXWorkConverterTest.java
index 4a7f517..14d9be1 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/conversion/impl/AnnotationXWorkConverterTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/conversion/impl/AnnotationXWorkConverterTest.java
@@ -374,8 +374,8 @@ public class AnnotationXWorkConverterTest extends XWorkTestCase {
stack.setValue("genericMap[456.12]", "42");
assertEquals(2, gb.getGenericMap().size());
- assertEquals(Integer.class, stack.findValue("genericMap.get(123.12).class"));
- assertEquals(Integer.class, stack.findValue("genericMap.get(456.12).class"));
+ assertEquals("66", stack.findValue("genericMap.get(123.12).toString()"));
+ assertEquals("42", stack.findValue("genericMap.get(456.12).toString()"));
assertEquals(66, stack.findValue("genericMap.get(123.12)"));
assertEquals(42, stack.findValue("genericMap.get(456.12)"));
assertEquals(true, stack.findValue("genericMap.containsValue(66)"));
@@ -393,8 +393,8 @@ public class AnnotationXWorkConverterTest extends XWorkTestCase {
stack.setValue("genericMap[456.12]", "42");
assertEquals(2, gb.getGenericMap().size());
- assertEquals(Integer.class, stack.findValue("genericMap.get(123.12).class"));
- assertEquals(Integer.class, stack.findValue("genericMap.get(456.12).class"));
+ assertEquals("66", stack.findValue("genericMap.get(123.12).toString()"));
+ assertEquals("42", stack.findValue("genericMap.get(456.12).toString()"));
assertEquals(66, stack.findValue("genericMap.get(123.12)"));
assertEquals(42, stack.findValue("genericMap.get(456.12)"));
assertEquals(true, stack.findValue("genericMap.containsValue(66)"));
@@ -409,7 +409,7 @@ public class AnnotationXWorkConverterTest extends XWorkTestCase {
stack.push(gb);
assertEquals(1, gb.getGetterList().size());
- assertEquals(Double.class, stack.findValue("getterList.get(0).class"));
+ assertEquals("42.42", stack.findValue("getterList.get(0).toString()"));
assertEquals(new Double(42.42), stack.findValue("getterList.get(0)"));
assertEquals(new Double(42.42), gb.getGetterList().get(0));
http://git-wip-us.apache.org/repos/asf/struts/blob/cdfb94d7/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
index 98ff671..e8733d6 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
@@ -82,7 +82,7 @@ public class OgnlUtilTest extends XWorkTestCase {
});
Owner owner = new Owner();
- Map context = Ognl.createDefaultContext(owner);
+ Map context = ognlUtil.createDefaultContext(owner);
Map props = new HashMap();
props.put("dog.name", dogName);
@@ -107,7 +107,7 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testCanSetDependentObjectArray() {
EmailAction action = new EmailAction();
- Map<String, Object> context = Ognl.createDefaultContext(action);
+ Map<String, Object> context = ognlUtil.createDefaultContext(action);
Map<String, Object> props = new HashMap<String, Object>();
props.put("email[0].address", "addr1");
@@ -125,7 +125,7 @@ public class OgnlUtilTest extends XWorkTestCase {
Foo foo1 = new Foo();
Foo foo2 = new Foo();
- Map context = Ognl.createDefaultContext(foo1);
+ Map context = ognlUtil.createDefaultContext(foo1);
Calendar cal = Calendar.getInstance();
cal.clear();
@@ -171,7 +171,7 @@ public class OgnlUtilTest extends XWorkTestCase {
foo2.setTitle("foo2 title");
foo2.setNumber(2);
- Map<String, Object> context = Ognl.createDefaultContext(foo1);
+ Map<String, Object> context = ognlUtil.createDefaultContext(foo1);
List<String> excludes = new ArrayList<String>();
excludes.add("title");
@@ -200,7 +200,7 @@ public class OgnlUtilTest extends XWorkTestCase {
b2.setTitle("");
b2.setId(new Long(2));
- context = Ognl.createDefaultContext(b1);
+ context = ognlUtil.createDefaultContext(b1);
List<String> includes = new ArrayList<String>();
includes.add("title");
includes.add("somethingElse");
@@ -220,7 +220,7 @@ public class OgnlUtilTest extends XWorkTestCase {
Foo foo = new Foo();
Bar bar = new Bar();
- Map<String, Object> context = Ognl.createDefaultContext(foo);
+ Map<String, Object> context = ognlUtil.createDefaultContext(foo);
Calendar cal = Calendar.getInstance();
cal.clear();
@@ -244,7 +244,7 @@ public class OgnlUtilTest extends XWorkTestCase {
Foo foo = new Foo();
foo.setBar(new Bar());
- Map<String, Object> context = Ognl.createDefaultContext(foo);
+ Map<String, Object> context = ognlUtil.createDefaultContext(foo);
Map<String, Object> props = new HashMap();
props.put("bar.title", "i am barbaz");
@@ -280,7 +280,7 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testOgnlHandlesCrapAtTheEndOfANumber() {
Foo foo = new Foo();
- Map<String, Object> context = Ognl.createDefaultContext(foo);
+ Map<String, Object> context = ognlUtil.createDefaultContext(foo);
Map<String, Object> props = new HashMap<String, Object>();
props.put("aLong", "123a");
@@ -317,7 +317,7 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testSetPropertiesBoolean() {
Foo foo = new Foo();
- Map context = Ognl.createDefaultContext(foo);
+ Map context = ognlUtil.createDefaultContext(foo);
Map props = new HashMap();
props.put("useful", "true");
@@ -338,7 +338,7 @@ public class OgnlUtilTest extends XWorkTestCase {
Foo foo = new Foo();
- Map context = Ognl.createDefaultContext(foo);
+ Map context = ognlUtil.createDefaultContext(foo);
Map props = new HashMap();
props.put("birthday", "02/12/1982");
@@ -408,7 +408,7 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testSetPropertiesInt() {
Foo foo = new Foo();
- Map context = Ognl.createDefaultContext(foo);
+ Map context = ognlUtil.createDefaultContext(foo);
Map props = new HashMap();
props.put("number", "2");
@@ -420,7 +420,7 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testSetPropertiesLongArray() {
Foo foo = new Foo();
- Map context = Ognl.createDefaultContext(foo);
+ Map context = ognlUtil.createDefaultContext(foo);
Map props = new HashMap();
props.put("points", new String[]{"1", "2"});
@@ -435,7 +435,7 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testSetPropertiesString() {
Foo foo = new Foo();
- Map context = Ognl.createDefaultContext(foo);
+ Map context = ognlUtil.createDefaultContext(foo);
Map props = new HashMap();
props.put("title", "this is a title");
@@ -446,7 +446,7 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testSetProperty() {
Foo foo = new Foo();
- Map context = Ognl.createDefaultContext(foo);
+ Map context = ognlUtil.createDefaultContext(foo);
assertFalse(123456 == foo.getNumber());
ognlUtil.setProperty("number", "123456", foo, context);
assertEquals(123456, foo.getNumber());
@@ -457,7 +457,7 @@ public class OgnlUtilTest extends XWorkTestCase {
ChainingInterceptor foo = new ChainingInterceptor();
ChainingInterceptor foo2 = new ChainingInterceptor();
- OgnlContext context = (OgnlContext) Ognl.createDefaultContext(null);
+ OgnlContext context = (OgnlContext) ognlUtil.createDefaultContext(null);
SimpleNode expression = (SimpleNode) Ognl.parseExpression("{'a','ruby','b','tom'}");
@@ -499,7 +499,7 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testStringToLong() {
Foo foo = new Foo();
- Map context = Ognl.createDefaultContext(foo);
+ Map context = ognlUtil.createDefaultContext(foo);
Map props = new HashMap();
props.put("aLong", "123");
@@ -518,7 +518,7 @@ public class OgnlUtilTest extends XWorkTestCase {
Foo foo = new Foo();
foo.setALong(88);
- Map context = Ognl.createDefaultContext(foo);
+ Map context = ognlUtil.createDefaultContext(foo);
ognlUtil.setProperties(null, foo, context);
assertEquals(88, foo.getALong());
@@ -531,7 +531,7 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testCopyNull() {
Foo foo = new Foo();
- Map context = Ognl.createDefaultContext(foo);
+ Map context = ognlUtil.createDefaultContext(foo);
ognlUtil.copy(null, null, context);
ognlUtil.copy(foo, null, context);
@@ -540,7 +540,7 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testGetTopTarget() throws Exception {
Foo foo = new Foo();
- Map context = Ognl.createDefaultContext(foo);
+ Map context = ognlUtil.createDefaultContext(foo);
CompoundRoot root = new CompoundRoot();
Object top = ognlUtil.getRealTarget("top", context, root);
@@ -633,146 +633,127 @@ public class OgnlUtilTest extends XWorkTestCase {
public void testAvoidCallingMethodsOnObjectClass() throws Exception {
Foo foo = new Foo();
- OgnlUtil util = new OgnlUtil();
- util.setEnableExpressionCache("false");
- util.setExcludedProperties("class");
Exception expected = null;
try {
- util.setValue("class.classLoader.defaultAssertionStatus", ActionContext.getContext().getContextMap(), foo, true);
+ ognlUtil.setExcludedClasses(Object.class.getName());
+ ognlUtil.setValue("class.classLoader.defaultAssertionStatus", ognlUtil.createDefaultContext(foo), foo, true);
fail();
} catch (OgnlException e) {
expected = e;
}
assertNotNull(expected);
- assertSame(expected.getClass(), OgnlException.class);
- assertEquals(expected.getMessage(), "Tree [class.classLoader.defaultAssertionStatus] trying access excluded pattern [class]");
+ assertSame(NoSuchPropertyException.class, expected.getClass());
+ assertEquals("com.opensymphony.xwork2.util.Foo.class", expected.getMessage());
}
public void testAvoidCallingMethodsOnObjectClassUpperCased() throws Exception {
Foo foo = new Foo();
- OgnlUtil util = new OgnlUtil();
- util.setEnableExpressionCache("false");
- util.setExcludedProperties("class");
Exception expected = null;
try {
- util.setValue("Class.ClassLoader.DefaultAssertionStatus", ActionContext.getContext().getContextMap(), foo, true);
+ ognlUtil.setExcludedClasses(Object.class.getName());
+ ognlUtil.setValue("Class.ClassLoader.DefaultAssertionStatus", ognlUtil.createDefaultContext(foo), foo, true);
fail();
} catch (OgnlException e) {
expected = e;
}
assertNotNull(expected);
- assertSame(expected.getClass(), OgnlException.class);
- assertEquals(expected.getMessage(), "Tree [Class.ClassLoader.DefaultAssertionStatus] trying access excluded pattern [class]");
+ assertSame(NoSuchPropertyException.class, expected.getClass());
+ assertEquals("com.opensymphony.xwork2.util.Foo.Class", expected.getMessage());
}
public void testAvoidCallingMethodsOnObjectClassAsMap() throws Exception {
Foo foo = new Foo();
- OgnlUtil util = new OgnlUtil();
- util.setEnableExpressionCache("false");
- util.setExcludedProperties("class");
Exception expected = null;
try {
- util.setValue("class['classLoader']['defaultAssertionStatus']", ActionContext.getContext().getContextMap(), foo, true);
+ ognlUtil.setExcludedClasses(Object.class.getName());
+ ognlUtil.setValue("class['classLoader']['defaultAssertionStatus']", ognlUtil.createDefaultContext(foo), foo, true);
fail();
} catch (OgnlException e) {
expected = e;
}
assertNotNull(expected);
- assertSame(expected.getClass(), OgnlException.class);
- assertEquals(expected.getMessage(), "Tree [class[\"classLoader\"][\"defaultAssertionStatus\"]] trying access excluded pattern [class]");
+ assertSame(NoSuchPropertyException.class, expected.getClass());
+ assertEquals("com.opensymphony.xwork2.util.Foo.class", expected.getMessage());
}
public void testAvoidCallingMethodsOnObjectClassAsMap2() throws Exception {
Foo foo = new Foo();
- OgnlUtil util = new OgnlUtil();
- util.setEnableExpressionCache("false");
- util.setExcludedProperties("class");
Exception expected = null;
try {
- util.setValue("model['class']['classLoader']['defaultAssertionStatus']", ActionContext.getContext().getContextMap(), foo, true);
+ ognlUtil.setValue("foo['class']['classLoader']['defaultAssertionStatus']", ognlUtil.createDefaultContext(foo), foo, true);
fail();
} catch (OgnlException e) {
expected = e;
}
assertNotNull(expected);
- assertSame(expected.getClass(), OgnlException.class);
- assertEquals(expected.getMessage(), "Tree [class[\"classLoader\"][\"defaultAssertionStatus\"]] trying access excluded pattern [class]");
+ assertSame(NoSuchPropertyException.class, expected.getClass());
+ assertEquals("com.opensymphony.xwork2.util.Foo.foo", expected.getMessage());
}
public void testAvoidCallingMethodsOnObjectClassAsMapWithQuotes() throws Exception {
Foo foo = new Foo();
- OgnlUtil util = new OgnlUtil();
- util.setEnableExpressionCache("false");
- util.setExcludedProperties("class");
Exception expected = null;
try {
- util.setValue("class[\"classLoader\"]['defaultAssertionStatus']", ActionContext.getContext().getContextMap(), foo, true);
+ ognlUtil.setExcludedClasses(Object.class.getName());
+ ognlUtil.setValue("class[\"classLoader\"]['defaultAssertionStatus']", ognlUtil.createDefaultContext(foo), foo, true);
fail();
} catch (OgnlException e) {
expected = e;
}
assertNotNull(expected);
- assertSame(expected.getClass(), OgnlException.class);
- assertEquals(expected.getMessage(), "Tree [class[\"classLoader\"][\"defaultAssertionStatus\"]] trying access excluded pattern [class]");
+ assertSame(NoSuchPropertyException.class, expected.getClass());
+ assertEquals("com.opensymphony.xwork2.util.Foo.class", expected.getMessage());
}
public void testAvoidCallingToString() throws Exception {
Foo foo = new Foo();
- OgnlUtil util = new OgnlUtil();
- util.setEnableExpressionCache("false");
- util.setExcludedProperties("toString");
Exception expected = null;
try {
- util.setValue("toString", ActionContext.getContext().getContextMap(), foo, true);
+ ognlUtil.setValue("toString", ognlUtil.createDefaultContext(foo), foo, null);
fail();
} catch (OgnlException e) {
expected = e;
}
assertNotNull(expected);
- assertSame(expected.getClass(), OgnlException.class);
- assertEquals(expected.getMessage(), "Tree [toString] trying access excluded pattern [toString]");
+ assertSame(OgnlException.class, expected.getClass());
+ assertEquals("toString", expected.getMessage());
}
public void testAvoidCallingMethodsWithBraces() throws Exception {
Foo foo = new Foo();
- OgnlUtil util = new OgnlUtil();
- util.setEnableExpressionCache("false");
- util.setExcludedProperties("toString");
Exception expected = null;
try {
- util.setValue("toString()", ActionContext.getContext().getContextMap(), foo, true);
+ ognlUtil.setValue("toString()", ognlUtil.createDefaultContext(foo), foo, true);
fail();
} catch (OgnlException e) {
expected = e;
}
assertNotNull(expected);
- assertSame(expected.getClass(), OgnlException.class);
- assertEquals(expected.getMessage(), "Tree [toString()] trying access excluded pattern [toString()]");
+ assertSame(InappropriateExpressionException.class, expected.getClass());
+ assertEquals(expected.getMessage(), "Inappropriate OGNL expression: toString()");
}
public void testAvoidCallingSomeClasses() throws Exception {
Foo foo = new Foo();
- OgnlUtil util = new OgnlUtil();
- util.setEnableExpressionCache("false");
- util.setExcludedProperties("Runtime");
Exception expected = null;
try {
- util.setValue("@java.lang.Runtime@getRuntime().exec('mate')", ActionContext.getContext().getContextMap(), foo, true);
+ ognlUtil.setExcludedClasses(Runtime.class.getName());
+ ognlUtil.setValue("@java.lang.Runtime@getRuntime().exec('mate')", ognlUtil.createDefaultContext(foo), foo, true);
fail();
} catch (OgnlException e) {
expected = e;
}
assertNotNull(expected);
- assertSame(expected.getClass(), OgnlException.class);
- assertEquals(expected.getMessage(), "Tree [toString()] trying access excluded pattern [toString()]");
+ assertSame(MethodFailedException.class, expected.getClass());
+ assertEquals(expected.getMessage(), "Method \"getRuntime\" failed for object class java.lang.Runtime");
}
public static class Email {
http://git-wip-us.apache.org/repos/asf/struts/blob/cdfb94d7/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
index a4a153a..cb71081 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
@@ -58,6 +58,7 @@ public class OgnlValueStackTest extends XWorkTestCase {
(CompoundRootAccessor) container.getInstance(PropertyAccessor.class, CompoundRoot.class.getName()),
container.getInstance(TextProvider.class, "system"), allowStaticMethodAccess);
container.inject(stack);
+ ognlUtil.setAllowStaticMethodAccess(Boolean.toString(allowStaticMethodAccess));
return stack;
}
[5/8] git commit: Adds mapping of excluded classes key
Posted by lu...@apache.org.
Adds mapping of excluded classes key
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/f0799fd9
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/f0799fd9
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/f0799fd9
Branch: refs/heads/feature/exclude-object-class
Commit: f0799fd99bff78f0c984922ac358d7cf3eede0ba
Parents: 2180b06
Author: Lukasz Lenart <lu...@apache.org>
Authored: Sat May 3 20:16:58 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Sat May 3 20:16:58 2014 +0200
----------------------------------------------------------------------
.../org/apache/struts2/config/DefaultBeanSelectionProvider.java | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/f0799fd9/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
index 4cc2d61..dedbce5 100644
--- a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
+++ b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java
@@ -391,7 +391,7 @@ public class DefaultBeanSelectionProvider extends AbstractBeanSelectionProvider
convertIfExist(props, StrutsConstants.STRUTS_ENABLE_OGNL_EVAL_EXPRESSION, XWorkConstants.ENABLE_OGNL_EVAL_EXPRESSION);
convertIfExist(props, StrutsConstants.STRUTS_ALLOW_STATIC_METHOD_ACCESS, XWorkConstants.ALLOW_STATIC_METHOD_ACCESS);
convertIfExist(props, StrutsConstants.STRUTS_CONFIGURATION_XML_RELOAD, XWorkConstants.RELOAD_XML_CONFIGURATION);
- convertIfExist(props, StrutsConstants.STRUTS_EXCLUDED_PROPERTIES, XWorkConstants.OGNL_EXCLUDED_PROPERTIES);
+ convertIfExist(props, StrutsConstants.STRUTS_EXCLUDED_CLASSES, XWorkConstants.OGNL_EXCLUDED_CLASSES);
LocalizedTextUtil.addDefaultResourceBundle("org/apache/struts2/struts-messages");
loadCustomResourceBundles(props);
[6/8] git commit: Uses excluded classes to
Posted by lu...@apache.org.
Uses excluded classes to
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/afb5af1c
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/afb5af1c
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/afb5af1c
Branch: refs/heads/feature/exclude-object-class
Commit: afb5af1cc45aed1ee0404541279cb7f7853fc98b
Parents: f0799fd
Author: Lukasz Lenart <lu...@apache.org>
Authored: Sat May 3 20:17:05 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Sat May 3 20:17:05 2014 +0200
----------------------------------------------------------------------
core/src/main/java/org/apache/struts2/StrutsConstants.java | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/afb5af1c/core/src/main/java/org/apache/struts2/StrutsConstants.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/struts2/StrutsConstants.java b/core/src/main/java/org/apache/struts2/StrutsConstants.java
index 6be58ad..d508373 100644
--- a/core/src/main/java/org/apache/struts2/StrutsConstants.java
+++ b/core/src/main/java/org/apache/struts2/StrutsConstants.java
@@ -282,7 +282,7 @@ public final class StrutsConstants {
/** Allows override default DispatcherErrorHandler **/
public static final String STRUTS_DISPATCHER_ERROR_HANDLER = "struts.dispatcher.errorHandler";
- /** Comma delimited set of excluded properties which cannot be accessed via expressions **/
- public static final String STRUTS_EXCLUDED_PROPERTIES = "struts.excludedProperties";
+ /** Comma delimited set of excluded classes which cannot be accessed via expressions **/
+ public static final String STRUTS_EXCLUDED_CLASSES = "struts.excludedClasses";
}
[8/8] git commit: Defines excluded classes
Posted by lu...@apache.org.
Defines excluded classes
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/f84efa5f
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/f84efa5f
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/f84efa5f
Branch: refs/heads/feature/exclude-object-class
Commit: f84efa5f42a31ecbcbe3eba28653a57829e598b8
Parents: cdfb94d
Author: Lukasz Lenart <lu...@apache.org>
Authored: Sat May 3 20:18:44 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Sat May 3 20:18:44 2014 +0200
----------------------------------------------------------------------
core/src/main/resources/struts-default.xml | 2 +-
xwork-core/src/test/resources/xwork-param-test.xml | 2 +-
xwork-core/src/test/resources/xwork-test-beans.xml | 8 ++++----
3 files changed, 6 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/f84efa5f/core/src/main/resources/struts-default.xml
----------------------------------------------------------------------
diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml
index 7cb687e..0e4c419 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -38,7 +38,7 @@
<struts>
- <constant name="struts.excludedProperties" value="getClass,class,hashCode,toString,clone,equals,finalize,notify,notifyAll,wait" />
+ <constant name="struts.excludedClasses" value="java.lang.Object,java.lang.Runtime,ognl.OgnlContext,ognl.MemberAccess,ognl.ClassResolver,ognl.TypeConverter" />
<bean class="com.opensymphony.xwork2.ObjectFactory" name="struts"/>
<bean type="com.opensymphony.xwork2.factory.ResultFactory" name="struts" class="org.apache.struts2.factory.StrutsResultFactory" />
http://git-wip-us.apache.org/repos/asf/struts/blob/f84efa5f/xwork-core/src/test/resources/xwork-param-test.xml
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/resources/xwork-param-test.xml b/xwork-core/src/test/resources/xwork-param-test.xml
index 3ca616a..01787f7 100644
--- a/xwork-core/src/test/resources/xwork-param-test.xml
+++ b/xwork-core/src/test/resources/xwork-param-test.xml
@@ -4,5 +4,5 @@
<xwork>
<constant name="devMode" value="true" />
- <constant name="ognlExcludedProperties" value="getClass,class,hashCode,toString,clone,equals,finalize,notify,notifyAll,wait" />
+ <constant name="ognlExcludedClasses" value="java.lang.Object,java.lang.Runtime" />
</xwork>
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/struts/blob/f84efa5f/xwork-core/src/test/resources/xwork-test-beans.xml
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/resources/xwork-test-beans.xml b/xwork-core/src/test/resources/xwork-test-beans.xml
index 3fa5b28..7268ef7 100644
--- a/xwork-core/src/test/resources/xwork-test-beans.xml
+++ b/xwork-core/src/test/resources/xwork-test-beans.xml
@@ -3,11 +3,11 @@
"http://struts.apache.org/dtds/xwork-2.0.dtd">
<xwork>
-<!--
+<!--
<bean class="com.opensymphony.xwork2.ObjectFactory" name="default" />
<bean type="com.opensymphony.xwork2.ActionProxyFactory" name="default" class="com.opensymphony.xwork2.DefaultActionProxyFactory"/>
<constant name="devMode" value="false" />
-
+
<bean type="com.opensymphony.xwork2.util.ValueStackFactory"
class="com.opensymphony.xwork2.ognl.OgnlValueStackFactory" />
<bean type="com.opensymphony.xwork2.util.reflection.ReflectionProvider"
@@ -15,11 +15,11 @@
<bean type="com.opensymphony.xwork2.util.reflection.ReflectionContextFactory"
class="com.opensymphony.xwork2.ognl.OgnlReflectionContextFactory" />
<bean class="com.opensymphony.xwork2.conversion.impl.XWorkConverter" />
- <bean type="com.opensymphony.xwork2.conversion.ObjectTypeDeterminer"
+ <bean type="com.opensymphony.xwork2.conversion.ObjectTypeDeterminer"
class="com.opensymphony.xwork2.conversion.impl.DefaultObjectTypeDeterminer" />
-->
<!-- static injections -->
- <!--
+ <!--
<bean class="com.opensymphony.xwork2.ognl.OgnlValueStack" static="true"/>
<bean class="com.opensymphony.xwork2.conversion.impl.XWorkConverter" static="true"/>
<bean class="com.opensymphony.xwork2.util.reflection.ReflectionProviderFactory" static="true" />