You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2014/07/29 09:23:58 UTC
git commit: WW-4374 Fixes problem with accessing Enum's values()
method
Repository: struts
Updated Branches:
refs/heads/develop 47d1fe04d -> bf6b37f2e
WW-4374 Fixes problem with accessing Enum's values() method
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/bf6b37f2
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/bf6b37f2
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/bf6b37f2
Branch: refs/heads/develop
Commit: bf6b37f2e31214ca9bbdac784bb864c421b7dc29
Parents: 47d1fe0
Author: Lukasz Lenart <lu...@apache.org>
Authored: Tue Jul 29 09:23:44 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Tue Jul 29 09:23:44 2014 +0200
----------------------------------------------------------------------
.../xwork2/ognl/SecurityMemberAccess.java | 43 ++++++++++++++------
.../xwork2/ognl/OgnlValueStackTest.java | 15 +++++++
.../xwork2/ognl/SecurityMemberAccessTest.java | 16 ++++++++
3 files changed, 61 insertions(+), 13 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/bf6b37f2/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index d0862e7..a172237 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -53,6 +53,13 @@ public class SecurityMemberAccess extends DefaultMemberAccess {
@Override
public boolean isAccessible(Map context, Object target, Member member, String propertyName) {
+ if (checkEnumAccess(target, member)) {
+ if (LOG.isTraceEnabled()) {
+ LOG.trace("Allowing access to enum #0", target);
+ }
+ return true;
+ }
+
if (isPackageExcluded(target.getClass().getPackage(), member.getDeclaringClass().getPackage())) {
if (LOG.isWarnEnabled()) {
LOG.warn("Package of target [#0] or package of member [#1] are excluded!", target, member);
@@ -68,17 +75,11 @@ public class SecurityMemberAccess extends DefaultMemberAccess {
}
boolean allow = true;
- int modifiers = member.getModifiers();
- if (Modifier.isStatic(modifiers)) {
- if (member instanceof Method && !getAllowStaticMethodAccess()) {
- allow = false;
- if (target instanceof Class) {
- Class clazz = (Class) target;
- Method method = (Method) member;
- if (Enum.class.isAssignableFrom(clazz) && method.getName().equals("values"))
- allow = true;
- }
+ if (!checkStaticMethodAccess(member)) {
+ if (LOG.isTraceEnabled()) {
+ LOG.warn("Access to static [#0] is blocked!", member);
}
+ allow = false;
}
//failed static test
@@ -86,10 +87,26 @@ public class SecurityMemberAccess extends DefaultMemberAccess {
return false;
// Now check for standard scope rules
- if (!super.isAccessible(context, target, member, propertyName))
- return false;
+ return super.isAccessible(context, target, member, propertyName)
+ && isAcceptableProperty(propertyName);
+ }
- return isAcceptableProperty(propertyName);
+ protected boolean checkStaticMethodAccess(Member member) {
+ int modifiers = member.getModifiers();
+ if (Modifier.isStatic(modifiers)) {
+ return allowStaticMethodAccess;
+ } else {
+ return true;
+ }
+ }
+
+ protected boolean checkEnumAccess(Object target, Member member) {
+ if (target instanceof Class) {
+ Class clazz = (Class) target;
+ if (Enum.class.isAssignableFrom(clazz) && member.getName().equals("values"))
+ return true;
+ }
+ return false;
}
protected boolean isPackageExcluded(Package targetPackage, Package memberPackage) {
http://git-wip-us.apache.org/repos/asf/struts/blob/bf6b37f2/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
index cb71081..e0e949c 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
@@ -235,6 +235,17 @@ public class OgnlValueStackTest extends XWorkTestCase {
assertEquals("fido", vs.findValue("@com.opensymphony.xwork2.util.Dog@getDeity()", String.class));
}
+ /**
+ * Allow access Enums without enabling access to static methods
+ */
+ public void testEnum() throws Exception {
+ OgnlValueStack vs = createValueStack();
+
+ assertEquals("ONE", vs.findValue("@com.opensymphony.xwork2.ognl.MyNumbers@values()[0]", String.class));
+ assertEquals("TWO", vs.findValue("@com.opensymphony.xwork2.ognl.MyNumbers@values()[1]", String.class));
+ assertEquals("THREE", vs.findValue("@com.opensymphony.xwork2.ognl.MyNumbers@values()[2]", String.class));
+ }
+
public void testStaticMethodDisallow() {
OgnlValueStack vs = createValueStack(false);
@@ -1026,3 +1037,7 @@ public class OgnlValueStackTest extends XWorkTestCase {
}
}
}
+
+enum MyNumbers {
+ ONE, TWO, THREE
+}
\ No newline at end of file
http://git-wip-us.apache.org/repos/asf/struts/blob/bf6b37f2/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
index 748d5a9..61a91a0 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
@@ -190,6 +190,18 @@ public class SecurityMemberAccessTest extends TestCase {
assertFalse("stringField is accessible!", actual);
}
+ public void testAccessEnum() throws Exception {
+ // given
+ SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+ // when
+ Member values = MyValues.class.getMethod("values");
+ boolean actual = sma.isAccessible(context, MyValues.class, values, null);
+
+ // then
+ assertTrue("Access to enums is blocked!", actual);
+ }
+
}
class FooBar implements FooBarInterface {
@@ -233,4 +245,8 @@ interface BarInterface {
interface FooBarInterface extends FooInterface, BarInterface {
+}
+
+enum MyValues {
+ ONE, TWO, THREE
}
\ No newline at end of file