You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2014/05/03 20:18:57 UTC
[3/8] git commit: Creates default context with excluded classes
Creates default context with excluded classes
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/27980572
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/27980572
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/27980572
Branch: refs/heads/feature/exclude-object-class
Commit: 279805721d6223673b5cb93e29fa91a4bbe0ea90
Parents: d5bd607
Author: Lukasz Lenart <lu...@apache.org>
Authored: Sat May 3 20:15:53 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Sat May 3 20:15:53 2014 +0200
----------------------------------------------------------------------
.../com/opensymphony/xwork2/ognl/OgnlUtil.java | 78 +++++++++++++-------
1 file changed, 51 insertions(+), 27 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/27980572/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index 5e06977..1c17eca 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -16,13 +16,18 @@
package com.opensymphony.xwork2.ognl;
import com.opensymphony.xwork2.XWorkConstants;
+import com.opensymphony.xwork2.XWorkException;
+import com.opensymphony.xwork2.config.ConfigurationException;
import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
+import com.opensymphony.xwork2.inject.Container;
import com.opensymphony.xwork2.inject.Inject;
+import com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor;
import com.opensymphony.xwork2.util.CompoundRoot;
import com.opensymphony.xwork2.util.TextParseUtil;
import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
import com.opensymphony.xwork2.util.reflection.ReflectionException;
+import ognl.ClassResolver;
import ognl.Ognl;
import ognl.OgnlContext;
import ognl.OgnlException;
@@ -61,7 +66,9 @@ public class OgnlUtil {
private boolean enableExpressionCache = true;
private boolean enableEvalExpression;
- private Set<String> excludedProperties = new HashSet<String>();
+ private Set<Class<?>> excludedClasses = new HashSet<Class<?>>();
+ private Container container;
+ private boolean allowStaticMethodAccess;
@Inject
public void setXWorkConverter(XWorkConverter conv) {
@@ -87,15 +94,32 @@ public class OgnlUtil {
}
}
- @Inject(value = XWorkConstants.OGNL_EXCLUDED_PROPERTIES, required = false)
- public void setExcludedProperties(String commaDelimitedProperties) {
- Set<String> props = TextParseUtil.commaDelimitedStringToSet(commaDelimitedProperties);
- for (String prop : props) {
- excludedProperties.add(prop);
- excludedProperties.add(prop + "()");
+ @Inject(value = XWorkConstants.OGNL_EXCLUDED_CLASSES, required = false)
+ public void setExcludedClasses(String commaDelimitedClasses) {
+ Set<String> classes = TextParseUtil.commaDelimitedStringToSet(commaDelimitedClasses);
+ for (String className : classes) {
+ try {
+ excludedClasses.add(Class.forName(className));
+ } catch (ClassNotFoundException e) {
+ throw new ConfigurationException("Cannot load excluded class: " + className, e);
+ }
}
}
+ public Set<Class<?>> getExcludedClasses() {
+ return excludedClasses;
+ }
+
+ @Inject
+ public void setContainer(Container container) {
+ this.container = container;
+ }
+
+ @Inject(value = XWorkConstants.ALLOW_STATIC_METHOD_ACCESS, required = false)
+ public void setAllowStaticMethodAccess(String allowStaticMethodAccess) {
+ this.allowStaticMethodAccess = Boolean.parseBoolean(allowStaticMethodAccess);
+ }
+
/**
* Sets the object's properties using the default type converter, defaulting to not throw
* exceptions for problems setting the properties.
@@ -155,7 +179,7 @@ public class OgnlUtil {
* problems setting the properties
*/
public void setProperties(Map<String, ?> properties, Object o, boolean throwPropertyExceptions) {
- Map context = Ognl.createDefaultContext(o);
+ Map context = createDefaultContext(o, null);
setProperties(properties, o, context, throwPropertyExceptions);
}
@@ -293,13 +317,11 @@ public class OgnlUtil {
if (tree == null) {
tree = Ognl.parseExpression(expression);
checkEnableEvalExpression(tree, context);
- checkExcludedPropertiesAccess(tree, null);
expressions.putIfAbsent(expression, tree);
}
} else {
tree = Ognl.parseExpression(expression);
checkEnableEvalExpression(tree, context);
- checkExcludedPropertiesAccess(tree, null);
}
@@ -309,20 +331,6 @@ public class OgnlUtil {
return exec;
}
- private void checkExcludedPropertiesAccess(Object tree, SimpleNode parent) throws OgnlException {
- if (tree instanceof SimpleNode) {
- SimpleNode node = (SimpleNode) tree;
- for (String excludedPattern : excludedProperties) {
- if (excludedPattern.equalsIgnoreCase(node.toString())) {
- throw new OgnlException("Tree [" + (parent != null ? parent : tree) + "] trying access excluded pattern [" + excludedPattern + "]");
- }
- for (int i = 0; i < node.jjtGetNumChildren(); i++) {
- checkExcludedPropertiesAccess(node.jjtGetChild(i), node);
- }
- }
- }
- }
-
public Object compile(String expression, Map<String, Object> context) throws OgnlException {
return compileAndExecute(expression,context,new OgnlTask<Object>() {
public Object execute(Object tree) throws OgnlException {
@@ -359,9 +367,9 @@ public class OgnlUtil {
}
TypeConverter conv = getTypeConverterFromContext(context);
- final Map contextFrom = Ognl.createDefaultContext(from);
+ final Map contextFrom = createDefaultContext(from, null);
Ognl.setTypeConverter(contextFrom, conv);
- final Map contextTo = Ognl.createDefaultContext(to);
+ final Map contextTo = createDefaultContext(to, null);
Ognl.setTypeConverter(contextTo, conv);
PropertyDescriptor[] fromPds;
@@ -470,7 +478,7 @@ public class OgnlUtil {
*/
public Map<String, Object> getBeanMap(final Object source) throws IntrospectionException, OgnlException {
Map<String, Object> beanMap = new HashMap<String, Object>();
- final Map sourceMap = Ognl.createDefaultContext(source);
+ final Map sourceMap = createDefaultContext(source, null);
PropertyDescriptor[] propertyDescriptors = getPropertyDescriptors(source);
for (PropertyDescriptor propertyDescriptor : propertyDescriptors) {
final String propertyName = propertyDescriptor.getDisplayName();
@@ -548,6 +556,22 @@ public class OgnlUtil {
return defaultConverter;
}
+ protected Map createDefaultContext(Object root) {
+ return createDefaultContext(root, null);
+ }
+
+ protected Map createDefaultContext(Object root, ClassResolver classResolver) {
+ ClassResolver resolver = classResolver;
+ if (resolver == null) {
+ resolver = container.getInstance(CompoundRootAccessor.class);
+ }
+
+ SecurityMemberAccess memberAccess = new SecurityMemberAccess(allowStaticMethodAccess);
+ memberAccess.setExcludedClasses(excludedClasses);
+
+ return Ognl.createDefaultContext(root, resolver, defaultConverter, memberAccess);
+ }
+
private interface OgnlTask<T> {
T execute(Object tree) throws OgnlException;
}