Extracts interface to simplify implementation by users
Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/bfbc4c04 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/bfbc4c04 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/bfbc4c04 Branch: refs/heads/develop Commit: bfbc4c04e007393986f374a02dfb7ded23bc9a05 Parents: ba1850a Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Tue May 13 20:29:21 2014 +0200 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Tue May 13 20:29:21 2014 +0200 ---------------------------------------------------------------------- core/src/main/resources/struts-default.xml | 2 +- .../interceptor/CookieInterceptorTest.java | 20 ++--- .../xwork2/DefaultExcludedPatternsChecker.java | 93 ++++++++++++++++++++ .../xwork2/ExcludedPatternsChecker.java | 92 +------------------ 4 files changed, 106 insertions(+), 101 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/bfbc4c04/core/src/main/resources/struts-default.xml ---------------------------------------------------------------------- diff --git a/core/src/main/resources/struts-default.xml b/core/src/main/resources/struts-default.xml index 554a8ba..f2fb922 100644 --- a/core/src/main/resources/struts-default.xml +++ b/core/src/main/resources/struts-default.xml @@ -144,7 +144,7 @@ <bean type="ognl.PropertyAccessor" name="java.util.HashSet" class="com.opensymphony.xwork2.ognl.accessor.XWorkCollectionPropertyAccessor" /> <bean type="ognl.PropertyAccessor" name="java.util.HashMap" class="com.opensymphony.xwork2.ognl.accessor.XWorkMapPropertyAccessor" /> - <bean type="com.opensymphony.xwork2.ExcludedPatternsChecker" name="struts" class="com.opensymphony.xwork2.ExcludedPatternsChecker" scope="request"/> + <bean type="com.opensymphony.xwork2.ExcludedPatternsChecker" name="struts" class="com.opensymphony.xwork2.DefaultExcludedPatternsChecker" scope="request"/> <constant name="struts.excludedPatterns.checker" value="struts"/> http://git-wip-us.apache.org/repos/asf/struts/blob/bfbc4c04/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java ---------------------------------------------------------------------- diff --git a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java index 2bbaef9..1f642f5 100644 --- a/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java +++ b/core/src/test/java/org/apache/struts2/interceptor/CookieInterceptorTest.java @@ -27,7 +27,7 @@ import java.util.Map; import javax.servlet.http.Cookie; -import com.opensymphony.xwork2.ExcludedPatternsChecker; +import com.opensymphony.xwork2.DefaultExcludedPatternsChecker; import com.opensymphony.xwork2.mock.MockActionInvocation; import org.easymock.MockControl; import org.springframework.mock.web.MockHttpServletRequest; @@ -66,7 +66,7 @@ public class CookieInterceptorTest extends StrutsInternalTestCase { // by default the interceptor doesn't accept any cookies CookieInterceptor interceptor = new CookieInterceptor(); - interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker()); + interceptor.setExcludedPatternsChecker(new DefaultExcludedPatternsChecker()); interceptor.intercept(invocation); @@ -102,7 +102,7 @@ public class CookieInterceptorTest extends StrutsInternalTestCase { actionInvocationControl.replay(); CookieInterceptor interceptor = new CookieInterceptor(); - interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker()); + interceptor.setExcludedPatternsChecker(new DefaultExcludedPatternsChecker()); interceptor.setCookiesName("*"); interceptor.setCookiesValue("*"); interceptor.intercept(invocation); @@ -144,7 +144,7 @@ public class CookieInterceptorTest extends StrutsInternalTestCase { actionInvocationControl.replay(); CookieInterceptor interceptor = new CookieInterceptor(); - interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker()); + interceptor.setExcludedPatternsChecker(new DefaultExcludedPatternsChecker()); interceptor.setCookiesName("cookie1, cookie2, cookie3"); interceptor.setCookiesValue("cookie1value, cookie2value, cookie3value"); interceptor.intercept(invocation); @@ -185,7 +185,7 @@ public class CookieInterceptorTest extends StrutsInternalTestCase { actionInvocationControl.replay(); CookieInterceptor interceptor = new CookieInterceptor(); - interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker()); + interceptor.setExcludedPatternsChecker(new DefaultExcludedPatternsChecker()); interceptor.setCookiesName("cookie1, cookie3"); interceptor.setCookiesValue("cookie1value, cookie2value, cookie3value"); interceptor.intercept(invocation); @@ -226,7 +226,7 @@ public class CookieInterceptorTest extends StrutsInternalTestCase { actionInvocationControl.replay(); CookieInterceptor interceptor = new CookieInterceptor(); - interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker()); + interceptor.setExcludedPatternsChecker(new DefaultExcludedPatternsChecker()); interceptor.setCookiesName("cookie1, cookie3"); interceptor.setCookiesValue("*"); interceptor.intercept(invocation); @@ -267,7 +267,7 @@ public class CookieInterceptorTest extends StrutsInternalTestCase { actionInvocationControl.replay(); CookieInterceptor interceptor = new CookieInterceptor(); - interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker()); + interceptor.setExcludedPatternsChecker(new DefaultExcludedPatternsChecker()); interceptor.setCookiesName("cookie1, cookie3"); interceptor.setCookiesValue(""); interceptor.intercept(invocation); @@ -309,7 +309,7 @@ public class CookieInterceptorTest extends StrutsInternalTestCase { actionInvocationControl.replay(); CookieInterceptor interceptor = new CookieInterceptor(); - interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker()); + interceptor.setExcludedPatternsChecker(new DefaultExcludedPatternsChecker()); interceptor.setCookiesName("cookie1, cookie3"); interceptor.setCookiesValue("cookie1value"); interceptor.intercept(invocation); @@ -370,7 +370,7 @@ public class CookieInterceptorTest extends StrutsInternalTestCase { return accepted; } }; - interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker()); + interceptor.setExcludedPatternsChecker(new DefaultExcludedPatternsChecker()); interceptor.setCookiesName("*"); MockActionInvocation invocation = new MockActionInvocation(); @@ -430,7 +430,7 @@ public class CookieInterceptorTest extends StrutsInternalTestCase { return accepted; } }; - interceptor.setExcludedPatternsChecker(new ExcludedPatternsChecker()); + interceptor.setExcludedPatternsChecker(new DefaultExcludedPatternsChecker()); interceptor.setCookiesName("*"); MockActionInvocation invocation = new MockActionInvocation(); http://git-wip-us.apache.org/repos/asf/struts/blob/bfbc4c04/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java b/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java new file mode 100644 index 0000000..3860e57 --- /dev/null +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/DefaultExcludedPatternsChecker.java @@ -0,0 +1,93 @@ +package com.opensymphony.xwork2; + +import com.opensymphony.xwork2.inject.Inject; +import com.opensymphony.xwork2.util.TextParseUtil; +import com.opensymphony.xwork2.util.logging.Logger; +import com.opensymphony.xwork2.util.logging.LoggerFactory; + +import java.util.Arrays; +import java.util.HashSet; +import java.util.Set; +import java.util.regex.Pattern; + +public class DefaultExcludedPatternsChecker implements ExcludedPatternsChecker { + + private static final Logger LOG = LoggerFactory.getLogger(DefaultExcludedPatternsChecker.class); + + public static final String[] EXCLUDED_PATTERNS = { + "(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*", + "^dojo\\..*", + "^struts\\..*", + "^session\\..*", + "^request\\..*", + "^application\\..*", + "^servlet(Request|Response)\\..*", + "^parameters\\..*" + }; + + private Set<Pattern> excludedPatterns; + + public DefaultExcludedPatternsChecker() { + excludedPatterns = new HashSet<Pattern>(); + for (String pattern : EXCLUDED_PATTERNS) { + excludedPatterns.add(Pattern.compile(pattern)); + } + } + + @Inject(value = XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, required = false) + public void setOverrideExcludePatterns(String excludePatterns) { + if (LOG.isWarnEnabled()) { + LOG.warn("Overriding [#0] with [#1], be aware that this can affect safety of your application!", + XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, excludePatterns); + } + excludedPatterns = new HashSet<Pattern>(); + for (String pattern : TextParseUtil.commaDelimitedStringToSet(excludePatterns)) { + excludedPatterns.add(Pattern.compile(pattern)); + } + } + + /** + * Allows add additional excluded patterns during runtime + * + * @param commaDelimitedPatterns comma delimited string with patterns + */ + public void addExcludedPatterns(String commaDelimitedPatterns) { + addExcludedPatterns(TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns)); + } + + /** + * Allows add additional excluded patterns during runtime + * + * @param additionalPatterns array of additional excluded patterns + */ + public void addExcludedPatterns(String[] additionalPatterns) { + addExcludedPatterns(new HashSet<String>(Arrays.asList(additionalPatterns))); + } + + /** + * Allows add additional excluded patterns during runtime + * + * @param additionalPatterns set of additional patterns + */ + public void addExcludedPatterns(Set<String> additionalPatterns) { + if (LOG.isTraceEnabled()) { + LOG.trace("Adding additional excluded patterns [#0]", additionalPatterns); + } + for (String pattern : additionalPatterns) { + excludedPatterns.add(Pattern.compile(pattern)); + } + } + + public IsExcluded isExcluded(String value) { + for (Pattern excludedPattern : excludedPatterns) { + if (excludedPattern.matcher(value).matches()) { + if (LOG.isTraceEnabled()) { + LOG.trace("[#0] matches excluded pattern [#1]", value, excludedPattern); + } + return IsExcluded.yes(excludedPattern); + } + } + return IsExcluded.no(); + } + +} http://git-wip-us.apache.org/repos/asf/struts/blob/bfbc4c04/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java index ee3eea6..c4730ea 100644 --- a/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ExcludedPatternsChecker.java @@ -1,101 +1,13 @@ package com.opensymphony.xwork2; -import com.opensymphony.xwork2.inject.Inject; -import com.opensymphony.xwork2.util.TextParseUtil; -import com.opensymphony.xwork2.util.logging.Logger; -import com.opensymphony.xwork2.util.logging.LoggerFactory; - -import java.util.Arrays; -import java.util.HashSet; -import java.util.Set; import java.util.regex.Pattern; /** * Used across different interceptors to check if given string matches one of the excluded patterns. - * User has two options to change its behaviour: - * - define new set of patterns with <constant name="struts.override.excludedPatterns" value=".."/> - * - override this class and use then extension point <constant name="struts.excludedPatterns.checker" value="myChecker"/> - * to inject it in appropriated places */ -public class ExcludedPatternsChecker { - - private static final Logger LOG = LoggerFactory.getLogger(ExcludedPatternsChecker.class); - - public static final String[] EXCLUDED_PATTERNS = { - "(.*\\.|^|.*|\\[('|\"))class(\\.|('|\")]|\\[).*", - "^dojo\\..*", - "^struts\\..*", - "^session\\..*", - "^request\\..*", - "^application\\..*", - "^servlet(Request|Response)\\..*", - "^parameters\\..*" - }; - - private Set<Pattern> excludedPatterns; - - public ExcludedPatternsChecker() { - excludedPatterns = new HashSet<Pattern>(); - for (String pattern : EXCLUDED_PATTERNS) { - excludedPatterns.add(Pattern.compile(pattern)); - } - } - - @Inject(value = XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, required = false) - public void setOverrideExcludePatterns(String excludePatterns) { - if (LOG.isWarnEnabled()) { - LOG.warn("Overriding [#0] with [#1], be aware that this can affect safety of your application!", - XWorkConstants.OVERRIDE_EXCLUDED_PATTERNS, excludePatterns); - } - excludedPatterns = new HashSet<Pattern>(); - for (String pattern : TextParseUtil.commaDelimitedStringToSet(excludePatterns)) { - excludedPatterns.add(Pattern.compile(pattern)); - } - } +public interface ExcludedPatternsChecker { - /** - * Allows add additional excluded patterns during runtime - * - * @param commaDelimitedPatterns comma delimited string with patterns - */ - public void addExcludedPatterns(String commaDelimitedPatterns) { - addExcludedPatterns(TextParseUtil.commaDelimitedStringToSet(commaDelimitedPatterns)); - } - - /** - * Allows add additional excluded patterns during runtime - * - * @param additionalPatterns array of additional excluded patterns - */ - public void addExcludedPatterns(String[] additionalPatterns) { - addExcludedPatterns(new HashSet<String>(Arrays.asList(additionalPatterns))); - } - - /** - * Allows add additional excluded patterns during runtime - * - * @param additionalPatterns set of additional patterns - */ - public void addExcludedPatterns(Set<String> additionalPatterns) { - if (LOG.isTraceEnabled()) { - LOG.trace("Adding additional excluded patterns [#0]", additionalPatterns); - } - for (String pattern : additionalPatterns) { - excludedPatterns.add(Pattern.compile(pattern)); - } - } - - public IsExcluded isExcluded(String value) { - for (Pattern excludedPattern : excludedPatterns) { - if (excludedPattern.matcher(value).matches()) { - if (LOG.isTraceEnabled()) { - LOG.trace("[#0] matches excluded pattern [#1]", value, excludedPattern); - } - return IsExcluded.yes(excludedPattern); - } - } - return IsExcluded.no(); - } + public IsExcluded isExcluded(String value); public final static class IsExcluded {
