[12/50] git commit: Adds special treatment of Object class and unit test

Fri, 27 Jun 2014 04:24:13 -0700 

Adds special treatment of Object class and unit test


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/b3ca9ea5
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/b3ca9ea5
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/b3ca9ea5

Branch: refs/heads/feature/WW-4295-localization
Commit: b3ca9ea5e31fc9b6c0a5e644e833874bb7cc62fa
Parents: cb59074
Author: Lukasz Lenart <lukaszlen...@apache.org>
Authored: Sun May 4 11:18:00 2014 +0200
Committer: Lukasz Lenart <lukaszlen...@apache.org>
Committed: Sun May 4 11:18:00 2014 +0200

----------------------------------------------------------------------
 .../xwork2/ognl/SecurityMemberAccess.java       |  11 +-
 .../xwork2/ognl/SecurityMemberAccessTest.java   | 139 +++++++++++++++++++
 2 files changed, 146 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/b3ca9ea5/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
----------------------------------------------------------------------
diff --git 
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
 
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index 9d84702..7fe77c3 100644
--- 
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++ 
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -21,6 +21,7 @@ import java.lang.reflect.Member;
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 import java.util.regex.Matcher;
@@ -47,8 +48,7 @@ public class SecurityMemberAccess extends DefaultMemberAccess 
{
     }
 
     @Override
-    public boolean isAccessible(Map context, Object target, Member member,
-                                String propertyName) {
+    public boolean isAccessible(Map context, Object target, Member member, 
String propertyName) {
 
         if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
             return false;
@@ -79,8 +79,11 @@ public class SecurityMemberAccess extends 
DefaultMemberAccess {
     }
 
     protected boolean isClassExcluded(Class<?> targetClass, Class<?> 
declaringClass) {
-        for (Class excludedClass : excludedClasses) {
-            if (targetClass.isAssignableFrom(excludedClass) || 
declaringClass.isAssignableFrom(excludedClass)) {
+        if (targetClass == Object.class || declaringClass == Object.class) {
+            return true;
+        }
+        for (Class<?> excludedClass : excludedClasses) {
+            if (excludedClass.isAssignableFrom(targetClass) || 
declaringClass.isAssignableFrom(excludedClass)) {
                 return true;
             }
         }

http://git-wip-us.apache.org/repos/asf/struts/blob/b3ca9ea5/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
----------------------------------------------------------------------
diff --git 
a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
 
b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
new file mode 100644
index 0000000..4ccc831
--- /dev/null
+++ 
b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
@@ -0,0 +1,139 @@
+package com.opensymphony.xwork2.ognl;
+
+import junit.framework.TestCase;
+
+import java.lang.reflect.Member;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Map;
+import java.util.Set;
+
+public class SecurityMemberAccessTest extends TestCase {
+
+    private Map context;
+    private FooBar target;
+
+    @Override
+    public void setUp() throws Exception {
+        context = new HashMap();
+        target = new FooBar();
+    }
+
+    public void testWithoutClassExclusion() throws Exception {
+        // given
+        SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+        String propertyName = "stringField";
+        Member member = FooBar.class.getMethod("get" + 
propertyName.substring(0, 1).toUpperCase() + propertyName.substring(1));
+
+        // when
+        boolean accessible = sma.isAccessible(context, target, member, 
propertyName);
+
+        // then
+        assertTrue(accessible);
+    }
+
+    public void testClassExclusion() throws Exception {
+        // given
+        SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+        String propertyName = "stringField";
+        Member member = FooBar.class.getDeclaredMethod("get" + 
propertyName.substring(0, 1).toUpperCase() + propertyName.substring(1));
+
+        Set<Class<?>> excluded = new HashSet<Class<?>>();
+        excluded.add(FooBar.class);
+        sma.setExcludedClasses(excluded);
+
+        // when
+        boolean accessible = sma.isAccessible(context, target, member, 
propertyName);
+
+        // then
+        assertFalse(accessible);
+    }
+
+    public void testObjectClassExclusion() throws Exception {
+        // given
+        SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+        String propertyName = "toString";
+        Member member = FooBar.class.getMethod(propertyName);
+
+        // when
+        boolean accessible = sma.isAccessible(context, target, member, 
propertyName);
+
+        // then
+        assertFalse("toString() from Object is accessible!!!", accessible);
+    }
+
+    public void testObjectOverwrittenMethodsExclusion() throws Exception {
+        // given
+        SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+        String propertyName = "hashCode";
+        Member member = FooBar.class.getMethod(propertyName);
+
+        // when
+        boolean accessible = sma.isAccessible(context, target, member, 
propertyName);
+
+        // then
+        assertTrue("hashCode() from FooBar isn't accessible!!!", accessible);
+    }
+
+    public void testInterfaceInheritanceExclusion() throws Exception {
+        // given
+        SecurityMemberAccess sma = new SecurityMemberAccess(false);
+
+        String propertyName = "barLogic";
+        Member member = FooBar.class.getMethod("barLogic");
+
+        Set<Class<?>> excluded = new HashSet<Class<?>>();
+        excluded.add(BarInterface.class);
+        sma.setExcludedClasses(excluded);
+
+        // when
+        boolean accessible = sma.isAccessible(context, target, member, 
propertyName);
+
+        // then
+        assertFalse("barLogic() from BarInterface is accessible!!!", 
accessible);
+    }
+
+}
+
+class FooBar implements FooInterface {
+
+    private String stringField;
+
+    public String getStringField() {
+        return stringField;
+    }
+
+    public void setStringField(String stringField) {
+        this.stringField = stringField;
+    }
+
+    public String fooLogic() {
+        return "fooLogic";
+    }
+
+    public String barLogic() {
+        return "barLogic";
+    }
+
+    @Override
+    public int hashCode() {
+        return 1;
+    }
+
+}
+
+interface FooInterface extends BarInterface {
+
+    String fooLogic();
+
+}
+
+interface BarInterface {
+
+    String barLogic();
+
+}

Reply via email to