You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@struts.apache.org by lu...@apache.org on 2014/05/14 08:27:50 UTC
[39/50] [abbrv] git commit: Converts class with patterns into Struts
bean
Converts class with patterns into Struts bean
Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/65c023b6
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/65c023b6
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/65c023b6
Branch: refs/heads/feature/exclude-object-class
Commit: 65c023b6f3e848fae13135ee90c101a0d0e2f262
Parents: 08b44fd
Author: Lukasz Lenart <lu...@apache.org>
Authored: Mon May 12 08:26:12 2014 +0200
Committer: Lukasz Lenart <lu...@apache.org>
Committed: Mon May 12 08:26:12 2014 +0200
----------------------------------------------------------------------
core/src/main/resources/struts-default.xml | 4 +
.../opensymphony/xwork2/ExcludedPatterns.java | 22 ---
.../xwork2/ExcludedPatternsChecker.java | 135 +++++++++++++++++++
3 files changed, 139 insertions(+), 22 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/struts/blob/65c023b6/core/src/main/resources/struts-default.xml
----------------------------------------------------------------------
diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml
index 1f37ea2..554a8ba 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -144,6 +144,10 @@
<bean type="ognl.PropertyAccessor" name="java.util.HashSet" class="com.opensymphony.xwork2.ognl.accessor.XWorkCollectionPropertyAccessor" />
<bean type="ognl.PropertyAccessor" name="java.util.HashMap" class="com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor" />
+ <bean type="com.opensymphony.xwork2.ExcludedPatternsChecker" name="struts" class="com.opensymphony.xwork2.ExcludedPatternsChecker" scope="request"/>
+
+ <constant name="struts.excludedPatterns.checker" value="struts"/>
+
<package name="struts-default" abstract="true">
<result-types>
<result-type name="chain" class="com.opensymphony.xwork2.ActionChainResult"/>
http://git-wip-us.apache.org/repos/asf/struts/blob/65c023b6/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
deleted file mode 100644
index b618a52..0000000
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatterns.java
+++ /dev/null
@@ -1,22 +0,0 @@
-package com.opensymphony.xwork2;
-
-/**
- * ExcludedPatterns contains hard-coded patterns that must be rejected by {@link com.opensymphony.xwork2.interceptor.ParametersInterceptor}
- * and partially in CookInterceptor
- */
-public class ExcludedPatterns {
-
- public static final String CLASS_ACCESS_PATTERN = "(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*";
-
- public static final String[] EXCLUDED_PATTERNS = {
- CLASS_ACCESS_PATTERN,
- "^dojo\\..*",
- "^struts\\..*",
- "^session\\..*",
- "^request\\..*",
- "^application\\..*",
- "^servlet(Request|Response)\\..*",
- "^parameters\\..*"
- };
-
-}
http://git-wip-us.apache.org/repos/asf/struts/blob/65c023b6/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
new file mode 100644
index 0000000..ee3eea6
--- /dev/null
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java
@@ -0,0 +1,135 @@
+package com.opensymphony.xwork2;
+
+import com.opensymphony.xwork2.inject.Inject;
+import com.opensymphony.xwork2.util.TextParseUtil;
+import com.opensymphony.xwork2.util.logging.Logger;
+import com.opensymphony.xwork2.util.logging.LoggerFactory;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+/**
+ * Used across different interceptors to check if given string matches one of the excluded patterns.
+ * User has two options to change its behaviour:
+ * - define new set of patterns with <constant name="struts.override.excludedPatterns" value=".."/>
+ * - override this class and use then extension point <constant name="struts.excludedPatterns.checker" value="myChecker"/>
+ * to inject it in appropriated places
+ */
+public class ExcludedPatternsChecker {
+
+ private static final Logger LOG = LoggerFactory.getLogger(ExcludedPatternsChecker.class);
+
+ public static final String[] EXCLUDED_PATTERNS = {
+ "(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*",
+ "^dojo\\..*",
+ "^struts\\..*",
+ "^session\\..*",
+ "^request\\..*",
+ "^application\\..*",
+ "^servlet(Request|Response)\\..*",
+ "^parameters\\..*"
+ };
+
+ private Set<Pattern> excludedPatterns;
+
+ public ExcludedPatternsChecker() {
+ excludedPatterns = new HashSet<Pattern>();
+ for (String pattern : EXCLUDED_PATTERNS) {
+ excludedPatterns.add(Pattern.compile(pattern));
+ }
+ }
+
+ @Inject(value = XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, required = false)
+ public void setOverrideExcludePatterns(String excludePatterns) {
+ if (LOG.isWarnEnabled()) {
+ LOG.warn("Overriding [#0] with [#1], be aware that this can affect safety of your application!",
+ XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, excludePatterns);
+ }
+ excludedPatterns = new HashSet<Pattern>();
+ for (String pattern : TextParseUtil.commaDelimitedStringToSet(excludePatterns)) {
+ excludedPatterns.add(Pattern.compile(pattern));
+ }
+ }
+
+ /**
+ * Allows add additional excluded patterns during runtime
+ *
+ * @param commaDelimitedPatterns comma delimited string with patterns
+ */
+ public void addExcludedPatterns(String commaDelimitedPatterns) {
+ addExcludedPatterns(TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns));
+ }
+
+ /**
+ * Allows add additional excluded patterns during runtime
+ *
+ * @param additionalPatterns array of additional excluded patterns
+ */
+ public void addExcludedPatterns(String[] additionalPatterns) {
+ addExcludedPatterns(new HashSet<String>(Arrays.asList(additionalPatterns)));
+ }
+
+ /**
+ * Allows add additional excluded patterns during runtime
+ *
+ * @param additionalPatterns set of additional patterns
+ */
+ public void addExcludedPatterns(Set<String> additionalPatterns) {
+ if (LOG.isTraceEnabled()) {
+ LOG.trace("Adding additional excluded patterns [#0]", additionalPatterns);
+ }
+ for (String pattern : additionalPatterns) {
+ excludedPatterns.add(Pattern.compile(pattern));
+ }
+ }
+
+ public IsExcluded isExcluded(String value) {
+ for (Pattern excludedPattern : excludedPatterns) {
+ if (excludedPattern.matcher(value).matches()) {
+ if (LOG.isTraceEnabled()) {
+ LOG.trace("[#0] matches excluded pattern [#1]", value, excludedPattern);
+ }
+ return IsExcluded.yes(excludedPattern);
+ }
+ }
+ return IsExcluded.no();
+ }
+
+ public final static class IsExcluded {
+
+ private final boolean excluded;
+ private final Pattern excludedPattern;
+
+ public static IsExcluded yes(Pattern excludedPattern) {
+ return new IsExcluded(true, excludedPattern);
+ }
+
+ public static IsExcluded no() {
+ return new IsExcluded(false, null);
+ }
+
+ private IsExcluded(boolean excluded, Pattern excludedPattern) {
+ this.excluded = excluded;
+ this.excludedPattern = excludedPattern;
+ }
+
+ public boolean isExcluded() {
+ return excluded;
+ }
+
+ public Pattern getExcludedPattern() {
+ return excludedPattern;
+ }
+
+ @Override
+ public String toString() {
+ return "IsExcluded { " +
+ "excluded=" + excluded +
+ ", excludedPattern=" + excludedPattern +
+ " }";
+ }
+ }
+
+}