Adds more use cases
Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/ba0ac0df Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/ba0ac0df Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/ba0ac0df Branch: refs/heads/develop Commit: ba0ac0dfd47c768661fcd5fa12bb00af851eb548 Parents: b3ca9ea Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Sun May 4 11:58:08 2014 +0200 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Sun May 4 11:58:08 2014 +0200 ---------------------------------------------------------------------- .../xwork2/ognl/SecurityMemberAccess.java | 4 +- .../xwork2/ognl/SecurityMemberAccessTest.java | 84 +++++++++++++++++++- 2 files changed, 83 insertions(+), 5 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/ba0ac0df/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java index 7fe77c3..a35f68b 100644 --- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java @@ -49,10 +49,10 @@ public class SecurityMemberAccess extends DefaultMemberAccess { @Override public boolean isAccessible(Map context, Object target, Member member, String propertyName) { - if (isClassExcluded(target.getClass(), member.getDeclaringClass())) { return false; } + boolean allow = true; int modifiers = member.getModifiers(); if (Modifier.isStatic(modifiers)) { @@ -83,7 +83,7 @@ public class SecurityMemberAccess extends DefaultMemberAccess { return true; } for (Class<?> excludedClass : excludedClasses) { - if (excludedClass.isAssignableFrom(targetClass) || declaringClass.isAssignableFrom(excludedClass)) { + if (targetClass.isAssignableFrom(excludedClass) || declaringClass.isAssignableFrom(excludedClass)) { return true; } } http://git-wip-us.apache.org/repos/asf/struts/blob/ba0ac0df/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java index 4ccc831..1c14cb2 100644 --- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java +++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java @@ -84,7 +84,7 @@ public class SecurityMemberAccessTest extends TestCase { SecurityMemberAccess sma = new SecurityMemberAccess(false); String propertyName = "barLogic"; - Member member = FooBar.class.getMethod("barLogic"); + Member member = BarInterface.class.getMethod(propertyName); Set<Class<?>> excluded = new HashSet<Class<?>>(); excluded.add(BarInterface.class); @@ -97,9 +97,83 @@ public class SecurityMemberAccessTest extends TestCase { assertFalse("barLogic() from BarInterface is accessible!!!", accessible); } + public void testMiddleOfInheritanceExclusion1() throws Exception { + // given + SecurityMemberAccess sma = new SecurityMemberAccess(false); + + String propertyName = "fooLogic"; + Member member = FooBar.class.getMethod(propertyName); + + Set<Class<?>> excluded = new HashSet<Class<?>>(); + excluded.add(BarInterface.class); + sma.setExcludedClasses(excluded); + + // when + boolean accessible = sma.isAccessible(context, target, member, propertyName); + + // then + assertTrue("fooLogic() from FooInterface isn't accessible!!!", accessible); + } + + public void testMiddleOfInheritanceExclusion2() throws Exception { + // given + SecurityMemberAccess sma = new SecurityMemberAccess(false); + + String propertyName = "barLogic"; + Member member = BarInterface.class.getMethod(propertyName); + + Set<Class<?>> excluded = new HashSet<Class<?>>(); + excluded.add(BarInterface.class); + sma.setExcludedClasses(excluded); + + // when + boolean accessible = sma.isAccessible(context, target, member, propertyName); + + // then + assertFalse("barLogic() from BarInterface is accessible!!!", accessible); + } + + public void testMiddleOfInheritanceExclusion3() throws Exception { + // given + SecurityMemberAccess sma = new SecurityMemberAccess(false); + + String propertyName = "barLogic"; + Member member = BarInterface.class.getMethod(propertyName); + +/* + Set<Class<?>> excluded = new HashSet<Class<?>>(); + excluded.add(BarInterface.class); + sma.setExcludedClasses(excluded); +*/ + + // when + boolean accessible = sma.isAccessible(context, target, member, propertyName); + + // then + assertTrue("barLogic() from BarInterface isn't accessible!!!", accessible); + } + + public void testMiddleOfInheritanceExclusion4() throws Exception { + // given + SecurityMemberAccess sma = new SecurityMemberAccess(false); + + String propertyName = "barLogic"; + Member member = BarInterface.class.getMethod(propertyName); + + Set<Class<?>> excluded = new HashSet<Class<?>>(); + excluded.add(FooBarInterface.class); + sma.setExcludedClasses(excluded); + + // when + boolean accessible = sma.isAccessible(context, target, member, propertyName); + + // then + assertFalse("barLogic() from BarInterface is accessible!!!", accessible); + } + } -class FooBar implements FooInterface { +class FooBar implements FooBarInterface { private String stringField; @@ -126,7 +200,7 @@ class FooBar implements FooInterface { } -interface FooInterface extends BarInterface { +interface FooInterface { String fooLogic(); @@ -137,3 +211,7 @@ interface BarInterface { String barLogic(); } + +interface FooBarInterface extends FooInterface, BarInterface { + +} \ No newline at end of file
