This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5343-sec-extend
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 62988f783fd6ce78aefb876ac5d84fb314bc5db8
Author: Kusal Kithul-Godage <g...@kusal.io>
AuthorDate: Wed Nov 15 00:30:12 2023 +1100
WW-5343 Fix unit test compilation errors
---
.../xwork2/ognl/OgnlValueStackTest.java | 2 -
.../xwork2/ognl/SecurityMemberAccessTest.java | 155 ++++++++-------------
.../util/SecurityMemberAccessInServletsTest.java | 11 +-
.../xwork2/ognl/SecurityMemberAccessProxyTest.java | 2 +-
.../com/test/SecurityMemberAccessProxyTest.java | 49 +------
5 files changed, 60 insertions(+), 159 deletions(-)
diff --git
a/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
b/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
index 5f0ac5b26..210f7ea8b 100644
--- a/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
+++ b/core/src/test/java/com/opensymphony/xwork2/ognl/OgnlValueStackTest.java
@@ -48,7 +48,6 @@ import
org.apache.logging.log4j.core.appender.AbstractAppender;
import org.apache.struts2.StrutsConstants;
import org.apache.struts2.StrutsException;
import org.apache.struts2.config.DefaultPropertiesProvider;
-import org.apache.struts2.config.StrutsXmlConfigurationProvider;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@@ -100,7 +99,6 @@ public class OgnlValueStackTest extends XWorkTestCase {
(CompoundRootAccessor)
container.getInstance(PropertyAccessor.class, CompoundRoot.class.getName()),
container.getInstance(TextProvider.class, "system"),
allowStaticFieldAccess);
container.inject(stack);
-
ognlUtil.setAllowStaticFieldAccess(Boolean.toString(allowStaticFieldAccess));
return stack;
}
diff --git
a/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
b/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
index 08a3b919e..f25ecd30b 100644
---
a/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
+++
b/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
@@ -20,23 +20,19 @@ package com.opensymphony.xwork2.ognl;
import com.opensymphony.xwork2.TestBean;
import com.opensymphony.xwork2.test.TestBean2;
-import com.opensymphony.xwork2.util.TextParseUtil;
+import ognl.MemberAccess;
import org.junit.Before;
import org.junit.Test;
import java.lang.reflect.Field;
import java.lang.reflect.Member;
import java.lang.reflect.Method;
-import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
-import java.util.regex.Pattern;
-import static java.util.Arrays.asList;
-import static java.util.Collections.singletonList;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
@@ -77,9 +73,7 @@ public class SecurityMemberAccessTest {
String propertyName = "stringField";
Member member =
FooBar.class.getDeclaredMethod(formGetterName(propertyName));
- Set<String> excluded = new HashSet<>();
- excluded.add(FooBar.class.getName());
- sma.useExcludedClasses(excluded);
+ sma.useExcludedClasses(FooBar.class.getName());
// when
boolean accessible = sma.isAccessible(context, target, member,
propertyName);
@@ -120,9 +114,7 @@ public class SecurityMemberAccessTest {
String propertyName = "barLogic";
Member member = BarInterface.class.getMethod(propertyName);
- Set<String> excluded = new HashSet<>();
- excluded.add(BarInterface.class.getName());
- sma.useExcludedClasses(excluded);
+ sma.useExcludedClasses(BarInterface.class.getName());
// when
boolean accessible = sma.isAccessible(context, target, member,
propertyName);
@@ -137,9 +129,7 @@ public class SecurityMemberAccessTest {
String propertyName = "fooLogic";
Member member = FooBar.class.getMethod(propertyName);
- Set<String> excluded = new HashSet<>();
- excluded.add(BarInterface.class.getName());
- sma.useExcludedClasses(excluded);
+ sma.useExcludedClasses(BarInterface.class.getName());
// when
boolean accessible = sma.isAccessible(context, target, member,
propertyName);
@@ -154,9 +144,7 @@ public class SecurityMemberAccessTest {
String propertyName = "barLogic";
Member member = BarInterface.class.getMethod(propertyName);
- Set<String> excluded = new HashSet<>();
- excluded.add(BarInterface.class.getName());
- sma.useExcludedClasses(excluded);
+ sma.useExcludedClasses(BarInterface.class.getName());
// when
boolean accessible = sma.isAccessible(context, target, member,
propertyName);
@@ -171,9 +159,7 @@ public class SecurityMemberAccessTest {
String propertyName = "barLogic";
Member member = BarInterface.class.getMethod(propertyName);
- Set<String> excluded = new HashSet<>();
- excluded.add(FooInterface.class.getName());
- sma.useExcludedClasses(excluded);
+ sma.useExcludedClasses(FooInterface.class.getName());
// when
boolean accessible = sma.isAccessible(context, target, member,
propertyName);
@@ -185,9 +171,7 @@ public class SecurityMemberAccessTest {
@Test
public void testPackageExclusion() throws Exception {
// given
- Set<Pattern> excluded = new HashSet<>();
- excluded.add(Pattern.compile("^" +
FooBar.class.getPackage().getName().replaceAll("\\.", "\\\\.") + ".*"));
- sma.useExcludedPackageNamePatterns(excluded);
+ sma.useExcludedPackageNamePatterns("^" +
FooBar.class.getPackage().getName().replaceAll("\\.", "\\\\.") + ".*");
String propertyName = "stringField";
Member member = FooBar.class.getMethod(formGetterName(propertyName));
@@ -202,13 +186,9 @@ public class SecurityMemberAccessTest {
@Test
public void testPackageExclusionExemption() throws Exception {
// given
- Set<Pattern> excluded = new HashSet<>();
- excluded.add(Pattern.compile("^" +
FooBar.class.getPackage().getName().replaceAll("\\.", "\\\\.") + ".*"));
- sma.useExcludedPackageNamePatterns(excluded);
+ sma.useExcludedPackageNamePatterns("^" +
FooBar.class.getPackage().getName().replaceAll("\\.", "\\\\.") + ".*");
- Set<String> allowed = new HashSet<>();
- allowed.add(FooBar.class.getName());
- sma.useExcludedPackageExemptClasses(allowed);
+ sma.useExcludedPackageExemptClasses(FooBar.class.getName());
String propertyName = "stringField";
Member member = FooBar.class.getMethod(formGetterName(propertyName));
@@ -223,9 +203,7 @@ public class SecurityMemberAccessTest {
@Test
public void testPackageNameExclusion() throws Exception {
// given
- Set<String> excluded = new HashSet<>();
- excluded.add(FooBar.class.getPackage().getName());
- sma.useExcludedPackageNames(excluded);
+ sma.useExcludedPackageNames(FooBar.class.getPackage().getName());
String propertyName = "stringField";
Member member = FooBar.class.getMethod(formGetterName(propertyName));
@@ -240,13 +218,9 @@ public class SecurityMemberAccessTest {
@Test
public void testPackageNameExclusionExemption() throws Exception {
// given
- Set<String> excluded = new HashSet<>();
- excluded.add(FooBar.class.getPackage().getName());
- sma.useExcludedPackageNames(excluded);
+ sma.useExcludedPackageNames(FooBar.class.getPackage().getName());
- Set<String> allowed = new HashSet<>();
- allowed.add(FooBar.class.getName());
- sma.useExcludedPackageExemptClasses(allowed);
+ sma.useExcludedPackageExemptClasses(FooBar.class.getName());
String propertyName = "stringField";
Member member = FooBar.class.getMethod(formGetterName(propertyName));
@@ -261,14 +235,10 @@ public class SecurityMemberAccessTest {
@Test
public void testPackageNameExclusionExemption2() throws Exception {
// given
- Set<String> excluded = new HashSet<>();
- excluded.add(FooBar.class.getPackage().getName());
- sma.useExcludedPackageNames(excluded);
+ sma.useExcludedPackageNames(FooBar.class.getPackage().getName());
// Exemption must exist for both classes (target and member) if they
both match a banned package
- Set<String> allowed = new HashSet<>();
- allowed.add(BarInterface.class.getName());
- sma.useExcludedPackageExemptClasses(allowed);
+ sma.useExcludedPackageExemptClasses(BarInterface.class.getName());
String propertyName = "barLogic";
Member member = BarInterface.class.getMethod(propertyName);
@@ -283,15 +253,10 @@ public class SecurityMemberAccessTest {
@Test
public void testPackageNameExclusionExemption3() throws Exception {
// given
- Set<String> excluded = new HashSet<>();
- excluded.add(FooBar.class.getPackage().getName());
- sma.useExcludedPackageNames(excluded);
+ sma.useExcludedPackageNames(FooBar.class.getPackage().getName());
// Exemption must exist for both classes (target and member) if they
both match a banned package
- Set<String> allowed = new HashSet<>();
- allowed.add(BarInterface.class.getName());
- allowed.add(FooBar.class.getName());
- sma.useExcludedPackageExemptClasses(allowed);
+ sma.useExcludedPackageExemptClasses(String.join(",",
BarInterface.class.getName(), FooBar.class.getName()));
String propertyName = "barLogic";
Member member = BarInterface.class.getMethod(propertyName);
@@ -306,9 +271,7 @@ public class SecurityMemberAccessTest {
@Test
public void testDefaultPackageExclusion() throws Exception {
// given
- Set<Pattern> excluded = new HashSet<>();
- excluded.add(Pattern.compile("^" +
FooBar.class.getPackage().getName().replaceAll("\\.", "\\\\.") + ".*"));
- sma.useExcludedPackageNamePatterns(excluded);
+ sma.useExcludedPackageNamePatterns("^" +
FooBar.class.getPackage().getName().replaceAll("\\.", "\\\\.") + ".*");
Class<?> clazz = Class.forName("PackagelessAction");
@@ -321,7 +284,7 @@ public class SecurityMemberAccessTest {
@Test
public void testDefaultPackageExclusionSetting() throws Exception {
- sma.disallowDefaultPackageAccess(true);
+ sma.useDisallowDefaultPackageAccess(Boolean.TRUE.toString());
Class<?> clazz = Class.forName("PackagelessAction");
boolean actual = sma.isAccessible(null,
clazz.getConstructor().newInstance(), clazz.getMethod("execute"), null);
@@ -332,9 +295,7 @@ public class SecurityMemberAccessTest {
@Test
public void testDefaultPackageExclusion2() throws Exception {
// given
- Set<Pattern> excluded = new HashSet<>();
- excluded.add(Pattern.compile("^$"));
- sma.useExcludedPackageNamePatterns(excluded);
+ sma.useExcludedPackageNamePatterns("^$");
Class<?> clazz = Class.forName("PackagelessAction");
@@ -368,7 +329,7 @@ public class SecurityMemberAccessTest {
@Test
public void testAccessStaticMethod() throws Exception {
// given
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
Member method = StaticTester.class.getMethod("sayHello");
@@ -381,7 +342,7 @@ public class SecurityMemberAccessTest {
@Test
public void testAccessStaticField() throws Exception {
// given
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
Member method = StaticTester.class.getField("MAX_VALUE");
@@ -395,7 +356,7 @@ public class SecurityMemberAccessTest {
public void testBlockedStaticFieldWhenFlagIsTrue() throws Exception {
// given
assignNewSma(true);
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
Member method = StaticTester.class.getField("MAX_VALUE");
@@ -407,7 +368,7 @@ public class SecurityMemberAccessTest {
// public static final test
// given
assignNewSma(true);
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
method = StaticTester.class.getField("MIN_VALUE");
@@ -419,7 +380,7 @@ public class SecurityMemberAccessTest {
// package static test
// given
assignNewSma(true);
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
method = StaticTester.getFieldByName("PACKAGE_STRING");
@@ -431,7 +392,7 @@ public class SecurityMemberAccessTest {
// package final static test
// given
assignNewSma(true);
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
method = StaticTester.getFieldByName("FINAL_PACKAGE_STRING");
@@ -443,7 +404,7 @@ public class SecurityMemberAccessTest {
// protected static test
// given
assignNewSma(true);
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
method = StaticTester.getFieldByName("PROTECTED_STRING");
@@ -455,7 +416,7 @@ public class SecurityMemberAccessTest {
// protected final static test
// given
assignNewSma(true);
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
method = StaticTester.getFieldByName("FINAL_PROTECTED_STRING");
@@ -467,7 +428,7 @@ public class SecurityMemberAccessTest {
// private static test
// given
assignNewSma(true);
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
method = StaticTester.getFieldByName("PRIVATE_STRING");
@@ -479,7 +440,7 @@ public class SecurityMemberAccessTest {
// private final static test
// given
assignNewSma(true);
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
method = StaticTester.getFieldByName("FINAL_PRIVATE_STRING");
@@ -582,7 +543,7 @@ public class SecurityMemberAccessTest {
@Test
public void testBlockedStaticFieldWhenClassIsExcluded() throws Exception {
// given
- sma.useExcludedClasses(new
HashSet<>(Arrays.asList(Class.class.getName(), StaticTester.class.getName())));
+ sma.useExcludedClasses(String.join(",", Class.class.getName(),
StaticTester.class.getName()));
// when
Member method = StaticTester.class.getField("MAX_VALUE");
@@ -595,7 +556,7 @@ public class SecurityMemberAccessTest {
@Test
public void testBlockStaticMethodAccess() throws Exception {
// given
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
Member method = StaticTester.class.getMethod("sayHello");
@@ -608,7 +569,7 @@ public class SecurityMemberAccessTest {
@Test
public void testBlockAccessIfClassIsExcluded() throws Exception {
// given
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
Member method = Class.class.getMethod("getClassLoader");
@@ -621,7 +582,7 @@ public class SecurityMemberAccessTest {
@Test
public void testBlockAccessIfClassIsExcluded_2() throws Exception {
// given
- sma.useExcludedClasses(new
HashSet<>(singletonList(ClassLoader.class.getName())));
+ sma.useExcludedClasses(ClassLoader.class.getName());
// when
Member method = ClassLoader.class.getMethod("loadClass", String.class);
@@ -635,7 +596,7 @@ public class SecurityMemberAccessTest {
@Test
public void testAllowAccessIfClassIsNotExcluded() throws Exception {
// given
- sma.useExcludedClasses(new
HashSet<>(singletonList(ClassLoader.class.getName())));
+ sma.useExcludedClasses(ClassLoader.class.getName());
// when
Member method = Class.class.getMethod("getClassLoader");
@@ -648,7 +609,7 @@ public class SecurityMemberAccessTest {
@Test
public void testIllegalArgumentExceptionExpectedForTargetMemberMismatch()
throws Exception {
// given
- sma.useExcludedClasses(new
HashSet<>(singletonList(Class.class.getName())));
+ sma.useExcludedClasses(Class.class.getName());
// when
Member method = ClassLoader.class.getMethod("loadClass", String.class);
@@ -667,7 +628,7 @@ public class SecurityMemberAccessTest {
@Test
public void testAccessPrimitiveInt() throws Exception {
// given
-
sma.useExcludedPackageNames(TextParseUtil.commaDelimitedStringToSet("java.lang.,ognl,javax"));
+ sma.useExcludedPackageNames("java.lang.,ognl,javax");
String propertyName = "intField";
Member member = FooBar.class.getMethod(formGetterName(propertyName));
@@ -682,7 +643,7 @@ public class SecurityMemberAccessTest {
@Test
public void testAccessPrimitiveDoubleWithNames() throws Exception {
// given
-
sma.useExcludedPackageNames(TextParseUtil.commaDelimitedStringToSet("ognl.,javax."));
+ sma.useExcludedPackageNames("ognl.,javax.");
Set<String> excluded = new HashSet<>();
@@ -691,7 +652,7 @@ public class SecurityMemberAccessTest {
excluded.add(System.class.getName());
excluded.add(Class.class.getName());
excluded.add(ClassLoader.class.getName());
- sma.useExcludedClasses(excluded);
+ sma.useExcludedClasses(String.join(",", excluded));
String propertyName = "doubleValue";
double myDouble = 1;
@@ -735,9 +696,7 @@ public class SecurityMemberAccessTest {
@Test
public void testAccessPrimitiveDoubleWithPackageRegExs() throws Exception {
// given
- Set<Pattern> patterns = new HashSet<>();
- patterns.add(Pattern.compile("^java\\.lang\\..*"));
- sma.useExcludedPackageNamePatterns(patterns);
+ sma.useExcludedPackageNamePatterns("^java\\.lang\\..*");
String propertyName = "doubleValue";
double myDouble = 1;
@@ -753,9 +712,7 @@ public class SecurityMemberAccessTest {
@Test
public void testAccessMemberAccessIsAccessible() throws Exception {
// given
- Set<String> excluded = new HashSet<>();
- excluded.add(ognl.MemberAccess.class.getName());
- sma.useExcludedClasses(excluded);
+ sma.useExcludedClasses(MemberAccess.class.getName());
String propertyName = "excludedClasses";
String setter = "setExcludedClasses";
@@ -771,9 +728,7 @@ public class SecurityMemberAccessTest {
@Test
public void testAccessMemberAccessIsBlocked() throws Exception {
// given
- Set<String> excluded = new HashSet<>();
- excluded.add(SecurityMemberAccess.class.getName());
- sma.useExcludedClasses(excluded);
+ sma.useExcludedClasses(SecurityMemberAccess.class.getName());
String propertyName = "excludedClasses";
String setter = "setExcludedClasses";
@@ -789,7 +744,7 @@ public class SecurityMemberAccessTest {
@Test
public void testPackageNameExclusionAsCommaDelimited() {
// given
-
sma.useExcludedPackageNames(TextParseUtil.commaDelimitedStringToSet("java.lang"));
+ sma.useExcludedPackageNames("java.lang");
// when
boolean actual = sma.isPackageExcluded(String.class);
@@ -801,36 +756,36 @@ public class SecurityMemberAccessTest {
@Test
public void classInclusion() throws Exception {
- sma.useEnforceAllowlistEnabled(true);
+ sma.useEnforceAllowlistEnabled(Boolean.TRUE.toString());
TestBean2 bean = new TestBean2();
Method method = TestBean2.class.getMethod("getData");
assertFalse(sma.checkAllowlist(bean, method));
- sma.useAllowlistClasses(new
HashSet<>(singletonList(TestBean2.class.getName())));
+ sma.useAllowlistClasses(TestBean2.class.getName());
assertTrue(sma.checkAllowlist(bean, method));
}
@Test
public void packageInclusion() throws Exception {
- sma.useEnforceAllowlistEnabled(true);
+ sma.useEnforceAllowlistEnabled(Boolean.TRUE.toString());
TestBean2 bean = new TestBean2();
Method method = TestBean2.class.getMethod("getData");
assertFalse(sma.checkAllowlist(bean, method));
- sma.useAllowlistPackageNames(new
HashSet<>(singletonList(TestBean2.class.getPackage().getName())));
+ sma.useAllowlistPackageNames(TestBean2.class.getPackage().getName());
assertTrue(sma.checkAllowlist(bean, method));
}
@Test
public void classInclusion_subclass() throws Exception {
- sma.useEnforceAllowlistEnabled(true);
- sma.useAllowlistClasses(new
HashSet<>(singletonList(TestBean2.class.getName())));
+ sma.useEnforceAllowlistEnabled(Boolean.TRUE.toString());
+ sma.useAllowlistClasses(TestBean2.class.getName());
TestBean2 bean = new TestBean2();
Method method = TestBean2.class.getMethod("getName");
@@ -840,8 +795,8 @@ public class SecurityMemberAccessTest {
@Test
public void classInclusion_subclass_both() throws Exception {
- sma.useEnforceAllowlistEnabled(true);
- sma.useAllowlistClasses(new HashSet<>(asList(TestBean.class.getName(),
TestBean2.class.getName())));
+ sma.useEnforceAllowlistEnabled(Boolean.TRUE.toString());
+ sma.useAllowlistClasses(String.join(",", TestBean.class.getName(),
TestBean2.class.getName()));
TestBean2 bean = new TestBean2();
Method method = TestBean2.class.getMethod("getName");
@@ -851,8 +806,8 @@ public class SecurityMemberAccessTest {
@Test
public void packageInclusion_subclass() throws Exception {
- sma.useEnforceAllowlistEnabled(true);
- sma.useAllowlistPackageNames(new
HashSet<>(singletonList(TestBean2.class.getPackage().getName())));
+ sma.useEnforceAllowlistEnabled(Boolean.TRUE.toString());
+ sma.useAllowlistPackageNames(TestBean2.class.getPackage().getName());
TestBean2 bean = new TestBean2();
Method method = TestBean2.class.getMethod("getName");
@@ -862,8 +817,10 @@ public class SecurityMemberAccessTest {
@Test
public void packageInclusion_subclass_both() throws Exception {
- sma.useEnforceAllowlistEnabled(true);
- sma.useAllowlistPackageNames(new
HashSet<>(asList(TestBean.class.getPackage().getName(),
TestBean2.class.getPackage().getName())));
+ sma.useEnforceAllowlistEnabled(Boolean.TRUE.toString());
+ sma.useAllowlistPackageNames(String.join(",",
+ TestBean.class.getPackage().getName(),
+ TestBean2.class.getPackage().getName()));
TestBean2 bean = new TestBean2();
Method method = TestBean2.class.getMethod("getName");
diff --git
a/core/src/test/java/org/apache/struts2/util/SecurityMemberAccessInServletsTest.java
b/core/src/test/java/org/apache/struts2/util/SecurityMemberAccessInServletsTest.java
index 6fcfd9f1e..e67ef535e 100644
---
a/core/src/test/java/org/apache/struts2/util/SecurityMemberAccessInServletsTest.java
+++
b/core/src/test/java/org/apache/struts2/util/SecurityMemberAccessInServletsTest.java
@@ -25,10 +25,7 @@ import org.apache.struts2.views.jsp.ActionTag;
import javax.servlet.jsp.tagext.TagSupport;
import java.lang.reflect.Member;
import java.util.HashMap;
-import java.util.HashSet;
import java.util.Map;
-import java.util.Set;
-import java.util.regex.Pattern;
public class SecurityMemberAccessInServletsTest extends StrutsInternalTestCase
{
@@ -43,9 +40,7 @@ public class SecurityMemberAccessInServletsTest extends
StrutsInternalTestCase {
// given
SecurityMemberAccess sma = new SecurityMemberAccess(true);
- Set<Pattern> excluded = new HashSet<Pattern>();
- excluded.add(Pattern.compile("^(?!javax\\.servlet\\..+)(javax\\..+)"));
- sma.useExcludedPackageNamePatterns(excluded);
+
sma.useExcludedPackageNamePatterns("^(?!javax\\.servlet\\..+)(javax\\..+)");
String propertyName = "value";
Member member = TagSupport.class.getMethod("doStartTag");
@@ -61,9 +56,7 @@ public class SecurityMemberAccessInServletsTest extends
StrutsInternalTestCase {
// given
SecurityMemberAccess sma = new SecurityMemberAccess(true);
- Set<Pattern> excluded = new HashSet<>();
- excluded.add(Pattern.compile("^javax\\..+"));
- sma.useExcludedPackageNamePatterns(excluded);
+ sma.useExcludedPackageNamePatterns("^javax\\..+");
String propertyName = "value";
Member member = TagSupport.class.getMethod("doStartTag");
diff --git
a/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java
b/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java
index 61282f3d1..4d8046de9 100644
---
a/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java
+++
b/plugins/spring/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessProxyTest.java
@@ -46,7 +46,7 @@ public class SecurityMemberAccessProxyTest extends
XWorkTestCase {
"chaintoAOPedTestSubBeanAction", null, context);
SecurityMemberAccess sma = new SecurityMemberAccess(true);
- sma.disallowProxyMemberAccess(true);
+ sma.useDisallowProxyMemberAccess(Boolean.TRUE.toString());
Member member =
proxy.getAction().getClass().getMethod("isExposeProxy");
diff --git
a/plugins/spring/src/test/java/com/test/SecurityMemberAccessProxyTest.java
b/plugins/spring/src/test/java/com/test/SecurityMemberAccessProxyTest.java
index ef53fee70..a6ad274c3 100644
--- a/plugins/spring/src/test/java/com/test/SecurityMemberAccessProxyTest.java
+++ b/plugins/spring/src/test/java/com/test/SecurityMemberAccessProxyTest.java
@@ -18,52 +18,5 @@
*/
package com.test;
-import com.opensymphony.xwork2.ActionProxy;
-import com.opensymphony.xwork2.XWorkTestCase;
-import com.opensymphony.xwork2.config.providers.XmlConfigurationProvider;
-import com.opensymphony.xwork2.ognl.SecurityMemberAccess;
-import org.apache.struts2.config.StrutsXmlConfigurationProvider;
-
-import java.lang.reflect.Member;
-import java.util.HashMap;
-import java.util.Map;
-
-public class SecurityMemberAccessProxyTest extends XWorkTestCase {
- private Map<String, Object> context;
-
- @Override
- public void setUp() throws Exception {
- super.setUp();
-
- context = new HashMap<>();
- // Set up XWork
- XmlConfigurationProvider provider = new
StrutsXmlConfigurationProvider("com/opensymphony/xwork2/spring/actionContext-xwork.xml");
- container.inject(provider);
- loadConfigurationProviders(provider);
- }
-
- public void testProxyAccessIsBlocked() throws Exception {
- ActionProxy proxy = actionProxyFactory.createActionProxy(null,
- "chaintoAOPedTestSubBeanAction", null, context);
-
- SecurityMemberAccess sma = new SecurityMemberAccess(true);
- sma.disallowProxyMemberAccess(true);
-
- Member member =
proxy.getAction().getClass().getMethod("isExposeProxy");
-
- boolean accessible = sma.isAccessible(context, proxy.getAction(),
member, "");
- assertFalse(accessible);
- }
-
- public void testProxyAccessIsAccessible() throws Exception {
- ActionProxy proxy = actionProxyFactory.createActionProxy(null,
- "chaintoAOPedTestSubBeanAction", null, context);
-
- SecurityMemberAccess sma = new SecurityMemberAccess(true);
-
- Member member =
proxy.getAction().getClass().getMethod("isExposeProxy");
-
- boolean accessible = sma.isAccessible(context, proxy.getAction(),
member, "");
- assertTrue(accessible);
- }
+public class SecurityMemberAccessProxyTest extends
com.opensymphony.xwork2.ognl.SecurityMemberAccessProxyTest {
}
