str...

lukaszlenart Thu, 28 Nov 2013 23:13:23 -0800

Author: lukaszlenart
Date: Fri Nov 29 07:12:14 2013
New Revision: 1546514

URL: http://svn.apache.org/r1546514
Log:
WW-4227 Temporally reverts changes related to SecurityGate to allow prepare new 
release without introducing new API


Removed:
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/security/DefaultSecurityGate.java
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/security/ParameterNameSecurityGuard.java
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/security/ParameterValueSecurityGuard.java
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/security/SecurityGate.java
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/security/SecurityGuard.java
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/security/SecurityPass.java
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/security/StrutsSecurityException.java
    
struts/struts2/trunk/core/src/test/java/org/apache/struts2/security/ParameterNameSecurityGuardTest.java
    
struts/struts2/trunk/core/src/test/java/org/apache/struts2/security/ParameterValueSecurityGuardTest.java
Modified:
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java
    
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/PrepareOperations.java
    struts/struts2/trunk/core/src/main/resources/struts-default.xml

Modified: 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java?rev=1546514&r1=1546513&r2=1546514&view=diff
==============================================================================
--- 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java 
(original)
+++ 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/StrutsConstants.java 
Fri Nov 29 07:12:14 2013
@@ -271,9 +271,6 @@ public final class StrutsConstants {
     /** actions names' whitelist **/
     public static final String STRUTS_ALLOWED_ACTION_NAMES = 
"struts.allowed.action.names";
 
-    /** Security firewall **/
-    public static final String STRUTS_SECURITY_GATE = "struts.securityGate";
-
     /** enables action: prefix **/
     public static final String STRUTS_MAPPER_ACTION_PREFIX_ENABLED = 
"struts.mapper.action.prefix.enabled";
 

Modified: 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java?rev=1546514&r1=1546513&r2=1546514&view=diff
==============================================================================
--- 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java
 (original)
+++ 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/Dispatcher.java
 Fri Nov 29 07:12:14 2013
@@ -65,7 +65,6 @@ import org.apache.struts2.config.StrutsX
 import org.apache.struts2.dispatcher.mapper.ActionMapping;
 import org.apache.struts2.dispatcher.multipart.MultiPartRequest;
 import org.apache.struts2.dispatcher.multipart.MultiPartRequestWrapper;
-import org.apache.struts2.security.SecurityGate;
 import org.apache.struts2.util.AttributeMap;
 import org.apache.struts2.util.ObjectFactoryDestroyable;
 import org.apache.struts2.util.fs.JBossFileManager;
@@ -210,8 +209,6 @@ public class Dispatcher {
 
     private ValueStackFactory valueStackFactory;
 
-    private SecurityGate securityGate;
-
     /**
      * Create the Dispatcher instance for a given ServletContext and set of 
initialization parameters.
      *
@@ -283,11 +280,6 @@ public class Dispatcher {
         this.handleException = Boolean.parseBoolean(handleException);
     }
 
-    @Inject
-    public void setSecurityGate(SecurityGate securityGate) {
-        this.securityGate = securityGate;
-    }
-
     /**
      * Releases all instances bound to this dispatcher instance.
      */
@@ -937,15 +929,6 @@ public class Dispatcher {
     }
 
     /**
-     * Checks if request doesn't contain suspicious values
-     *
-     * @param request current {@link HttpServletRequest}
-     */
-    public void checkRequest(HttpServletRequest request) {
-        securityGate.check(request);
-    }
-
-    /**
      * Provide an accessor class for static XWork utility.
      */
     public static class Locator {

Modified: 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/PrepareOperations.java
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/PrepareOperations.java?rev=1546514&r1=1546513&r2=1546514&view=diff
==============================================================================
--- 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/PrepareOperations.java
 (original)
+++ 
struts/struts2/trunk/core/src/main/java/org/apache/struts2/dispatcher/ng/PrepareOperations.java
 Fri Nov 29 07:12:14 2013
@@ -158,7 +158,6 @@ public class PrepareOperations {
         ActionMapping mapping = (ActionMapping) 
request.getAttribute(STRUTS_ACTION_MAPPING_KEY);
         if (mapping == null || forceLookup) {
             try {
-                dispatcher.checkRequest(request);
                 mapping = 
dispatcher.getContainer().getInstance(ActionMapper.class).getMapping(request, 
dispatcher.getConfigurationManager());
                 if (mapping != null) {
                     request.setAttribute(STRUTS_ACTION_MAPPING_KEY, mapping);

Modified: struts/struts2/trunk/core/src/main/resources/struts-default.xml
URL: 
http://svn.apache.org/viewvc/struts/struts2/trunk/core/src/main/resources/struts-default.xml?rev=1546514&r1=1546513&r2=1546514&view=diff
==============================================================================
--- struts/struts2/trunk/core/src/main/resources/struts-default.xml (original)
+++ struts/struts2/trunk/core/src/main/resources/struts-default.xml Fri Nov 29 
07:12:14 2013
@@ -137,10 +137,6 @@
     <bean type="ognl.PropertyAccessor" name="java.util.HashSet" 
class="com.opensymphony.xwork2.ognl.accessor.XWorkCollectionPropertyAccessor" />
     <bean type="ognl.PropertyAccessor" name="java.util.HashMap" 
class="com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor" />
 
-    <bean type="org.apache.struts2.security.SecurityGate" name="struts" 
class="org.apache.struts2.security.DefaultSecurityGate" scope="singleton"/>
-    <bean type="org.apache.struts2.security.SecurityGuard" 
name="parameterNameGuard" 
class="org.apache.struts2.security.ParameterNameSecurityGuard" 
scope="singleton"/>
-    <bean type="org.apache.struts2.security.SecurityGuard" 
name="parameterValueGuard" 
class="org.apache.struts2.security.ParameterValueSecurityGuard" 
scope="singleton"/>
-
     <package name="struts-default" abstract="true">
         <result-types>
             <result-type name="chain" 
class="com.opensymphony.xwork2.ActionChainResult"/>

svn commit: r1546514 - in /struts/struts2/trunk/core/src: main/java/org/apache/struts2/ main/java/org/apache/struts2/dispatcher/ main/java/org/apache/struts2/dispatcher/ng/ main/java/org/apache/struts2/security/ main/resources/ test/java/org/apache/str...

Reply via email to