Return-Path: X-Original-To: apmail-struts-commits-archive@minotaur.apache.org Delivered-To: apmail-struts-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 4A731116CD for ; Wed, 18 Jun 2014 06:49:35 +0000 (UTC) Received: (qmail 82538 invoked by uid 500); 18 Jun 2014 06:49:22 -0000 Delivered-To: apmail-struts-commits-archive@struts.apache.org Received: (qmail 82474 invoked by uid 500); 18 Jun 2014 06:49:22 -0000 Mailing-List: contact commits-help@struts.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@struts.apache.org Delivered-To: mailing list commits@struts.apache.org Received: (qmail 82423 invoked by uid 99); 18 Jun 2014 06:49:22 -0000 Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org) (140.211.11.114) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Jun 2014 06:49:22 +0000 Received: by tyr.zones.apache.org (Postfix, from userid 65534) id 8444D83B384; Wed, 18 Jun 2014 06:49:22 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: lukaszlenart@apache.org To: commits@struts.apache.org Date: Wed, 18 Jun 2014 06:49:59 -0000 Message-Id: <0aafd6f313d243bcbe774d311fb9e386@git.apache.org> In-Reply-To: <20bec4e476d24a2e80ce3caab9f07683@git.apache.org> References: <20bec4e476d24a2e80ce3caab9f07683@git.apache.org> X-Mailer: ASF-Git Admin Mailer Subject: [42/50] git commit: Ties excluding packages into Struts DI mechanism Ties excluding packages into Struts DI mechanism Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/4ee18f96 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/4ee18f96 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/4ee18f96 Branch: refs/heads/develop Commit: 4ee18f96bc2d401f9007c5fd458c47b7ae4ff35d Parents: dba9da3 Author: Lukasz Lenart Authored: Fri May 23 09:58:33 2014 +0200 Committer: Lukasz Lenart Committed: Fri May 23 09:58:33 2014 +0200 ---------------------------------------------------------------------- .../java/org/apache/struts2/StrutsConstants.java | 3 ++- .../config/DefaultBeanSelectionProvider.java | 3 +++ core/src/main/resources/struts-default.xml | 2 ++ .../com/opensymphony/xwork2/XWorkConstants.java | 2 ++ .../com/opensymphony/xwork2/ognl/OgnlUtil.java | 17 ++++++++++++++++- .../opensymphony/xwork2/ognl/OgnlValueStack.java | 1 + 6 files changed, 26 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/4ee18f96/core/src/main/java/org/apache/struts2/StrutsConstants.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/struts2/StrutsConstants.java b/core/src/main/java/org/apache/struts2/StrutsConstants.java index 8c0c5ce..dd08993 100644 --- a/core/src/main/java/org/apache/struts2/StrutsConstants.java +++ b/core/src/main/java/org/apache/struts2/StrutsConstants.java @@ -282,8 +282,9 @@ public final class StrutsConstants { /** Allows override default DispatcherErrorHandler **/ public static final String STRUTS_DISPATCHER_ERROR_HANDLER = "struts.dispatcher.errorHandler"; - /** Comma delimited set of excluded classes which cannot be accessed via expressions **/ + /** Comma delimited set of excluded classes and package names which cannot be accessed via expressions **/ public static final String STRUTS_EXCLUDED_CLASSES = "struts.excludedClasses"; + public static final String STRUTS_EXCLUDED_PACKAGE_NAME_PATTERNS = "struts.excludedPackageNamePatterns"; /** Dedicated services to check if passed string is excluded/accepted **/ public static final String STRUTS_EXCLUDED_PATTERNS_CHECKER = "struts.excludedPatterns.checker"; http://git-wip-us.apache.org/repos/asf/struts/blob/4ee18f96/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java index 4334d3c..a671133 100644 --- a/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java +++ b/core/src/main/java/org/apache/struts2/config/DefaultBeanSelectionProvider.java @@ -403,7 +403,10 @@ public class DefaultBeanSelectionProvider extends AbstractBeanSelectionProvider convertIfExist(props, StrutsConstants.STRUTS_ENABLE_OGNL_EVAL_EXPRESSION, XWorkConstants.ENABLE_OGNL_EVAL_EXPRESSION); convertIfExist(props, StrutsConstants.STRUTS_ALLOW_STATIC_METHOD_ACCESS, XWorkConstants.ALLOW_STATIC_METHOD_ACCESS); convertIfExist(props, StrutsConstants.STRUTS_CONFIGURATION_XML_RELOAD, XWorkConstants.RELOAD_XML_CONFIGURATION); + convertIfExist(props, StrutsConstants.STRUTS_EXCLUDED_CLASSES, XWorkConstants.OGNL_EXCLUDED_CLASSES); + convertIfExist(props, StrutsConstants.STRUTS_EXCLUDED_PACKAGE_NAME_PATTERNS, XWorkConstants.OGNL_EXCLUDED_PACKAGE_NAME_PATTERNS); + convertIfExist(props, StrutsConstants.STRUTS_OVERRIDE_EXCLUDED_PATTERNS, XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS); convertIfExist(props, StrutsConstants.STRUTS_OVERRIDE_ACCEPTED_PATTERNS, XWorkConstants.OVERRIDE_ACCEPTED_PATTERNS); http://git-wip-us.apache.org/repos/asf/struts/blob/4ee18f96/core/src/main/resources/struts-default.xml ---------------------------------------------------------------------- diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml index a1aa63f..0275a48 100644 --- a/core/src/main/resources/struts-default.xml +++ b/core/src/main/resources/struts-default.xml @@ -39,6 +39,8 @@ + + http://git-wip-us.apache.org/repos/asf/struts/blob/4ee18f96/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java b/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java index b846ac0..830df78 100644 --- a/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/XWorkConstants.java @@ -17,7 +17,9 @@ public final class XWorkConstants { public static final String RELOAD_XML_CONFIGURATION = "reloadXmlConfiguration"; public static final String ALLOW_STATIC_METHOD_ACCESS = "allowStaticMethodAccess"; public static final String XWORK_LOGGER_FACTORY = "xwork.loggerFactory"; + public static final String OGNL_EXCLUDED_CLASSES = "ognlExcludedClasses"; + public static final String OGNL_EXCLUDED_PACKAGE_NAME_PATTERNS = "ognlExcludedPackageNamePatterns"; public static final String OVERRIDE_EXCLUDED_PATTERNS = "overrideExcludedPatterns"; public static final String OVERRIDE_ACCEPTED_PATTERNS = "overrideAcceptedPatterns"; http://git-wip-us.apache.org/repos/asf/struts/blob/4ee18f96/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java index 1c17eca..b0345fc 100644 --- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java @@ -16,7 +16,6 @@ package com.opensymphony.xwork2.ognl; import com.opensymphony.xwork2.XWorkConstants; -import com.opensymphony.xwork2.XWorkException; import com.opensymphony.xwork2.config.ConfigurationException; import com.opensymphony.xwork2.conversion.impl.XWorkConverter; import com.opensymphony.xwork2.inject.Container; @@ -47,6 +46,7 @@ import java.util.Map; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; +import java.util.regex.Pattern; /** @@ -67,6 +67,8 @@ public class OgnlUtil { private boolean enableEvalExpression; private Set> excludedClasses = new HashSet>(); + private Set excludedPackageNamePatterns = new HashSet(); + private Container container; private boolean allowStaticMethodAccess; @@ -106,10 +108,22 @@ public class OgnlUtil { } } + @Inject(value = XWorkConstants.OGNL_EXCLUDED_PACKAGE_NAME_PATTERNS, required = false) + public void setExcludedPackageName(String commaDelimitedPackagePatterns) { + Set packagePatterns = TextParseUtil.commaDelimitedStringToSet(commaDelimitedPackagePatterns); + for (String pattern : packagePatterns) { + excludedPackageNamePatterns.add(Pattern.compile(pattern)); + } + } + public Set> getExcludedClasses() { return excludedClasses; } + public Set getExcludedPackageNamePatterns() { + return excludedPackageNamePatterns; + } + @Inject public void setContainer(Container container) { this.container = container; @@ -568,6 +582,7 @@ public class OgnlUtil { SecurityMemberAccess memberAccess = new SecurityMemberAccess(allowStaticMethodAccess); memberAccess.setExcludedClasses(excludedClasses); + memberAccess.setExcludedPackageNamePatterns(excludedPackageNamePatterns); return Ognl.createDefaultContext(root, resolver, defaultConverter, memberAccess); } http://git-wip-us.apache.org/repos/asf/struts/blob/4ee18f96/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java index 1e4a576..acf54c4 100644 --- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlValueStack.java @@ -80,6 +80,7 @@ public class OgnlValueStack implements Serializable, ValueStack, ClearableValueS public void setOgnlUtil(OgnlUtil ognlUtil) { this.ognlUtil = ognlUtil; securityMemberAccess.setExcludedClasses(ognlUtil.getExcludedClasses()); + securityMemberAccess.setExcludedPackageNamePatterns(ognlUtil.getExcludedPackageNamePatterns()); } protected void setRoot(XWorkConverter xworkConverter, CompoundRootAccessor accessor, CompoundRoot compoundRoot,