date:20230212

[struts] branch WW-5275-custom-csp created (now 6d6a5a142)

2023-02-12 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch WW-5275-custom-csp
in repository https://gitbox.apache.org/repos/asf/struts.git


  at 6d6a5a142 WW-5275 Allows to provide a custom CspSettings per action

This branch includes the following new commits:

 new 6d6a5a142 WW-5275 Allows to provide a custom CspSettings per action

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[struts] 01/01: WW-5275 Allows to provide a custom CspSettings per action

2023-02-12 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch WW-5275-custom-csp
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 6d6a5a14255982812f5f6cc645b1430f7cd512c4
Author: Lukasz Lenart 
AuthorDate: Sun Feb 12 16:37:10 2023 +0100

WW-5275 Allows to provide a custom CspSettings per action
---
 .../apache/struts2/action/CspSettingsAware.java| 15 ++
 .../struts2/interceptor/csp/CspInterceptor.java| 45 +-
 .../struts2/interceptor/csp/CspSettings.java   |  8 +++-
 .../interceptor/csp/DefaultCspSettings.java|  8 
 .../struts2/interceptor/CspInterceptorTest.java| 54 ++
 5 files changed, 98 insertions(+), 32 deletions(-)

diff --git a/core/src/main/java/org/apache/struts2/action/CspSettingsAware.java 
b/core/src/main/java/org/apache/struts2/action/CspSettingsAware.java
new file mode 100644
index 0..94c07edcc
--- /dev/null
+++ b/core/src/main/java/org/apache/struts2/action/CspSettingsAware.java
@@ -0,0 +1,15 @@
+package org.apache.struts2.action;
+
+import org.apache.struts2.interceptor.csp.CspSettings;
+
+/**
+ * Implement this interface by an action to provide a custom {@link 
CspSettings},
+ * see {@link org.apache.struts2.interceptor.csp.CspInterceptor} for more 
details
+ *
+ * @since Struts 6.2.0
+ */
+public interface CspSettingsAware {
+
+CspSettings getCspSettings();
+
+}
diff --git 
a/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java 
b/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
index 5bae4f543..8e4356646 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
@@ -20,7 +20,9 @@ package org.apache.struts2.interceptor.csp;
 
 import com.opensymphony.xwork2.ActionInvocation;
 import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
-import com.opensymphony.xwork2.interceptor.PreResultListener;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.struts2.action.CspSettingsAware;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -37,20 +39,43 @@ import java.util.Optional;
  * @see CspSettings
  * @see DefaultCspSettings
  **/
-public final class CspInterceptor extends AbstractInterceptor implements 
PreResultListener {
+public final class CspInterceptor extends AbstractInterceptor {
 
-private final CspSettings settings = new DefaultCspSettings();
+private static final Logger LOG = 
LogManager.getLogger(CspInterceptor.class);
+
+private Boolean enforcingMode;
+private String reportUri;
 
 @Override
 public String intercept(ActionInvocation invocation) throws Exception {
-invocation.addPreResultListener(this);
+Object action = invocation.getAction();
+if (action instanceof CspSettingsAware) {
+LOG.trace("Using CspSettings provided by the action: {}", action);
+applySettings(invocation, ((CspSettingsAware) 
action).getCspSettings());
+} else {
+LOG.trace("Using DefaultCspSettings with action: {}", action);
+applySettings(invocation, new DefaultCspSettings());
+}
 return invocation.invoke();
 }
 
-public void beforeResult(ActionInvocation invocation, String resultCode) {
+private void applySettings(ActionInvocation invocation, CspSettings 
cspSettings) {
+if (enforcingMode != null) {
+LOG.trace("Applying: {} to enforcingMode", enforcingMode);
+cspSettings.setEnforcingMode(enforcingMode);
+}
+if (reportUri != null) {
+LOG.trace("Applying: {} to reportUri", reportUri);
+cspSettings.setReportUri(reportUri);
+}
+
 HttpServletRequest request = 
invocation.getInvocationContext().getServletRequest();
 HttpServletResponse response = 
invocation.getInvocationContext().getServletResponse();
-settings.addCspHeaders(request, response);
+
+invocation.addPreResultListener((actionInvocation, resultCode) -> {
+LOG.trace("Applying CSP header: {} to the request", cspSettings);
+cspSettings.addCspHeaders(request, response);
+});
 }
 
 public void setReportUri(String reportUri) {
@@ -63,21 +88,19 @@ public final class CspInterceptor extends 
AbstractInterceptor implements PreResu
 throw new IllegalArgumentException("Illegal configuration: report 
URI is not relative to the root. Please set a report URI that starts with /");
 }
 
-settings.setReportUri(reportUri);
+this.reportUri = reportUri;
 }
 
 private Optional buildUri(String reportUri) {
 try {
 return Optional.of(URI.create(reportUri));
 } catch (IllegalArgumentException ignored) {
+return Op

[struts] branch WW-5275-custom-csp updated (6d6a5a142 -> 68a401aac)

2023-02-12 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a change to branch WW-5275-custom-csp
in repository https://gitbox.apache.org/repos/asf/struts.git


 discard 6d6a5a142 WW-5275 Allows to provide a custom CspSettings per action
 new 68a401aac WW-5275 Allows to provide a custom CspSettings per action

This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version.  This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:

 * -- * -- B -- O -- O -- O   (6d6a5a142)
\
 N -- N -- N   refs/heads/WW-5275-custom-csp (68a401aac)

You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.

Any revisions marked "omit" are not gone; other references still
refer to them.  Any revisions marked "discard" are gone forever.

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .../org/apache/struts2/action/CspSettingsAware.java| 18 ++
 1 file changed, 18 insertions(+)

[struts] 01/01: WW-5275 Allows to provide a custom CspSettings per action

2023-02-12 Thread lukaszlenart

This is an automated email from the ASF dual-hosted git repository.

lukaszlenart pushed a commit to branch WW-5275-custom-csp
in repository https://gitbox.apache.org/repos/asf/struts.git

commit 68a401aacfbde7ab0210cbc2503b466e08ab6264
Author: Lukasz Lenart 
AuthorDate: Sun Feb 12 16:37:10 2023 +0100

WW-5275 Allows to provide a custom CspSettings per action
---
 .../apache/struts2/action/CspSettingsAware.java| 33 +
 .../struts2/interceptor/csp/CspInterceptor.java| 45 +-
 .../struts2/interceptor/csp/CspSettings.java   |  8 +++-
 .../interceptor/csp/DefaultCspSettings.java|  8 
 .../struts2/interceptor/CspInterceptorTest.java| 54 ++
 5 files changed, 116 insertions(+), 32 deletions(-)

diff --git a/core/src/main/java/org/apache/struts2/action/CspSettingsAware.java 
b/core/src/main/java/org/apache/struts2/action/CspSettingsAware.java
new file mode 100644
index 0..458a7c7f3
--- /dev/null
+++ b/core/src/main/java/org/apache/struts2/action/CspSettingsAware.java
@@ -0,0 +1,33 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.struts2.action;
+
+import org.apache.struts2.interceptor.csp.CspSettings;
+
+/**
+ * Implement this interface by an action to provide a custom {@link 
CspSettings},
+ * see {@link org.apache.struts2.interceptor.csp.CspInterceptor} for more 
details
+ *
+ * @since Struts 6.2.0
+ */
+public interface CspSettingsAware {
+
+CspSettings getCspSettings();
+
+}
diff --git 
a/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java 
b/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
index 5bae4f543..8e4356646 100644
--- a/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
+++ b/core/src/main/java/org/apache/struts2/interceptor/csp/CspInterceptor.java
@@ -20,7 +20,9 @@ package org.apache.struts2.interceptor.csp;
 
 import com.opensymphony.xwork2.ActionInvocation;
 import com.opensymphony.xwork2.interceptor.AbstractInterceptor;
-import com.opensymphony.xwork2.interceptor.PreResultListener;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+import org.apache.struts2.action.CspSettingsAware;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -37,20 +39,43 @@ import java.util.Optional;
  * @see CspSettings
  * @see DefaultCspSettings
  **/
-public final class CspInterceptor extends AbstractInterceptor implements 
PreResultListener {
+public final class CspInterceptor extends AbstractInterceptor {
 
-private final CspSettings settings = new DefaultCspSettings();
+private static final Logger LOG = 
LogManager.getLogger(CspInterceptor.class);
+
+private Boolean enforcingMode;
+private String reportUri;
 
 @Override
 public String intercept(ActionInvocation invocation) throws Exception {
-invocation.addPreResultListener(this);
+Object action = invocation.getAction();
+if (action instanceof CspSettingsAware) {
+LOG.trace("Using CspSettings provided by the action: {}", action);
+applySettings(invocation, ((CspSettingsAware) 
action).getCspSettings());
+} else {
+LOG.trace("Using DefaultCspSettings with action: {}", action);
+applySettings(invocation, new DefaultCspSettings());
+}
 return invocation.invoke();
 }
 
-public void beforeResult(ActionInvocation invocation, String resultCode) {
+private void applySettings(ActionInvocation invocation, CspSettings 
cspSettings) {
+if (enforcingMode != null) {
+LOG.trace("Applying: {} to enforcingMode", enforcingMode);
+cspSettings.setEnforcingMode(enforcingMode);
+}
+if (reportUri != null) {
+LOG.trace("Applying: {} to reportUri", reportUri);
+cspSettings.setReportUri(reportUri);
+}
+
 HttpServletRequest request = 
invocation.getInvocationContext().getServletRequest();
 HttpServletResponse response = 
invocation.getInvocationContext().getServletResponse();
-settings.addCspHeaders(request, response);
+
+invoca

[struts-examples] branch dependabot/github_actions/actions/cache-3.2.5 created (now 9565781)

2023-02-12 Thread github-bot

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a change to branch 
dependabot/github_actions/actions/cache-3.2.5
in repository https://gitbox.apache.org/repos/asf/struts-examples.git


  at 9565781  Bump actions/cache from 3.2.4 to 3.2.5

No new revisions were added by this update.

[struts-examples] branch master updated (4a13c7d -> d5bb817)

2023-02-12 Thread github-bot

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a change to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git


from 4a13c7d  Merge pull request #213 from 
apache/dependabot/github_actions/actions/cache-3.2.4
 add 9565781  Bump actions/cache from 3.2.4 to 3.2.5
 new d5bb817  Merge pull request #214 from 
apache/dependabot/github_actions/actions/cache-3.2.5

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 .github/workflows/maven.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

[struts-examples] 01/01: Merge pull request #214 from apache/dependabot/github_actions/actions/cache-3.2.5

2023-02-12 Thread github-bot

This is an automated email from the ASF dual-hosted git repository.

github-bot pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts-examples.git

commit d5bb8174f68d1edeab8fb3e0ee60023fdfcc119b
Merge: 4a13c7d 9565781
Author: github-actions[bot] 
<41898282+github-actions[bot]@users.noreply.github.com>
AuthorDate: Mon Feb 13 02:11:54 2023 +

Merge pull request #214 from 
apache/dependabot/github_actions/actions/cache-3.2.5

Bump actions/cache from 3.2.4 to 3.2.5

 .github/workflows/maven.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

[struts] branch WW-5275-custom-csp created (now 6d6a5a142)

[struts] 01/01: WW-5275 Allows to provide a custom CspSettings per action

[struts] branch WW-5275-custom-csp updated (6d6a5a142 -> 68a401aac)

[struts] 01/01: WW-5275 Allows to provide a custom CspSettings per action

[struts-examples] branch dependabot/github_actions/actions/cache-3.2.5 created (now 9565781)

[struts-examples] branch master updated (4a13c7d -> d5bb817)

[struts-examples] 01/01: Merge pull request #214 from apache/dependabot/github_actions/actions/cache-3.2.5

7 matches

Site Navigation

Mail list logo

Footer information