[09/50] git commit: Extends SecurityMemberAccess to included excluded classes

Tue, 17 Jun 2014 23:49:34 -0700 

Extends SecurityMemberAccess to included excluded classes


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/c778297e
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/c778297e
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/c778297e

Branch: refs/heads/develop
Commit: c778297e80e19c7e16389e5c5bb3487512695c0a
Parents: ee3c8d5
Author: Lukasz Lenart <lukaszlen...@apache.org>
Authored: Sat May 3 20:12:14 2014 +0200
Committer: Lukasz Lenart <lukaszlen...@apache.org>
Committed: Sat May 3 20:12:14 2014 +0200

----------------------------------------------------------------------
 .../xwork2/ognl/SecurityMemberAccess.java          | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/c778297e/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
----------------------------------------------------------------------
diff --git 
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
 
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index 7bbcbda..9d84702 100644
--- 
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++ 
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -35,6 +35,7 @@ public class SecurityMemberAccess extends DefaultMemberAccess 
{
     private final boolean allowStaticMethodAccess;
     private Set<Pattern> excludeProperties = Collections.emptySet();
     private Set<Pattern> acceptProperties = Collections.emptySet();
+    private Set<Class<?>> excludedClasses = Collections.emptySet();
 
     public SecurityMemberAccess(boolean method) {
         super(false);
@@ -49,6 +50,9 @@ public class SecurityMemberAccess extends DefaultMemberAccess 
{
     public boolean isAccessible(Map context, Object target, Member member,
                                 String propertyName) {
 
+        if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
+            return false;
+        }
         boolean allow = true;
         int modifiers = member.getModifiers();
         if (Modifier.isStatic(modifiers)) {
@@ -74,6 +78,15 @@ public class SecurityMemberAccess extends 
DefaultMemberAccess {
         return isAcceptableProperty(propertyName);
     }
 
+    protected boolean isClassExcluded(Class<?> targetClass, Class<?> 
declaringClass) {
+        for (Class excludedClass : excludedClasses) {
+            if (targetClass.isAssignableFrom(excludedClass) || 
declaringClass.isAssignableFrom(excludedClass)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
     protected boolean isAcceptableProperty(String name) {
         return name == null || ((!isExcluded(name)) && isAccepted(name));
     }
@@ -115,4 +128,8 @@ public class SecurityMemberAccess extends 
DefaultMemberAccess {
         this.acceptProperties = acceptedProperties;
     }
 
+    public void setExcludedClasses(Set<Class<?>> excludedClasses) {
+        this.excludedClasses = excludedClasses;
+    }
+
 }

Reply via email to