This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch WW-5626-cleanup in repository https://gitbox.apache.org/repos/asf/struts.git
commit d1d67d66c446551eac222a9fac5584451ce00dbf Author: Lukasz Lenart <[email protected]> AuthorDate: Mon May 4 13:16:25 2026 +0200 WW-5626 make ParameterAuthorizer#resolveTarget a default method to preserve SAM Making resolveTarget abstract broke ParameterAuthorizer as a functional interface, which the existing JSON and REST plugin tests rely on for lambda-based stubs: interceptor.setParameterAuthorizer((parameterName, target, action) -> true); The default returns the action unchanged — adequate for lambda test stubs whose authorization decisions don't depend on the resolved target. The production implementation (StrutsParameterAuthorizer) overrides this with the proper ModelDriven value-stack peek. --- .../struts2/interceptor/parameter/ParameterAuthorizer.java | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/core/src/main/java/org/apache/struts2/interceptor/parameter/ParameterAuthorizer.java b/core/src/main/java/org/apache/struts2/interceptor/parameter/ParameterAuthorizer.java index 5eb54a08e..6c5848bd1 100644 --- a/core/src/main/java/org/apache/struts2/interceptor/parameter/ParameterAuthorizer.java +++ b/core/src/main/java/org/apache/struts2/interceptor/parameter/ParameterAuthorizer.java @@ -48,15 +48,21 @@ public interface ParameterAuthorizer { /** * Resolves the target object whose annotations should be checked for authorization. - * For {@link org.apache.struts2.ModelDriven} actions, this returns the model from the value stack; - * for non-ModelDriven actions, it returns the action itself. + * For {@link org.apache.struts2.ModelDriven} actions, the default implementation returns the action itself; + * the production implementation ({@link StrutsParameterAuthorizer}) overrides this to return the model from + * the value stack. * * <p>Callers that need both authorization checks AND the resolved target (e.g. for downstream OGNL allowlisting) * should call this once and reuse the result.</p> * + * <p>This is a {@code default} method to preserve the interface as a functional interface (SAM) for + * lambda-based test stubs.</p> + * * @param action the action instance * @return the resolved target — either the action or its model * @since 7.2.0 */ - Object resolveTarget(Object action); + default Object resolveTarget(Object action) { + return action; + } }
