WW-4429 Fixes support for accessing static methods
Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/532841d4 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/532841d4 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/532841d4 Branch: refs/heads/master Commit: 532841d40f164a8d8ae6ac0b85b60d3cf6db0011 Parents: a35c3ef Author: Lukasz Lenart <lukaszlen...@apache.org> Authored: Tue Dec 23 21:29:30 2014 +0100 Committer: Lukasz Lenart <lukaszlen...@apache.org> Committed: Tue Dec 23 21:29:30 2014 +0100 ---------------------------------------------------------------------- .../xwork2/ognl/SecurityMemberAccess.java | 14 ++++++-- .../xwork2/ognl/SecurityMemberAccessTest.java | 37 +++++++++++++++++++- 2 files changed, 48 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/532841d4/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java index a172237..6c9d64c 100644 --- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java +++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java @@ -60,14 +60,24 @@ public class SecurityMemberAccess extends DefaultMemberAccess { return true; } - if (isPackageExcluded(target.getClass().getPackage(), member.getDeclaringClass().getPackage())) { + Class targetClass = target.getClass(); + Class memberClass = member.getDeclaringClass(); + + if (Modifier.isStatic(member.getModifiers()) && allowStaticMethodAccess) { + if (LOG.isWarnEnabled()) { + LOG.warn("Support for accessing static methods is deprecated! Please refactor your application!"); + } + targetClass = member.getDeclaringClass(); + } + + if (isPackageExcluded(targetClass.getPackage(), memberClass.getPackage())) { if (LOG.isWarnEnabled()) { LOG.warn("Package of target [#0] or package of member [#1] are excluded!", target, member); } return false; } - if (isClassExcluded(target.getClass(), member.getDeclaringClass())) { + if (isClassExcluded(targetClass, memberClass)) { if (LOG.isWarnEnabled()) { LOG.warn("Target class [#0] or declaring class of member type [#1] are excluded!", target, member); } http://git-wip-us.apache.org/repos/asf/struts/blob/532841d4/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java ---------------------------------------------------------------------- diff --git a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java index 61a91a0..11ff9d0 100644 --- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java +++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java @@ -3,6 +3,7 @@ package com.opensymphony.xwork2.ognl; import junit.framework.TestCase; import java.lang.reflect.Member; +import java.util.Arrays; import java.util.HashMap; import java.util.HashSet; import java.util.Map; @@ -202,6 +203,32 @@ public class SecurityMemberAccessTest extends TestCase { assertTrue("Access to enums is blocked!", actual); } + public void testAccessStatic() throws Exception { + // given + SecurityMemberAccess sma = new SecurityMemberAccess(true); + sma.setExcludedClasses(new HashSet<Class<?>>(Arrays.<Class<?>>asList(Class.class))); + + // when + Member method = StaticTester.class.getMethod("sayHello"); + boolean actual = sma.isAccessible(context, Class.class, method, null); + + // then + assertTrue("Access to static is blocked!", actual); + } + + public void testBlockStaticAccess() throws Exception { + // given + SecurityMemberAccess sma = new SecurityMemberAccess(false); + sma.setExcludedClasses(new HashSet<Class<?>>(Arrays.<Class<?>>asList(Class.class))); + + // when + Member method = StaticTester.class.getMethod("sayHello"); + boolean actual = sma.isAccessible(context, Class.class, method, null); + + // then + assertFalse("Access to static isn't blocked!", actual); + } + } class FooBar implements FooBarInterface { @@ -249,4 +276,12 @@ interface FooBarInterface extends FooInterface, BarInterface { enum MyValues { ONE, TWO, THREE -} \ No newline at end of file +} + +class StaticTester { + + public static String sayHello() { + return "Hello"; + } + +}
