You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2014/05/04 11:58:09 UTC

git commit: Adds more use cases

Repository: struts
Updated Branches:
  refs/heads/feature/exclude-object-class b3ca9ea5e -> ba0ac0dfd


Adds more use cases


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/ba0ac0df
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/ba0ac0df
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/ba0ac0df

Branch: refs/heads/feature/exclude-object-class
Commit: ba0ac0dfd47c768661fcd5fa12bb00af851eb548
Parents: b3ca9ea
Author: Lukasz Lenart <lu...@apache.org>
Authored: Sun May 4 11:58:08 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Sun May 4 11:58:08 2014 +0200

----------------------------------------------------------------------
 .../xwork2/ognl/SecurityMemberAccess.java       |  4 +-
 .../xwork2/ognl/SecurityMemberAccessTest.java   | 84 +++++++++++++++++++-
 2 files changed, 83 insertions(+), 5 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/ba0ac0df/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index 7fe77c3..a35f68b 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -49,10 +49,10 @@ public class SecurityMemberAccess extends DefaultMemberAccess {
 
     @Override
     public boolean isAccessible(Map context, Object target, Member member, String propertyName) {
-
         if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
             return false;
         }
+
         boolean allow = true;
         int modifiers = member.getModifiers();
         if (Modifier.isStatic(modifiers)) {
@@ -83,7 +83,7 @@ public class SecurityMemberAccess extends DefaultMemberAccess {
             return true;
         }
         for (Class<?> excludedClass : excludedClasses) {
-            if (excludedClass.isAssignableFrom(targetClass) || declaringClass.isAssignableFrom(excludedClass)) {
+            if (targetClass.isAssignableFrom(excludedClass) || declaringClass.isAssignableFrom(excludedClass)) {
                 return true;
             }
         }

http://git-wip-us.apache.org/repos/asf/struts/blob/ba0ac0df/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
index 4ccc831..1c14cb2 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
@@ -84,7 +84,7 @@ public class SecurityMemberAccessTest extends TestCase {
         SecurityMemberAccess sma = new SecurityMemberAccess(false);
 
         String propertyName = "barLogic";
-        Member member = FooBar.class.getMethod("barLogic");
+        Member member = BarInterface.class.getMethod(propertyName);
 
         Set<Class<?>> excluded = new HashSet<Class<?>>();
         excluded.add(BarInterface.class);
@@ -97,9 +97,83 @@ public class SecurityMemberAccessTest extends TestCase {
         assertFalse("barLogic() from BarInterface is accessible!!!", accessible);
     }
 
+    public void testMiddleOfInheritanceExclusion1() throws Exception {
+        // given
+        SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+        String propertyName = "fooLogic";
+        Member member = FooBar.class.getMethod(propertyName);
+
+        Set<Class<?>> excluded = new HashSet<Class<?>>();
+        excluded.add(BarInterface.class);
+        sma.setExcludedClasses(excluded);
+
+        // when
+        boolean accessible = sma.isAccessible(context, target, member, propertyName);
+
+        // then
+        assertTrue("fooLogic() from FooInterface isn't accessible!!!", accessible);
+    }
+
+    public void testMiddleOfInheritanceExclusion2() throws Exception {
+        // given
+        SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+        String propertyName = "barLogic";
+        Member member = BarInterface.class.getMethod(propertyName);
+
+        Set<Class<?>> excluded = new HashSet<Class<?>>();
+        excluded.add(BarInterface.class);
+        sma.setExcludedClasses(excluded);
+
+        // when
+        boolean accessible = sma.isAccessible(context, target, member, propertyName);
+
+        // then
+        assertFalse("barLogic() from BarInterface is accessible!!!", accessible);
+    }
+
+    public void testMiddleOfInheritanceExclusion3() throws Exception {
+        // given
+        SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+        String propertyName = "barLogic";
+        Member member = BarInterface.class.getMethod(propertyName);
+
+/*
+        Set<Class<?>> excluded = new HashSet<Class<?>>();
+        excluded.add(BarInterface.class);
+        sma.setExcludedClasses(excluded);
+*/
+
+        // when
+        boolean accessible = sma.isAccessible(context, target, member, propertyName);
+
+        // then
+        assertTrue("barLogic() from BarInterface isn't accessible!!!", accessible);
+    }
+
+    public void testMiddleOfInheritanceExclusion4() throws Exception {
+        // given
+        SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+        String propertyName = "barLogic";
+        Member member = BarInterface.class.getMethod(propertyName);
+
+        Set<Class<?>> excluded = new HashSet<Class<?>>();
+        excluded.add(FooBarInterface.class);
+        sma.setExcludedClasses(excluded);
+
+        // when
+        boolean accessible = sma.isAccessible(context, target, member, propertyName);
+
+        // then
+        assertFalse("barLogic() from BarInterface is accessible!!!", accessible);
+    }
+
 }
 
-class FooBar implements FooInterface {
+class FooBar implements FooBarInterface {
 
     private String stringField;
 
@@ -126,7 +200,7 @@ class FooBar implements FooInterface {
 
 }
 
-interface FooInterface extends BarInterface {
+interface FooInterface {
 
     String fooLogic();
 
@@ -137,3 +211,7 @@ interface BarInterface {
     String barLogic();
 
 }
+
+interface FooBarInterface extends FooInterface, BarInterface {
+
+}
\ No newline at end of file