[struts] 03/04: WW-5340 Make OgnlGuard a configurable bean

Thu, 31 Aug 2023 04:35:31 -0700 

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch WW-5340-ognl-guard
in repository https://gitbox.apache.org/repos/asf/struts.git
commit fc01f1e1c484f378e73bbbdc652a17470f1d95df
Author: Kusal Kithul-Godage <g...@kusal.io>
AuthorDate: Thu Aug 31 20:14:48 2023 +1000

    WW-5340 Make OgnlGuard a configurable bean
---
 .../main/java/org/apache/struts2/StrutsConstants.java |  2 ++
 .../struts2/config/StrutsBeanSelectionProvider.java   | 19 +++++++++++--------
 core/src/main/resources/struts-beans.xml              |  3 ++-
 3 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/core/src/main/java/org/apache/struts2/StrutsConstants.java 
b/core/src/main/java/org/apache/struts2/StrutsConstants.java
index 143b8c832..ac5b91d8a 100644
--- a/core/src/main/java/org/apache/struts2/StrutsConstants.java
+++ b/core/src/main/java/org/apache/struts2/StrutsConstants.java
@@ -234,6 +234,8 @@ public final class StrutsConstants {
     /** The name of the parameter to determine whether static field access 
will be allowed in OGNL expressions or not */
     public static final String STRUTS_ALLOW_STATIC_FIELD_ACCESS = 
"struts.ognl.allowStaticFieldAccess";
 
+    public static final String STRUTS_OGNL_GUARD = "struts.ognlGuard";
+
     /** The com.opensymphony.xwork2.validator.ActionValidatorManager 
implementation class */
     public static final String STRUTS_ACTIONVALIDATORMANAGER = 
"struts.actionValidatorManager";
 
diff --git 
a/core/src/main/java/org/apache/struts2/config/StrutsBeanSelectionProvider.java 
b/core/src/main/java/org/apache/struts2/config/StrutsBeanSelectionProvider.java
index c80494f35..64feac83b 100644
--- 
a/core/src/main/java/org/apache/struts2/config/StrutsBeanSelectionProvider.java
+++ 
b/core/src/main/java/org/apache/struts2/config/StrutsBeanSelectionProvider.java
@@ -19,18 +19,13 @@
 package org.apache.struts2.config;
 
 import com.opensymphony.xwork2.ActionProxyFactory;
-import com.opensymphony.xwork2.LocaleProviderFactory;
-import com.opensymphony.xwork2.LocalizedTextProvider;
-import com.opensymphony.xwork2.TextProviderFactory;
-import com.opensymphony.xwork2.factory.UnknownHandlerFactory;
-import com.opensymphony.xwork2.ognl.BeanInfoCacheFactory;
-import com.opensymphony.xwork2.ognl.ExpressionCacheFactory;
-import com.opensymphony.xwork2.security.AcceptedPatternsChecker;
-import com.opensymphony.xwork2.security.ExcludedPatternsChecker;
 import com.opensymphony.xwork2.FileManager;
 import com.opensymphony.xwork2.FileManagerFactory;
+import com.opensymphony.xwork2.LocaleProviderFactory;
+import com.opensymphony.xwork2.LocalizedTextProvider;
 import com.opensymphony.xwork2.ObjectFactory;
 import com.opensymphony.xwork2.TextProvider;
+import com.opensymphony.xwork2.TextProviderFactory;
 import com.opensymphony.xwork2.UnknownHandlerManager;
 import com.opensymphony.xwork2.conversion.ConversionAnnotationProcessor;
 import com.opensymphony.xwork2.conversion.ConversionFileProcessor;
@@ -48,9 +43,15 @@ import com.opensymphony.xwork2.factory.ActionFactory;
 import com.opensymphony.xwork2.factory.ConverterFactory;
 import com.opensymphony.xwork2.factory.InterceptorFactory;
 import com.opensymphony.xwork2.factory.ResultFactory;
+import com.opensymphony.xwork2.factory.UnknownHandlerFactory;
 import com.opensymphony.xwork2.factory.ValidatorFactory;
 import com.opensymphony.xwork2.inject.ContainerBuilder;
 import com.opensymphony.xwork2.inject.Scope;
+import com.opensymphony.xwork2.ognl.BeanInfoCacheFactory;
+import com.opensymphony.xwork2.ognl.ExpressionCacheFactory;
+import com.opensymphony.xwork2.ognl.OgnlGuard;
+import com.opensymphony.xwork2.security.AcceptedPatternsChecker;
+import com.opensymphony.xwork2.security.ExcludedPatternsChecker;
 import com.opensymphony.xwork2.security.NotExcludedAcceptedPatternsChecker;
 import com.opensymphony.xwork2.util.PatternMatcher;
 import com.opensymphony.xwork2.util.TextParser;
@@ -434,6 +435,8 @@ public class StrutsBeanSelectionProvider extends 
AbstractBeanSelectionProvider {
         alias(ExpressionCacheFactory.class, 
StrutsConstants.STRUTS_OGNL_EXPRESSION_CACHE_FACTORY, builder, props, 
Scope.SINGLETON);
         alias(BeanInfoCacheFactory.class, 
StrutsConstants.STRUTS_OGNL_BEANINFO_CACHE_FACTORY, builder, props, 
Scope.SINGLETON);
 
+        alias(OgnlGuard.class, StrutsConstants.STRUTS_OGNL_GUARD, builder, 
props, Scope.SINGLETON);
+
         alias(QueryStringBuilder.class, 
StrutsConstants.STRUTS_URL_QUERY_STRING_BUILDER, builder, props, 
Scope.SINGLETON);
         alias(QueryStringParser.class, 
StrutsConstants.STRUTS_URL_QUERY_STRING_PARSER, builder, props, 
Scope.SINGLETON);
         alias(UrlEncoder.class, StrutsConstants.STRUTS_URL_ENCODER, builder, 
props, Scope.SINGLETON);
diff --git a/core/src/main/resources/struts-beans.xml 
b/core/src/main/resources/struts-beans.xml
index 89acda7c6..c6cdcc94a 100644
--- a/core/src/main/resources/struts-beans.xml
+++ b/core/src/main/resources/struts-beans.xml
@@ -166,7 +166,8 @@
           
class="com.opensymphony.xwork2.validator.DefaultValidatorFileParser"/>
 
     <bean class="com.opensymphony.xwork2.ognl.OgnlUtil"/>
-    <bean type="com.opensymphony.xwork2.ognl.OgnlGuard" 
class="com.opensymphony.xwork2.ognl.DefaultOgnlGuard"/>
+    <bean type="com.opensymphony.xwork2.ognl.OgnlGuard" name="struts"
+          class="com.opensymphony.xwork2.ognl.DefaultOgnlGuard" />
 
     <bean type="com.opensymphony.xwork2.util.TextParser" name="struts"
           class="com.opensymphony.xwork2.util.OgnlTextParser" 
scope="singleton"/>

Reply via email to