struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Greg Huber (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (WW-4596) Strict DMI causes This method: for action is not allowed!
Date Thu, 04 Feb 2016 15:52:39 GMT

    [ https://issues.apache.org/jira/browse/WW-4596?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15132476#comment-15132476
] 

Greg Huber edited comment on WW-4596 at 2/4/16 3:51 PM:
--------------------------------------------------------

Another possibility is in the ActionConfig Builder inner class is to remove the add addAllowedMethod(method);
(which is adding the \{x\})
and then when its build in XmlConfigurationProvider decide if the method is needed in the
permissions.

{code:java}
public Builder methodName(String method) {
            target.methodName = method;
            //addAllowedMethod(method);
           return this;
 }
{code}

XmlConfigurationProvider :

{code:java}
        boolean isPattern = true;
        if (methodName!= null && packageContext.isStrictMethodInvocation()) {
            int len = methodName.length();
            char c;
            for (int x = 0; x < len; x++) {
                c = methodName.charAt(x);
                if (x < len - 2 && c == '{' && '}' == methodName.charAt(x
+ 2)) {
                	 isPattern = false;
                    break;
                }
            }
        } 
        if (methodName!=null && isPattern) {
        	allowedMethods.add(methodName);
	}
{code}

This will only affect the permissions not the method x\{1\}x stuff and since action permissions
inherit (?) from the "orig" value it should work.  

This also works with 
{code:java}
<action name="myView!*" method="prefix{0}suffix" class="ui.struts2.editor.MyView">
{code}

As you need a method to pass SMI
<allowed-methods>prefixmyViewsuffix</allowed-methods>

The only thing that does not work is the message when there is no allowed method :

There is no Action mapped for namespace [/mynamespace] and action name [myView] associated
with context path [/mycontext].

nuff said....




was (Author: gregh99):
Another possibility is in the ActionConfig Builder inner class is to remove the add addAllowedMethod(method);
(which is adding the \{x\})
and then when its build in XmlConfigurationProvider decide if the method is needed in the
permissions.

{code:java}
public Builder methodName(String method) {
            target.methodName = method;
            //addAllowedMethod(method);
           return this;
 }
{code}

XmlConfigurationProvider :

{code:java}
        boolean isPattern = true;
        if (methodName!= null && packageContext.isStrictMethodInvocation()) {
            int len = methodName.length();
            char c;
            for (int x = 0; x < len; x++) {
                c = methodName.charAt(x);
                if (x < len - 2 && c == '{' && '}' == methodName.charAt(x
+ 2)) {
                	 isPattern = false;
                    break;
                }
            }
        } 
        if (methodName!=null && isPattern) {
        	allowedMethods.add(methodName);
	}
{code}

This will only affect the permissions not the method x{1}x stuff and since action permissions
inherit (?) from the "orig" value it should work.  

This also works with 
{code:java}
<action name="myView!*" method="prefix{0}suffix" class="ui.struts2.editor.MyView">
{code}

As you need a method to pass SMI
<allowed-methods>prefixmyViewsuffix</allowed-methods>

The only thing that does not work is the message when there is no allowed method :

There is no Action mapped for namespace [/mynamespace] and action name [myView] associated
with context path [/mycontext].

nuff said....



> Strict DMI causes This method: for action is not allowed!  
> -----------------------------------------------------------
>
>                 Key: WW-4596
>                 URL: https://issues.apache.org/jira/browse/WW-4596
>             Project: Struts 2
>          Issue Type: Bug
>          Components: Core Actions
>    Affects Versions: 2.5
>            Reporter: Greg Huber
>             Fix For: 2.5
>
>
> I have tried adding
> {code:xml}
> <global-allowed-methods>execute,input,cancel</global-allowed-methods>
> {code}
> and get
> {noformat}
> This method: cancel for action eventAdd is not allowed! - [unknown location]
> {noformat}
> {code:xml}
> <action name="eventAdd!*" method="{1}"
>                 class="ui.struts2.editor.EventAdd">
>             <result name="input" type="tiles">.EventAdd</result>
>             <result name="success" type="chain">eventEdit</result>
>             <result name="cancel" type="redirectAction">
>                 <param name="actionName">memberEvents</param>
>                 <param name="pgn">${bean.pageNum}</param>
>                 <param name="suppressEmptyParameters">true</param>
>             </result>
>         </action>
> {code}
> checking ActionConfig:
> {code:java}
> public boolean isAllowedMethod(String method) {
>         return method.equals(methodName != null ? methodName : DEFAULT_METHOD) || allowedMethods.isAllowed(method);
>     }
> {code}
> Debugging  I get a calls to isAllowedMethod with :
> {noformat}
> 1 methodName = {1}​ and method = execute
> 2 methodName = execute and method = cancel
> {noformat}
> ​Only #1 has the required cancel
> #2 there is only a {{\[LiteralAllowedMethod\{allowedMethod='execute'\}\]}}
> On further investigation {{com.opensymphony.xwork2.config.implActionConfigMatcher}} seems
to create a new ActionConfig but then only uses the default allowed names:
> {code:java}
> return new ActionConfig.Builder(pkgName, orig.getName(), className)
>                 .methodName(methodName)
>                 .addParams(params)
>                 .addResultConfigs(results)
>                 .addInterceptors(orig.getInterceptors())
>                 .addExceptionMappings(exs)
>                 .location(orig.getLocation())
>                 .build();
> {code}
> Could use the original by appending .addAllowedMethod(orig.getAllowedMethods()), but
I guess it should come from the ActionConfig stored in the packageContext or wherever the
orig object gets its allowedMethods from.
> Cheers Greg



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message