This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch WW-5327-non-java-beans
in repository https://gitbox.apache.org/repos/asf/struts.git
The following commit(s) were added to refs/heads/WW-5327-non-java-beans by this
push:
new ce4015739 Extends exclusion list
ce4015739 is described below
commit ce4015739a1bc7458048ded66445d44adeb32f7e
Author: Lukasz Lenart <lukaszlen...@apache.org>
AuthorDate: Mon Jul 31 10:39:02 2023 +0200
Extends exclusion list
---
.../com/opensymphony/xwork2/ognl/OgnlUtil.java | 2 +-
.../src/main/resources/struts-excluded-classes.xml | 4 +--
.../com/opensymphony/xwork2/ognl/OgnlUtilTest.java | 37 +++++++++++++++++++---
3 files changed, 35 insertions(+), 8 deletions(-)
diff --git a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index ecd226d39..8c1790229 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -194,7 +194,7 @@ public class OgnlUtil {
try {
classes.add(Class.forName(className));
} catch (ClassNotFoundException e) {
- LOG.warn("Class: {} doesn't exist, ignoring it!", className);
+ throw new ConfigurationException("Cannot load class for
exclusion/exemption configuration: " + className, e);
}
}
diff --git a/core/src/main/resources/struts-excluded-classes.xml
b/core/src/main/resources/struts-excluded-classes.xml
index 2c8c6cdb5..294e2399b 100644
--- a/core/src/main/resources/struts-excluded-classes.xml
+++ b/core/src/main/resources/struts-excluded-classes.xml
@@ -38,8 +38,8 @@
java.lang.Thread,
sun.misc.Unsafe,
com.opensymphony.xwork2.ActionContext,
- org.apache.commons.collections.BeanMap,
- org.apache.commons.beanutils.BeanMap"/>
+ com.opensymphony.xwork2.ognl.SecurityMemberAccess,
+ com.opensymphony.xwork2.ognl.OgnlValueStack"/>
<constant name="struts.devMode.excludedClasses"
value="
diff --git a/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
b/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
index b5795a326..301704316 100644
--- a/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
+++ b/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
@@ -35,7 +35,6 @@ import com.opensymphony.xwork2.util.Owner;
import com.opensymphony.xwork2.util.ValueStack;
import com.opensymphony.xwork2.util.location.LocatableProperties;
import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
-import java.beans.BeanInfo;
import ognl.InappropriateExpressionException;
import ognl.MethodFailedException;
import ognl.NoSuchPropertyException;
@@ -48,6 +47,7 @@ import ognl.SimpleNode;
import org.apache.struts2.StrutsConstants;
import org.apache.struts2.StrutsException;
+import java.beans.BeanInfo;
import java.beans.IntrospectionException;
import java.lang.reflect.Method;
import java.text.DateFormat;
@@ -877,6 +877,33 @@ public class OgnlUtilTest extends XWorkTestCase {
assertEquals(123, foo.getALong());
}
+ public void testBeanMapExpressions() throws OgnlException {
+ Foo foo = new Foo();
+ ognlUtil.setExcludedClasses(
+ "com.opensymphony.xwork2.ognl.SecurityMemberAccess"
+ );
+
+ Map<String, Object> context = ognlUtil.createDefaultContext(foo);
+
+ String expression = "%{\n" +
+ "(#request.a=#@org.apache.commons.collections.BeanMap@{}) +\n" +
+ "(#request.a.setBean(#request.get('struts.valueStack')) == true)
+\n" +
+ "(#request.b=#@org.apache.commons.collections.BeanMap@{}) +\n" +
+ "(#request.b.setBean(#request.get('a').get('context'))) +\n" +
+ "(#request.c=#@org.apache.commons.collections.BeanMap@{}) +\n" +
+ "(#request.c.setBean(#request.get('b').get('memberAccess'))) +\n" +
+
"(#request.get('c').put('excluded'+'PackageNames',#@org.apache.commons.collections.BeanMap@{}.keySet()))
+\n" +
+
"(#request.get('c').put('excludedClasses',#@org.apache.commons.collections.BeanMap@{}.keySet()))\n"
+
+ "}";
+
+ ognlUtil.setValue("title", context, foo, expression);
+
+ assertEquals(foo.getTitle(), expression);
+
+ SecurityMemberAccess sma = (SecurityMemberAccess) ((OgnlContext)
context).getMemberAccess();
+ assertTrue(sma.isClassExcluded(SecurityMemberAccess.class));
+ }
+
public void testNullProperties() {
Foo foo = new Foo();
foo.setALong(88);
@@ -1834,19 +1861,19 @@ public class OgnlUtilTest extends XWorkTestCase {
defaultOgnlCacheFactory.setUseLRUCache("false");
ognlCache = defaultOgnlCacheFactory.buildOgnlCache();
assertNotNull("No param build method result null ?", ognlCache);
- assertEquals("Eviction limit for cache mismatches limit for factory
?", 12, ognlCache.getEvictionLimit() );
+ assertEquals("Eviction limit for cache mismatches limit for factory
?", 12, ognlCache.getEvictionLimit());
ognlCache = defaultOgnlCacheFactory.buildOgnlCache(6, 6, 0.75f, false);
assertNotNull("No param build method result null ?", ognlCache);
- assertEquals("Eviction limit for cache mismatches limit for factory
?", 6, ognlCache.getEvictionLimit() );
+ assertEquals("Eviction limit for cache mismatches limit for factory
?", 6, ognlCache.getEvictionLimit());
// LRU cache
defaultOgnlCacheFactory.setCacheMaxSize("30");
defaultOgnlCacheFactory.setUseLRUCache("true");
ognlCache = defaultOgnlCacheFactory.buildOgnlCache();
assertNotNull("No param build method result null ?", ognlCache);
- assertEquals("Eviction limit for cache mismatches limit for factory
?", 30, ognlCache.getEvictionLimit() );
+ assertEquals("Eviction limit for cache mismatches limit for factory
?", 30, ognlCache.getEvictionLimit());
ognlCache = defaultOgnlCacheFactory.buildOgnlCache(15, 15, 0.75f,
false);
assertNotNull("No param build method result null ?", ognlCache);
- assertEquals("Eviction limit for cache mismatches limit for factory
?", 15, ognlCache.getEvictionLimit() );
+ assertEquals("Eviction limit for cache mismatches limit for factory
?", 15, ognlCache.getEvictionLimit());
}
/**
