[23/33] struts git commit: Adds more strict DMI logic

Mon, 28 Sep 2015 11:53:37 -0700 

Adds more strict DMI logic


Project: http://git-wip-us.apache.org/repos/asf/struts/repo
Commit: http://git-wip-us.apache.org/repos/asf/struts/commit/0aaade64
Tree: http://git-wip-us.apache.org/repos/asf/struts/tree/0aaade64
Diff: http://git-wip-us.apache.org/repos/asf/struts/diff/0aaade64

Branch: refs/heads/master
Commit: 0aaade64cd332a7a5f45ae5068b8f7be1abb3817
Parents: 45af876
Author: Lukasz Lenart <lukasz.len...@gmail.com>
Authored: Fri Sep 4 11:35:23 2015 +0200
Committer: Lukasz Lenart <lukasz.len...@gmail.com>
Committed: Fri Sep 4 11:35:23 2015 +0200

----------------------------------------------------------------------
 .../xwork2/config/providers/XmlConfigurationProvider.java     | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/struts/blob/0aaade64/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java
----------------------------------------------------------------------
diff --git 
a/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java
 
b/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java
index 950d4a1..7d2e065 100644
--- 
a/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java
+++ 
b/core/src/main/java/com/opensymphony/xwork2/config/providers/XmlConfigurationProvider.java
@@ -846,7 +846,8 @@ public class XmlConfigurationProvider implements 
ConfigurationProvider {
         NodeList allowedMethodsEls = 
element.getElementsByTagName("allowed-methods");
 
         Set<String> allowedMethods;
-        if (packageContext.isStrictMethodInvocation()) {
+        if (allowedMethodsEls.getLength() > 0) {
+            // user defined 'allowed-methods' so used them whatever Strict DMI 
was enabled or not
             allowedMethods = packageContext.getGlobalAllowedMethods();
 
             if (allowedMethodsEls.getLength() > 0) {
@@ -859,7 +860,11 @@ public class XmlConfigurationProvider implements 
ConfigurationProvider {
                     }
                 }
             }
+        } else if (packageContext.isStrictMethodInvocation()) {
+            // user enabled Strict DMI but didn't defined action specific 
'allowed-methods' so we use 'global-allowed-methods' only
+            allowedMethods = packageContext.getGlobalAllowedMethods();
         } else {
+            // Strict DMI is disabled to any method can be called
             allowedMethods = new HashSet<>();
             allowedMethods.add(ActionConfig.REGEX_WILDCARD);
         }

Reply via email to