Adds support to define allowed methods as regex
Project: http://git-wip-us.apache.org/repos/asf/struts/repo Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/e38d4657 Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/e38d4657 Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/e38d4657 Branch: refs/heads/master Commit: e38d4657c6a973b30b9ece360f7ea2c97fb69555 Parents: e4fc852 Author: Lukasz Lenart <lukasz.len...@gmail.com> Authored: Fri Sep 4 09:04:37 2015 +0200 Committer: Lukasz Lenart <lukasz.len...@gmail.com> Committed: Fri Sep 4 09:04:37 2015 +0200 ---------------------------------------------------------------------- .../xwork2/config/entities/ActionConfig.java | 1 + .../xwork2/config/entities/AllowedMethods.java | 5 +++- .../providers/XmlConfigurationProvider.java | 24 ++++++++++++-------- 3 files changed, 20 insertions(+), 10 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/struts/blob/e38d4657/core/src/main/java/com/opensymphony/xwork2/config/entities/ActionConfig.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/com/opensymphony/xwork2/config/entities/ActionConfig.java b/core/src/main/java/com/opensymphony/xwork2/config/entities/ActionConfig.java index 5303e83..7c10c90 100644 --- a/core/src/main/java/com/opensymphony/xwork2/config/entities/ActionConfig.java +++ b/core/src/main/java/com/opensymphony/xwork2/config/entities/ActionConfig.java @@ -43,6 +43,7 @@ public class ActionConfig extends Located implements Serializable { public static final String DEFAULT_METHOD = "execute"; public static final String WILDCARD = "*"; + public static final String REGEX_WILDCARD = "regex:.*"; protected List<InterceptorMapping> interceptors; // a list of interceptorMapping Objects eg. List<InterceptorMapping> protected Map<String,String> params; http://git-wip-us.apache.org/repos/asf/struts/blob/e38d4657/core/src/main/java/com/opensymphony/xwork2/config/entities/AllowedMethods.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/com/opensymphony/xwork2/config/entities/AllowedMethods.java b/core/src/main/java/com/opensymphony/xwork2/config/entities/AllowedMethods.java index 7a4fec1..f619d89 100644 --- a/core/src/main/java/com/opensymphony/xwork2/config/entities/AllowedMethods.java +++ b/core/src/main/java/com/opensymphony/xwork2/config/entities/AllowedMethods.java @@ -32,8 +32,11 @@ public class AllowedMethods { ret.append(c); } } - if (isPattern) { + if (isPattern && !method.startsWith("regex:")) { return new PatternAllowedMethod(ret.toString(), method); + } else if (method.startsWith("regex:")) { + String pattern = method.substring(method.indexOf(":") + 1); + return new PatternAllowedMethod(pattern, method); } else { return new LiteralAllowedMethod(ret.toString()); } http://git-wip-us.apache.org/repos/asf/struts/blob/e38d4657/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java ---------------------------------------------------------------------- diff --git a/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java b/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java index 3009dcb..950d4a1 100644 --- a/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java +++ b/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java @@ -845,17 +845,23 @@ public class XmlConfigurationProvider implements ConfigurationProvider { protected Set<String> buildAllowedMethods(Element element, PackageConfig.Builder packageContext) { NodeList allowedMethodsEls = element.getElementsByTagName("allowed-methods"); - Set<String> allowedMethods = packageContext.getGlobalAllowedMethods(); - - if (allowedMethodsEls.getLength() > 0) { - allowedMethods = new HashSet<>(); - Node n = allowedMethodsEls.item(0).getFirstChild(); - if (n != null) { - String s = n.getNodeValue().trim(); - if (s.length() > 0) { - allowedMethods = TextParseUtil.commaDelimitedStringToSet(s); + Set<String> allowedMethods; + if (packageContext.isStrictMethodInvocation()) { + allowedMethods = packageContext.getGlobalAllowedMethods(); + + if (allowedMethodsEls.getLength() > 0) { + allowedMethods = new HashSet<>(); + Node n = allowedMethodsEls.item(0).getFirstChild(); + if (n != null) { + String s = n.getNodeValue().trim(); + if (s.length() > 0) { + allowedMethods = TextParseUtil.commaDelimitedStringToSet(s); + } } } + } else { + allowedMethods = new HashSet<>(); + allowedMethods.add(ActionConfig.REGEX_WILDCARD); } return allowedMethods;
