Return-Path: 
 <commits-return-13143-apmail-struts-commits-archive=struts.apache.org@struts.apache.org>
X-Original-To: apmail-struts-commits-archive@minotaur.apache.org
Delivered-To: apmail-struts-commits-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 0664A116AF
	for <apmail-struts-commits-archive@minotaur.apache.org>;
 Wed, 18 Jun 2014 06:49:28 +0000 (UTC)
Received: (qmail 79531 invoked by uid 500); 18 Jun 2014 06:49:19 -0000
Delivered-To: apmail-struts-commits-archive@struts.apache.org
Received: (qmail 79475 invoked by uid 500); 18 Jun 2014 06:49:19 -0000
Mailing-List: contact commits-help@struts.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@struts.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@struts.apache.org>
List-Post: <mailto:commits@struts.apache.org>
List-Id: <commits.struts.apache.org>
Reply-To: dev@struts.apache.org
Delivered-To: mailing list commits@struts.apache.org
Received: (qmail 79342 invoked by uid 99); 18 Jun 2014 06:49:19 -0000
Received: from tyr.zones.apache.org (HELO tyr.zones.apache.org)
 (140.211.11.114)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 18 Jun 2014 06:49:19 +0000
Received: by tyr.zones.apache.org (Postfix, from userid 65534)
	id 9AAFE83B346; Wed, 18 Jun 2014 06:49:19 +0000 (UTC)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: lukaszlenart@apache.org
To: commits@struts.apache.org
Date: Wed, 18 Jun 2014 06:49:28 -0000
Message-Id: <6e306e98fe63459e8713f38736c14638@git.apache.org>
In-Reply-To: <20bec4e476d24a2e80ce3caab9f07683@git.apache.org>
References: <20bec4e476d24a2e80ce3caab9f07683@git.apache.org>
X-Mailer: ASF-Git Admin Mailer
Subject: [11/50] git commit: Creates default context with excluded classes

Creates default context with excluded classes


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/27980572
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/27980572
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/27980572

Branch: refs/heads/develop
Commit: 279805721d6223673b5cb93e29fa91a4bbe0ea90
Parents: d5bd607
Author: Lukasz Lenart <lukaszlenart@apache.org>
Authored: Sat May 3 20:15:53 2014 +0200
Committer: Lukasz Lenart <lukaszlenart@apache.org>
Committed: Sat May 3 20:15:53 2014 +0200

----------------------------------------------------------------------
 .../com/opensymphony/xwork2/ognl/OgnlUtil.java  | 78 +++++++++++++-------
 1 file changed, 51 insertions(+), 27 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/27980572/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
----------------------------------------------------------------------
diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index 5e06977..1c17eca 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -16,13 +16,18 @@
 package com.opensymphony.xwork2.ognl;
 
 import com.opensymphony.xwork2.XWorkConstants;
+import com.opensymphony.xwork2.XWorkException;
+import com.opensymphony.xwork2.config.ConfigurationException;
 import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
+import com.opensymphony.xwork2.inject.Container;
 import com.opensymphony.xwork2.inject.Inject;
+import com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor;
 import com.opensymphony.xwork2.util.CompoundRoot;
 import com.opensymphony.xwork2.util.TextParseUtil;
 import com.opensymphony.xwork2.util.logging.Logger;
 import com.opensymphony.xwork2.util.logging.LoggerFactory;
 import com.opensymphony.xwork2.util.reflection.ReflectionException;
+import ognl.ClassResolver;
 import ognl.Ognl;
 import ognl.OgnlContext;
 import ognl.OgnlException;
@@ -61,7 +66,9 @@ public class OgnlUtil {
     private boolean enableExpressionCache = true;
     private boolean enableEvalExpression;
 
-    private Set<String> excludedProperties = new HashSet<String>();
+    private Set<Class<?>> excludedClasses = new HashSet<Class<?>>();
+    private Container container;
+    private boolean allowStaticMethodAccess;
 
     @Inject
     public void setXWorkConverter(XWorkConverter conv) {
@@ -87,15 +94,32 @@ public class OgnlUtil {
         }
     }
 
-    @Inject(value = XWorkConstants.OGNL_EXCLUDED_PROPERTIES, required = false)
-    public void setExcludedProperties(String commaDelimitedProperties) {
-        Set<String> props = TextParseUtil.commaDelimitedStringToSet(commaDelimitedProperties);
-        for (String prop : props) {
-            excludedProperties.add(prop);
-            excludedProperties.add(prop + "()");
+    @Inject(value = XWorkConstants.OGNL_EXCLUDED_CLASSES, required = false)
+    public void setExcludedClasses(String commaDelimitedClasses) {
+        Set<String> classes = TextParseUtil.commaDelimitedStringToSet(commaDelimitedClasses);
+        for (String className : classes) {
+            try {
+                excludedClasses.add(Class.forName(className));
+            } catch (ClassNotFoundException e) {
+                throw new ConfigurationException("Cannot load excluded class: " + className, e);
+            }
         }
     }
 
+    public Set<Class<?>> getExcludedClasses() {
+        return excludedClasses;
+    }
+
+    @Inject
+    public void setContainer(Container container) {
+        this.container = container;
+    }
+
+    @Inject(value = XWorkConstants.ALLOW_STATIC_METHOD_ACCESS, required = false)
+    public void setAllowStaticMethodAccess(String allowStaticMethodAccess) {
+        this.allowStaticMethodAccess = Boolean.parseBoolean(allowStaticMethodAccess);
+    }
+
     /**
      * Sets the object's properties using the default type converter, defaulting to not throw
      * exceptions for problems setting the properties.
@@ -155,7 +179,7 @@ public class OgnlUtil {
      *                                problems setting the properties
      */
     public void setProperties(Map<String, ?> properties, Object o, boolean throwPropertyExceptions) {
-        Map context = Ognl.createDefaultContext(o);
+        Map context = createDefaultContext(o, null);
         setProperties(properties, o, context, throwPropertyExceptions);
     }
 
@@ -293,13 +317,11 @@ public class OgnlUtil {
             if (tree == null) {
                 tree = Ognl.parseExpression(expression);
                 checkEnableEvalExpression(tree, context);
-                checkExcludedPropertiesAccess(tree, null);
                 expressions.putIfAbsent(expression, tree);
             }
         } else {
             tree = Ognl.parseExpression(expression);
             checkEnableEvalExpression(tree, context);
-            checkExcludedPropertiesAccess(tree, null);
         }
 
 
@@ -309,20 +331,6 @@ public class OgnlUtil {
         return exec;
     }
 
-    private void checkExcludedPropertiesAccess(Object tree, SimpleNode parent) throws OgnlException {
-        if (tree instanceof SimpleNode) {
-            SimpleNode node = (SimpleNode) tree;
-            for (String excludedPattern : excludedProperties) {
-                if (excludedPattern.equalsIgnoreCase(node.toString())) {
-                    throw new OgnlException("Tree [" + (parent != null ? parent : tree) + "] trying access excluded pattern [" + excludedPattern + "]");
-                }
-               for (int i = 0; i < node.jjtGetNumChildren(); i++) {
-                   checkExcludedPropertiesAccess(node.jjtGetChild(i), node);
-               }
-            }
-        }
-    }
-
     public Object compile(String expression, Map<String, Object> context) throws OgnlException {
         return compileAndExecute(expression,context,new OgnlTask<Object>() {
             public Object execute(Object tree) throws OgnlException {
@@ -359,9 +367,9 @@ public class OgnlUtil {
         }
 
         TypeConverter conv = getTypeConverterFromContext(context);
-        final Map contextFrom = Ognl.createDefaultContext(from);
+        final Map contextFrom = createDefaultContext(from, null);
         Ognl.setTypeConverter(contextFrom, conv);
-        final Map contextTo = Ognl.createDefaultContext(to);
+        final Map contextTo = createDefaultContext(to, null);
         Ognl.setTypeConverter(contextTo, conv);
 
         PropertyDescriptor[] fromPds;
@@ -470,7 +478,7 @@ public class OgnlUtil {
      */
     public Map<String, Object> getBeanMap(final Object source) throws IntrospectionException, OgnlException {
         Map<String, Object> beanMap = new HashMap<String, Object>();
-        final Map sourceMap = Ognl.createDefaultContext(source);
+        final Map sourceMap = createDefaultContext(source, null);
         PropertyDescriptor[] propertyDescriptors = getPropertyDescriptors(source);
         for (PropertyDescriptor propertyDescriptor : propertyDescriptors) {
             final String propertyName = propertyDescriptor.getDisplayName();
@@ -548,6 +556,22 @@ public class OgnlUtil {
         return defaultConverter;
     }
 
+    protected Map createDefaultContext(Object root) {
+        return createDefaultContext(root, null);
+    }
+
+    protected Map createDefaultContext(Object root, ClassResolver classResolver) {
+        ClassResolver resolver = classResolver;
+        if (resolver == null) {
+            resolver = container.getInstance(CompoundRootAccessor.class);
+        }
+
+        SecurityMemberAccess memberAccess = new SecurityMemberAccess(allowStaticMethodAccess);
+        memberAccess.setExcludedClasses(excludedClasses);
+
+        return Ognl.createDefaultContext(root, resolver, defaultConverter, memberAccess);
+    }
+
     private interface OgnlTask<T> {
         T execute(Object tree) throws OgnlException;
     }