(struts) 05/10: WW-5343 Make SecurityMemberAccess a prototype bean

kusal Tue, 14 Nov 2023 05:30:41 -0800

This is an automated email from the ASF dual-hosted git repository.

kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git


commit 90344b38108852d0f27c8eb2c52a3c2b8881b0dd
Author: Kusal Kithul-Godage <g...@kusal.io>
AuthorDate: Wed Nov 15 00:22:36 2023 +1100

    WW-5343 Make SecurityMemberAccess a prototype bean
---
 .../com/opensymphony/xwork2/config/impl/DefaultConfiguration.java    | 4 +++-
 .../xwork2/config/providers/StrutsDefaultConfigurationProvider.java  | 2 ++
 .../main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java | 5 +++++
 core/src/main/java/org/apache/struts2/StrutsConstants.java           | 2 ++
 .../java/org/apache/struts2/config/StrutsBeanSelectionProvider.java  | 2 ++
 core/src/main/resources/struts-beans.xml                             | 3 ++-
 6 files changed, 16 insertions(+), 2 deletions(-)

diff --git 
a/core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java
 
b/core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java
index b25484222..d0cbcef1c 100644
--- 
a/core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java
+++ 
b/core/src/main/java/com/opensymphony/xwork2/config/impl/DefaultConfiguration.java
@@ -85,6 +85,7 @@ import com.opensymphony.xwork2.ognl.OgnlCacheFactory;
 import com.opensymphony.xwork2.ognl.OgnlReflectionProvider;
 import com.opensymphony.xwork2.ognl.OgnlUtil;
 import com.opensymphony.xwork2.ognl.OgnlValueStackFactory;
+import com.opensymphony.xwork2.ognl.SecurityMemberAccess;
 import com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor;
 import com.opensymphony.xwork2.util.CompoundRoot;
 import com.opensymphony.xwork2.util.OgnlTextParser;
@@ -133,7 +134,6 @@ public class DefaultConfiguration implements Configuration {
         Map<String, Object> constants = new HashMap<>();
         constants.put(StrutsConstants.STRUTS_DEVMODE, Boolean.FALSE);
         constants.put(StrutsConstants.STRUTS_OGNL_LOG_MISSING_PROPERTIES, 
Boolean.FALSE);
-        constants.put(StrutsConstants.STRUTS_OGNL_ENABLE_EVAL_EXPRESSION, 
Boolean.FALSE);
         constants.put(StrutsConstants.STRUTS_OGNL_ENABLE_EXPRESSION_CACHE, 
Boolean.TRUE);
         constants.put(StrutsConstants.STRUTS_CONFIGURATION_XML_RELOAD, 
Boolean.FALSE);
         constants.put(StrutsConstants.STRUTS_I18N_RELOAD, Boolean.FALSE);
@@ -142,6 +142,7 @@ public class DefaultConfiguration implements Configuration {
         constants.put(StrutsConstants.STRUTS_OGNL_EXPRESSION_CACHE_MAXSIZE, 
10000);
         constants.put(StrutsConstants.STRUTS_OGNL_BEANINFO_CACHE_TYPE, 
OgnlCacheFactory.CacheType.BASIC);
         constants.put(StrutsConstants.STRUTS_OGNL_BEANINFO_CACHE_MAXSIZE, 
10000);
+        constants.put(StrutsConstants.STRUTS_ALLOW_STATIC_FIELD_ACCESS, 
Boolean.TRUE);
         BOOTSTRAP_CONSTANTS = Collections.unmodifiableMap(constants);
     }
 
@@ -385,6 +386,7 @@ public class DefaultConfiguration implements Configuration {
         builder.factory(ExpressionCacheFactory.class, 
DefaultOgnlExpressionCacheFactory.class, Scope.SINGLETON);
         builder.factory(BeanInfoCacheFactory.class, 
DefaultOgnlBeanInfoCacheFactory.class, Scope.SINGLETON);
         builder.factory(OgnlUtil.class, Scope.SINGLETON);
+        builder.factory(SecurityMemberAccess.class, Scope.PROTOTYPE);
         builder.factory(OgnlGuard.class, StrutsOgnlGuard.class, 
Scope.SINGLETON);
 
         builder.factory(ValueSubstitutor.class, EnvsValueSubstitutor.class, 
Scope.SINGLETON);
diff --git 
a/core/src/main/java/com/opensymphony/xwork2/config/providers/StrutsDefaultConfigurationProvider.java
 
b/core/src/main/java/com/opensymphony/xwork2/config/providers/StrutsDefaultConfigurationProvider.java
index 625a4fb17..09eeb7c85 100644
--- 
a/core/src/main/java/com/opensymphony/xwork2/config/providers/StrutsDefaultConfigurationProvider.java
+++ 
b/core/src/main/java/com/opensymphony/xwork2/config/providers/StrutsDefaultConfigurationProvider.java
@@ -75,6 +75,7 @@ import 
com.opensymphony.xwork2.ognl.OgnlReflectionContextFactory;
 import com.opensymphony.xwork2.ognl.OgnlReflectionProvider;
 import com.opensymphony.xwork2.ognl.OgnlUtil;
 import com.opensymphony.xwork2.ognl.OgnlValueStackFactory;
+import com.opensymphony.xwork2.ognl.SecurityMemberAccess;
 import com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor;
 import com.opensymphony.xwork2.ognl.accessor.HttpParametersPropertyAccessor;
 import com.opensymphony.xwork2.ognl.accessor.ObjectAccessor;
@@ -230,6 +231,7 @@ public class StrutsDefaultConfigurationProvider implements 
ConfigurationProvider
             .factory(ExpressionCacheFactory.class, 
DefaultOgnlExpressionCacheFactory.class, Scope.SINGLETON)
             .factory(BeanInfoCacheFactory.class, 
DefaultOgnlBeanInfoCacheFactory.class, Scope.SINGLETON)
             .factory(OgnlUtil.class, Scope.SINGLETON)
+            .factory(SecurityMemberAccess.class, Scope.PROTOTYPE)
             .factory(OgnlGuard.class, StrutsOgnlGuard.class, Scope.SINGLETON)
             .factory(CollectionConverter.class, Scope.SINGLETON)
             .factory(ArrayConverter.class, Scope.SINGLETON)
diff --git 
a/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java 
b/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index 87af5e0b6..f5a913293 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -62,6 +62,11 @@ public class SecurityMemberAccess implements MemberAccess {
     private boolean disallowProxyMemberAccess = false;
     private boolean disallowDefaultPackageAccess = false;
 
+    @Inject
+    public SecurityMemberAccess(@Inject(value = 
StrutsConstants.STRUTS_ALLOW_STATIC_FIELD_ACCESS) String 
allowStaticFieldAccess) {
+        this(BooleanUtils.toBoolean(allowStaticFieldAccess));
+    }
+
     /**
      * SecurityMemberAccess
      * - access decisions based on whether member is static (or not)
diff --git a/core/src/main/java/org/apache/struts2/StrutsConstants.java 
b/core/src/main/java/org/apache/struts2/StrutsConstants.java
index bcb07a69a..f5fe67a50 100644
--- a/core/src/main/java/org/apache/struts2/StrutsConstants.java
+++ b/core/src/main/java/org/apache/struts2/StrutsConstants.java
@@ -234,6 +234,8 @@ public final class StrutsConstants {
     /** The name of the parameter to determine whether static field access 
will be allowed in OGNL expressions or not */
     public static final String STRUTS_ALLOW_STATIC_FIELD_ACCESS = 
"struts.ognl.allowStaticFieldAccess";
 
+    public static final String STRUTS_MEMBER_ACCESS = 
"struts.securityMemberAccess";
+
     public static final String STRUTS_OGNL_GUARD = "struts.ognlGuard";
 
     /** The com.opensymphony.xwork2.validator.ActionValidatorManager 
implementation class */
diff --git 
a/core/src/main/java/org/apache/struts2/config/StrutsBeanSelectionProvider.java 
b/core/src/main/java/org/apache/struts2/config/StrutsBeanSelectionProvider.java
index 70cc85135..2ac92e8fb 100644
--- 
a/core/src/main/java/org/apache/struts2/config/StrutsBeanSelectionProvider.java
+++ 
b/core/src/main/java/org/apache/struts2/config/StrutsBeanSelectionProvider.java
@@ -49,6 +49,7 @@ import com.opensymphony.xwork2.inject.ContainerBuilder;
 import com.opensymphony.xwork2.inject.Scope;
 import com.opensymphony.xwork2.ognl.BeanInfoCacheFactory;
 import com.opensymphony.xwork2.ognl.ExpressionCacheFactory;
+import com.opensymphony.xwork2.ognl.SecurityMemberAccess;
 import com.opensymphony.xwork2.security.AcceptedPatternsChecker;
 import com.opensymphony.xwork2.security.ExcludedPatternsChecker;
 import com.opensymphony.xwork2.security.NotExcludedAcceptedPatternsChecker;
@@ -435,6 +436,7 @@ public class StrutsBeanSelectionProvider extends 
AbstractBeanSelectionProvider {
         alias(ExpressionCacheFactory.class, 
StrutsConstants.STRUTS_OGNL_EXPRESSION_CACHE_FACTORY, builder, props, 
Scope.SINGLETON);
         alias(BeanInfoCacheFactory.class, 
StrutsConstants.STRUTS_OGNL_BEANINFO_CACHE_FACTORY, builder, props, 
Scope.SINGLETON);
 
+        alias(SecurityMemberAccess.class, 
StrutsConstants.STRUTS_MEMBER_ACCESS, builder, props, Scope.PROTOTYPE);
         alias(OgnlGuard.class, StrutsConstants.STRUTS_OGNL_GUARD, builder, 
props, Scope.SINGLETON);
 
         alias(QueryStringBuilder.class, 
StrutsConstants.STRUTS_URL_QUERY_STRING_BUILDER, builder, props, 
Scope.SINGLETON);
diff --git a/core/src/main/resources/struts-beans.xml 
b/core/src/main/resources/struts-beans.xml
index 91fb65db7..273b43b87 100644
--- a/core/src/main/resources/struts-beans.xml
+++ b/core/src/main/resources/struts-beans.xml
@@ -166,8 +166,9 @@
           
class="com.opensymphony.xwork2.validator.DefaultValidatorFileParser"/>
 
     <bean class="com.opensymphony.xwork2.ognl.OgnlUtil"/>
+    <bean name="struts" 
class="com.opensymphony.xwork2.ognl.SecurityMemberAccess" scope="prototype"/>
     <bean type="org.apache.struts2.ognl.OgnlGuard" name="struts"
-          class="org.apache.struts2.ognl.StrutsOgnlGuard" />
+          class="org.apache.struts2.ognl.StrutsOgnlGuard"/>
 
     <bean type="com.opensymphony.xwork2.util.TextParser" name="struts"
           class="com.opensymphony.xwork2.util.OgnlTextParser" 
scope="singleton"/>

(struts) 05/10: WW-5343 Make SecurityMemberAccess a prototype bean

Reply via email to