[struts-examples] branch dependabot/github_actions/actions/cache-3.0.11 created (now f3ec842)

[github-bot]

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a change to branch 
dependabot/github_actions/actions/cache-3.0.11
in repository https://gitbox.apache.org/repos/asf/struts-examples.git


  at f3ec842  Bump actions/cache from 3.0.10 to 3.0.11

No new revisions were added by this update.

[struts-examples] branch master updated (47c2d8d -> 198caaa)

[github-bot]

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git


from 47c2d8d  Merge pull request #189 from 
apache/dependabot/github_actions/actions/checkout-3.1.0
 add f3ec842  Bump actions/cache from 3.0.10 to 3.0.11
 new 198caaa  Merge pull request #191 from 
apache/dependabot/github_actions/actions/cache-3.0.11

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .github/workflows/maven.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

[struts-examples] 01/01: Merge pull request #191 from apache/dependabot/github_actions/actions/cache-3.0.11

[github-bot]

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git

commit 198caaafe9dacc9a05332e9f5e42a2a1e8c97150
Merge: 47c2d8d f3ec842
Author: github-actions[bot] 
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Mon Oct 17 01:17:57 2022 +

Merge pull request #191 from 
apache/dependabot/github_actions/actions/cache-3.0.11

Bump actions/cache from 3.0.10 to 3.0.11

 .github/workflows/maven.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

[struts] branch master updated (50842e8d1 -> 3d7f66f42)

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git


from 50842e8d1 WW-5242 Marks constant definition as deprecated
 add 2cb0d2896 WW-5244 Upgrades commons-text to version 1.10.0
 new 3d7f66f42 Merge pull request #614 from apache/WW-5244-commons-text

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

[struts] 01/01: Merge pull request #614 from apache/WW-5244-commons-text

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 3d7f66f4281663347468d8eae453fa47815b9838
Merge: 50842e8d1 2cb0d2896
Author: Lukasz Lenart 
AuthorDate: Mon Oct 17 08:14:16 2022 +0200

Merge pull request #614 from apache/WW-5244-commons-text

[WW-5244] Upgrades commons-text to version 1.10.0

 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

[struts] branch WW-2815-xstream created (now bb7161029)

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch WW-2815-xstream
in repository https://gitbox.apache.org/repos/asf/struts.git


  at bb7161029 WW-2815 Refactors XStreamHandler to allow to provide a 
custom configuration

This branch includes the following new commits:

 new bb7161029 WW-2815 Refactors XStreamHandler to allow to provide a 
custom configuration

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[struts] 01/01: WW-2815 Refactors XStreamHandler to allow to provide a custom configuration

[lukaszlenart]

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch WW-2815-xstream
in repository https://gitbox.apache.org/repos/asf/struts.git

commit bb7161029669b6d2055ac42ff17de315ef1272f0
Author: Lukasz Lenart 
AuthorDate: Mon Oct 17 08:54:03 2022 +0200

WW-2815 Refactors XStreamHandler to allow to provide a custom configuration
---
 .../struts2/rest/handler/XStreamHandler.java   |  33 +++--
 .../XStreamAllowedClassNames.java} |   4 +-
 .../XStreamAllowedClasses.java}|   4 +-
 .../{ => xstream}/XStreamPermissionProvider.java   |   2 +-
 .../XStreamProvider.java}  |  12 +-
 .../struts2/rest/handler/XStreamHandlerTest.java   | 160 +
 6 files changed, 195 insertions(+), 20 deletions(-)

diff --git 
a/plugins/rest/src/main/java/org/apache/struts2/rest/handler/XStreamHandler.java
 
b/plugins/rest/src/main/java/org/apache/struts2/rest/handler/XStreamHandler.java
index 22e597561..d3534e32b 100644
--- 
a/plugins/rest/src/main/java/org/apache/struts2/rest/handler/XStreamHandler.java
+++ 
b/plugins/rest/src/main/java/org/apache/struts2/rest/handler/XStreamHandler.java
@@ -21,6 +21,7 @@ package org.apache.struts2.rest.handler;
 import com.opensymphony.xwork2.ActionInvocation;
 import com.opensymphony.xwork2.ModelDriven;
 import com.thoughtworks.xstream.XStream;
+import com.thoughtworks.xstream.io.xml.StaxDriver;
 import com.thoughtworks.xstream.security.ArrayTypePermission;
 import com.thoughtworks.xstream.security.ExplicitTypePermission;
 import com.thoughtworks.xstream.security.NoTypePermission;
@@ -29,12 +30,15 @@ import 
com.thoughtworks.xstream.security.PrimitiveTypePermission;
 import com.thoughtworks.xstream.security.TypePermission;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.apache.struts2.rest.handler.xstream.XStreamAllowedClassNames;
+import org.apache.struts2.rest.handler.xstream.XStreamAllowedClasses;
+import org.apache.struts2.rest.handler.xstream.XStreamPermissionProvider;
+import org.apache.struts2.rest.handler.xstream.XStreamProvider;
 
 import java.io.IOException;
 import java.io.Reader;
 import java.io.Writer;
 import java.util.Collection;
-import java.util.Date;
 import java.util.Map;
 import java.util.Set;
 
@@ -68,7 +72,15 @@ public class XStreamHandler extends 
AbstractContentTypeHandler {
 }
 
 protected XStream createXStream(ActionInvocation invocation) {
-XStream stream = new XStream();
+XStream stream;
+if (invocation.getAction() instanceof XStreamProvider) {
+LOG.debug("Using provider {} to create instance of XStream", 
invocation.getAction().getClass().getSimpleName());
+stream = ((XStreamProvider) 
invocation.getAction()).createXStream();
+} else {
+LOG.debug("Creating default XStream instance using Stax driver: 
{}", StaxDriver.class.getSimpleName());
+stream = new XStream(new StaxDriver());
+}
+
 LOG.debug("Clears existing permissions");
 stream.addPermission(NoTypePermission.NONE);
 
@@ -82,13 +94,13 @@ public class XStreamHandler extends 
AbstractContentTypeHandler {
 
 private void addPerActionPermission(ActionInvocation invocation, XStream 
stream) {
 Object action = invocation.getAction();
-if (action instanceof AllowedClasses) {
-Set> allowedClasses = ((AllowedClasses) 
action).allowedClasses();
-stream.addPermission(new 
ExplicitTypePermission(allowedClasses.toArray(new 
Class[allowedClasses.size()])));
+if (action instanceof XStreamAllowedClasses) {
+Set> allowedClasses = ((XStreamAllowedClasses) 
action).allowedClasses();
+stream.addPermission(new 
ExplicitTypePermission(allowedClasses.toArray(new Class[0])));
 }
-if (action instanceof AllowedClassNames) {
-Set allowedClassNames = ((AllowedClassNames) 
action).allowedClassNames();
-stream.addPermission(new 
ExplicitTypePermission(allowedClassNames.toArray(new 
String[allowedClassNames.size()])));
+if (action instanceof XStreamAllowedClassNames) {
+Set allowedClassNames = ((XStreamAllowedClassNames) 
action).allowedClassNames();
+stream.addPermission(new 
ExplicitTypePermission(allowedClassNames.toArray(new String[0])));
 }
 if (action instanceof XStreamPermissionProvider) {
 Collection permissions = 
((XStreamPermissionProvider) action).getTypePermissions();
@@ -101,13 +113,12 @@ public class XStreamHandler extends 
AbstractContentTypeHandler {
 protected void addDefaultPermissions(ActionInvocation invocation, XStream 
stream) {
 stream.addPermission(new ExplicitTypePermission(new 
Class[]{invocation.getAction().getClass()}));
 if (invocation.getAction() instanceof ModelDriven) {
-stream.addPermission(new ExplicitTypePermission(n