[36/50] git commit: Moves security related classes to security package

Tue, 17 Jun 2014 23:50:32 -0700 

Moves security related classes to security package


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/7faf91ab
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/7faf91ab
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/7faf91ab

Branch: refs/heads/develop
Commit: 7faf91abe1987aa812655860b4e7ef1ad2f93644
Parents: 83b76b0
Author: Lukasz Lenart <lukaszlen...@apache.org>
Authored: Mon May 19 09:59:23 2014 +0200
Committer: Lukasz Lenart <lukaszlen...@apache.org>
Committed: Mon May 19 09:59:23 2014 +0200

----------------------------------------------------------------------
 core/src/main/resources/struts-default.xml      |  2 +-
 .../struts2/TestConfigurationProvider.java      |  2 +-
 .../interceptor/CookieInterceptorTest.java      |  2 +-
 .../xwork2/DefaultExcludedPatternsChecker.java  | 82 -------------------
 .../providers/XWorkConfigurationProvider.java   |  2 +-
 .../DefaultExcludedPatternsChecker.java         | 83 ++++++++++++++++++++
 .../security/ExcludedPatternsChecker.java       | 82 +++++++++++++++++++
 7 files changed, 169 insertions(+), 86 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/core/src/main/resources/struts-default.xml
----------------------------------------------------------------------
diff --git a/core/src/main/resources/struts-default.xml 
b/core/src/main/resources/struts-default.xml
index 2d74b4f..ecfa5cf 100644
--- a/core/src/main/resources/struts-default.xml
+++ b/core/src/main/resources/struts-default.xml
@@ -144,7 +144,7 @@
     <bean type="ognl.PropertyAccessor" name="java.util.HashSet" 
class="com.opensymphony.xwork2.ognl.accessor.XWorkCollectionPropertyAccessor" />
     <bean type="ognl.PropertyAccessor" name="java.util.HashMap" 
class="com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor" />
 
-    <bean type="com.opensymphony.xwork2.ExcludedPatternsChecker" name="struts" 
class="com.opensymphony.xwork2.DefaultExcludedPatternsChecker" />
+    <bean type="com.opensymphony.xwork2.ExcludedPatternsChecker" name="struts" 
class="com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker" />
 
     <package name="struts-default" abstract="true">
         <result-types>

http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
----------------------------------------------------------------------
diff --git 
a/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java 
b/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
index 9323f02..d9da6c4 100644
--- a/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
+++ b/core/src/test/java/org/apache/struts2/TestConfigurationProvider.java
@@ -24,7 +24,7 @@ package org.apache.struts2;
 import com.opensymphony.xwork2.Action;
 import com.opensymphony.xwork2.ActionProxyFactory;
 import com.opensymphony.xwork2.DefaultActionProxyFactory;
-import com.opensymphony.xwork2.DefaultExcludedPatternsChecker;
+import com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker;
 import com.opensymphony.xwork2.ExcludedPatternsChecker;
 import com.opensymphony.xwork2.ObjectFactory;
 import com.opensymphony.xwork2.config.Configuration;

http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
----------------------------------------------------------------------
diff --git 
a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java 
b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
index 1f642f5..a531a69 100644
--- 
a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
+++ 
b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java
@@ -27,7 +27,7 @@ import java.util.Map;
 
 import javax.servlet.http.Cookie;
 
-import com.opensymphony.xwork2.DefaultExcludedPatternsChecker;
+import com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker;
 import com.opensymphony.xwork2.mock.MockActionInvocation;
 import org.easymock.MockControl;
 import org.springframework.mock.web.MockHttpServletRequest;

http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
----------------------------------------------------------------------
diff --git 
a/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
 
b/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
deleted file mode 100644
index eabd621..0000000
--- 
a/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java
+++ /dev/null
@@ -1,82 +0,0 @@
-package com.opensymphony.xwork2;
-
-import com.opensymphony.xwork2.inject.Inject;
-import com.opensymphony.xwork2.util.TextParseUtil;
-import com.opensymphony.xwork2.util.logging.Logger;
-import com.opensymphony.xwork2.util.logging.LoggerFactory;
-
-import java.util.Arrays;
-import java.util.HashSet;
-import java.util.Set;
-import java.util.regex.Pattern;
-
-public class DefaultExcludedPatternsChecker implements ExcludedPatternsChecker 
{
-
-    private static final Logger LOG = 
LoggerFactory.getLogger(DefaultExcludedPatternsChecker.class);
-
-    public static final String[] EXCLUDED_PATTERNS = {
-            "(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*",
-            "^dojo\\..*",
-            "^struts\\..*",
-            "^session\\..*",
-            "^request\\..*",
-            "^application\\..*",
-            "^servlet(Request|Response)\\..*",
-            "^parameters\\..*"
-    };
-
-    private Set<Pattern> excludedPatterns;
-
-    public DefaultExcludedPatternsChecker() {
-        excludedPatterns = new HashSet<Pattern>();
-        for (String pattern : EXCLUDED_PATTERNS) {
-            excludedPatterns.add(Pattern.compile(pattern));
-        }
-    }
-
-    @Inject(value = XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, required = 
false)
-    public void setOverrideExcludePatterns(String excludePatterns) {
-        if (LOG.isWarnEnabled()) {
-            LOG.warn("Overriding [#0] with [#1], be aware that this can affect 
safety of your application!",
-                    XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, 
excludePatterns);
-        }
-        excludedPatterns = new HashSet<Pattern>();
-        for (String pattern : 
TextParseUtil.commaDelimitedStringToSet(excludePatterns)) {
-            excludedPatterns.add(Pattern.compile(pattern));
-        }
-    }
-
-    public void addExcludedPatterns(String commaDelimitedPatterns) {
-        
addExcludedPatterns(TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns));
-    }
-
-    public void addExcludedPatterns(String[] additionalPatterns) {
-        addExcludedPatterns(new 
HashSet<String>(Arrays.asList(additionalPatterns)));
-    }
-
-    public void addExcludedPatterns(Set<String> additionalPatterns) {
-        if (LOG.isTraceEnabled()) {
-            LOG.trace("Adding additional excluded patterns [#0]", 
additionalPatterns);
-        }
-        for (String pattern : additionalPatterns) {
-            excludedPatterns.add(Pattern.compile(pattern));
-        }
-    }
-
-    public IsExcluded isExcluded(String value) {
-        for (Pattern excludedPattern : excludedPatterns) {
-            if (excludedPattern.matcher(value).matches()) {
-                if (LOG.isTraceEnabled()) {
-                    LOG.trace("[#0] matches excluded pattern [#1]", value, 
excludedPattern);
-                }
-                return IsExcluded.yes(excludedPattern);
-            }
-        }
-        return IsExcluded.no();
-    }
-
-    public Set<Pattern> getExcludedPatterns() {
-        return excludedPatterns;
-    }
-
-}

http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
----------------------------------------------------------------------
diff --git 
a/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
 
b/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
index c341d98..1a72206 100644
--- 
a/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
+++ 
b/xwork-core/src/main/java/com/opensymphony/xwork2/config/providers/XWorkConfigurationProvider.java
@@ -2,7 +2,7 @@ package com.opensymphony.xwork2.config.providers;
 
 import com.opensymphony.xwork2.ActionProxyFactory;
 import com.opensymphony.xwork2.DefaultActionProxyFactory;
-import com.opensymphony.xwork2.DefaultExcludedPatternsChecker;
+import com.opensymphony.xwork2.security.DefaultExcludedPatternsChecker;
 import com.opensymphony.xwork2.DefaultLocaleProvider;
 import com.opensymphony.xwork2.DefaultTextProvider;
 import com.opensymphony.xwork2.DefaultUnknownHandlerManager;

http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
----------------------------------------------------------------------
diff --git 
a/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
 
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
new file mode 100644
index 0000000..f2abed6
--- /dev/null
+++ 
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/DefaultExcludedPatternsChecker.java
@@ -0,0 +1,83 @@
+package com.opensymphony.xwork2.security;
+
+import com.opensymphony.xwork2.*;
+import com.opensymphony.xwork2.inject.Inject;
+import com.opensymphony.xwork2.util.TextParseUtil;
+import com.opensymphony.xwork2.util.logging.Logger;
+import com.opensymphony.xwork2.util.logging.LoggerFactory;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.regex.Pattern;
+
+public class DefaultExcludedPatternsChecker implements 
com.opensymphony.xwork2.ExcludedPatternsChecker {
+
+    private static final Logger LOG = 
LoggerFactory.getLogger(DefaultExcludedPatternsChecker.class);
+
+    public static final String[] EXCLUDED_PATTERNS = {
+            "(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*",
+            "^dojo\\..*",
+            "^struts\\..*",
+            "^session\\..*",
+            "^request\\..*",
+            "^application\\..*",
+            "^servlet(Request|Response)\\..*",
+            "^parameters\\..*"
+    };
+
+    private Set<Pattern> excludedPatterns;
+
+    public DefaultExcludedPatternsChecker() {
+        excludedPatterns = new HashSet<Pattern>();
+        for (String pattern : EXCLUDED_PATTERNS) {
+            excludedPatterns.add(Pattern.compile(pattern));
+        }
+    }
+
+    @Inject(value = XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, required = 
false)
+    public void setOverrideExcludePatterns(String excludePatterns) {
+        if (LOG.isWarnEnabled()) {
+            LOG.warn("Overriding [#0] with [#1], be aware that this can affect 
safety of your application!",
+                    XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, 
excludePatterns);
+        }
+        excludedPatterns = new HashSet<Pattern>();
+        for (String pattern : 
TextParseUtil.commaDelimitedStringToSet(excludePatterns)) {
+            excludedPatterns.add(Pattern.compile(pattern));
+        }
+    }
+
+    public void addExcludedPatterns(String commaDelimitedPatterns) {
+        
addExcludedPatterns(TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns));
+    }
+
+    public void addExcludedPatterns(String[] additionalPatterns) {
+        addExcludedPatterns(new 
HashSet<String>(Arrays.asList(additionalPatterns)));
+    }
+
+    public void addExcludedPatterns(Set<String> additionalPatterns) {
+        if (LOG.isTraceEnabled()) {
+            LOG.trace("Adding additional excluded patterns [#0]", 
additionalPatterns);
+        }
+        for (String pattern : additionalPatterns) {
+            excludedPatterns.add(Pattern.compile(pattern));
+        }
+    }
+
+    public IsExcluded isExcluded(String value) {
+        for (Pattern excludedPattern : excludedPatterns) {
+            if (excludedPattern.matcher(value).matches()) {
+                if (LOG.isTraceEnabled()) {
+                    LOG.trace("[#0] matches excluded pattern [#1]", value, 
excludedPattern);
+                }
+                return IsExcluded.yes(excludedPattern);
+            }
+        }
+        return IsExcluded.no();
+    }
+
+    public Set<Pattern> getExcludedPatterns() {
+        return excludedPatterns;
+    }
+
+}

http://git-wip-us.apache.org/repos/asf/struts/blob/7faf91ab/xwork-core/src/main/java/com/opensymphony/xwork2/security/ExcludedPatternsChecker.java
----------------------------------------------------------------------
diff --git 
a/xwork-core/src/main/java/com/opensymphony/xwork2/security/ExcludedPatternsChecker.java
 
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/ExcludedPatternsChecker.java
new file mode 100644
index 0000000..51751e9
--- /dev/null
+++ 
b/xwork-core/src/main/java/com/opensymphony/xwork2/security/ExcludedPatternsChecker.java
@@ -0,0 +1,82 @@
+package com.opensymphony.xwork2.security;
+
+import java.util.Set;
+import java.util.regex.Pattern;
+
+/**
+ * Used across different interceptors to check if given string matches one of 
the excluded patterns.
+ */
+public interface ExcludedPatternsChecker {
+
+    /**
+     * Checks if value matches any of patterns on exclude list
+     *
+     * @param value to check
+     * @return object containing result of matched pattern and pattern itself
+     */
+    public IsExcluded isExcluded(String value);
+
+    /**
+     * Allows add additional excluded patterns during runtime
+     *
+     * @param commaDelimitedPatterns comma delimited string with patterns
+     */
+    public void addExcludedPatterns(String commaDelimitedPatterns);
+
+    /**
+     * Allows add additional excluded patterns during runtime
+     *
+     * @param additionalPatterns array of additional excluded patterns
+     */
+    public void addExcludedPatterns(String[] additionalPatterns);
+
+    /**
+     * Allows add additional excluded patterns during runtime
+     *
+     * @param additionalPatterns set of additional patterns
+     */
+    public void addExcludedPatterns(Set<String> additionalPatterns);
+
+    /**
+     * Allow access list of all defined excluded patterns
+     *
+     * @return set of excluded patterns
+     */
+    public Set<Pattern> getExcludedPatterns();
+
+    public final static class IsExcluded {
+
+        private final boolean excluded;
+        private final Pattern excludedPattern;
+
+        public static IsExcluded yes(Pattern excludedPattern) {
+            return new IsExcluded(true, excludedPattern);
+        }
+
+        public static IsExcluded no() {
+            return new IsExcluded(false, null);
+        }
+
+        private IsExcluded(boolean excluded, Pattern excludedPattern) {
+            this.excluded = excluded;
+            this.excludedPattern = excludedPattern;
+        }
+
+        public boolean isExcluded() {
+            return excluded;
+        }
+
+        public Pattern getExcludedPattern() {
+            return excludedPattern;
+        }
+
+        @Override
+        public String toString() {
+            return "IsExcluded { " +
+                    "excluded=" + excluded +
+                    ", excludedPattern=" + excludedPattern +
+                    " }";
+        }
+    }
+
+}

Reply via email to