[struts] branch master updated: Update: - Improve ExecuteAndWaitInterceptor state behaviour, added debug and trace logging. - Ensure StrutsBackgroundProcess thread done state always set on completion.
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git
The following commit(s) were added to refs/heads/master by this push:
new dd01a47dd Update: - Improve ExecuteAndWaitInterceptor state behaviour,
added debug and trace logging. - Ensure StrutsBackgroundProcess thread done
state always set on completion. - Fix SessionMap processing issue caused by
divergence of method signatures, which can result in the ancestor methods
getting called (bypassing actual session processing). - Update SessionMapTest
to correspond to changes, add tests to try and detect some (put/remove) method
signature behaviour changes.
new c92f54218 Merge pull request #688 from
JCgH4164838Gh792C124B5/localS2_62_ExecWaitCleanup
dd01a47dd is described below
commit dd01a47ddb61fce51b5ef1015a1ec4c2db33da89
Author: JCgH4164838Gh792C124B5
<43964333+jcgh4164838gh792c12...@users.noreply.github.com>
AuthorDate: Sat May 20 18:05:04 2023 -0400
Update:
- Improve ExecuteAndWaitInterceptor state behaviour, added debug and trace
logging.
- Ensure StrutsBackgroundProcess thread done state always set on
completion.
- Fix SessionMap processing issue caused by divergence of method
signatures, which can result in the ancestor methods getting called
(bypassing actual session processing).
- Update SessionMapTest to correspond to changes, add tests to try and
detect some (put/remove) method signature behaviour changes.
---
.../org/apache/struts2/dispatcher/SessionMap.java | 36 ---
.../interceptor/ExecuteAndWaitInterceptor.java | 53 +++
.../interceptor/exec/StrutsBackgroundProcess.java | 8 +-
.../apache/struts2/dispatcher/SessionMapTest.java | 106 +
4 files changed, 147 insertions(+), 56 deletions(-)
diff --git a/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java
b/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java
index dac8404ea..8fe5777ea 100644
--- a/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java
+++ b/core/src/main/java/org/apache/struts2/dispatcher/SessionMap.java
@@ -42,7 +42,7 @@ public class SessionMap extends AbstractMap
implements Serializa
/**
- * Creates a new session map given a http servlet request. Note, ths
enumeration of request
+ * Creates a new session map given a http servlet request. Note, the
enumeration of request
* attributes will occur when the map entries are asked for.
*
* @param request the http servlet request object.
@@ -82,7 +82,7 @@ public class SessionMap extends AbstractMap
implements Serializa
synchronized (session.getId().intern()) {
entries = null;
-Enumeration attributeNamesEnum =
session.getAttributeNames();
+final Enumeration attributeNamesEnum =
session.getAttributeNames();
while (attributeNamesEnum.hasMoreElements()) {
session.removeAttribute(attributeNamesEnum.nextElement());
}
@@ -105,7 +105,7 @@ public class SessionMap extends AbstractMap
implements Serializa
if (entries == null) {
entries = new HashSet<>();
-Enumeration enumeration = session.getAttributeNames();
+final Enumeration enumeration =
session.getAttributeNames();
while (enumeration.hasMoreElements()) {
final String key = enumeration.nextElement();
@@ -127,17 +127,21 @@ public class SessionMap extends AbstractMap implements Serializa
/**
* Returns the session attribute associated with the given key or
null if it doesn't exist.
+ *
+ * Note: Must use the same signature as {@link
java.util.AbstractMap#get(java.lang.Object)} to ensure the
+ * expected specialized behaviour is performed here (and not the generic
ancestor behaviour).
*
* @param key the name of the session attribute.
* @return the session attribute or null if it doesn't exist.
*/
-public Object get(final String key) {
+@Override
+public Object get(final Object key) {
if (session == null) {
return null;
}
synchronized (session.getId().intern()) {
-return session.getAttribute(key);
+return session.getAttribute(key != null ? key.toString() : null);
}
}
@@ -156,7 +160,7 @@ public class SessionMap extends AbstractMap
implements Serializa
}
}
synchronized (session.getId().intern()) {
-Object oldValue = get(key);
+final Object oldValue = get(key);
entries = null;
session.setAttribute(key, value);
return oldValue;
@@ -166,10 +170,14 @@ public class SessionMap extends AbstractMap implements Serializa
/**
* Removes the specified session attribute.
[struts] branch WW-5310-equal-sign deleted (was b97339e31)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch WW-5310-equal-sign in repository https://gitbox.apache.org/repos/asf/struts.git was b97339e31 WW-5310 Properly parses param value with equal sign The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
[struts] branch master updated (c92f54218 -> 6d0a4bb0c)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts.git from c92f54218 Merge pull request #688 from JCgH4164838Gh792C124B5/localS2_62_ExecWaitCleanup add b97339e31 WW-5310 Properly parses param value with equal sign new 6d0a4bb0c Merge pull request #689 from apache/WW-5310-equal-sign The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: .../struts2/url/StrutsQueryStringParser.java | 19 +++ .../struts2/url/StrutsQueryStringParserTest.java | 27 ++ 2 files changed, 35 insertions(+), 11 deletions(-)
[struts] 01/01: Merge pull request #689 from apache/WW-5310-equal-sign
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts.git commit 6d0a4bb0c66f8314ecbd5441ec6f68ed5a7df4ca Merge: c92f54218 b97339e31 Author: Lukasz Lenart AuthorDate: Sun May 28 09:12:56 2023 +0200 Merge pull request #689 from apache/WW-5310-equal-sign [WW-5310] Properly parses param value with equal sign .../struts2/url/StrutsQueryStringParser.java | 19 +++ .../struts2/url/StrutsQueryStringParserTest.java | 27 ++ 2 files changed, 35 insertions(+), 11 deletions(-)
[struts-site] branch WW-5307-ognl deleted (was d54ebb727)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch WW-5307-ognl in repository https://gitbox.apache.org/repos/asf/struts-site.git was d54ebb727 WW-5307 Cleans up OGNL related pages The revisions that were on this branch are still contained in other references; therefore, this change does not discard any commits from the repository.
[struts-site] 01/01: Merge pull request #194 from apache/WW-5307-ognl
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git commit df8ceaf912f864f7d851d4b71b6ed8926f953cb9 Merge: 53d85eb28 d54ebb727 Author: Lukasz Lenart AuthorDate: Sun May 28 09:14:02 2023 +0200 Merge pull request #194 from apache/WW-5307-ognl [WW-5307] Cleans up OGNL related pages source/tag-developers/ognl-basics.md | 101 --- source/tag-developers/ognl.md| 76 +++--- 2 files changed, 64 insertions(+), 113 deletions(-)
[struts-site] branch master updated (53d85eb28 -> df8ceaf91)
This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a change to branch master in repository https://gitbox.apache.org/repos/asf/struts-site.git from 53d85eb28 Merge pull request #195 from atlassian-forks/WW-5301-deferred-docs add d54ebb727 WW-5307 Cleans up OGNL related pages new df8ceaf91 Merge pull request #194 from apache/WW-5307-ognl The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "add" were already present in the repository and have only been added to this reference. Summary of changes: source/tag-developers/ognl-basics.md | 101 --- source/tag-developers/ognl.md| 76 +++--- 2 files changed, 64 insertions(+), 113 deletions(-)
[struts-site] branch asf-site updated: Automatic Site Publish by Buildbot
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-site in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-site by this push: new ba0d75a9b Automatic Site Publish by Buildbot ba0d75a9b is described below commit ba0d75a9bb466ba2388543987f65f045997e3d41 Author: buildbot AuthorDate: Sun May 28 07:14:38 2023 + Automatic Site Publish by Buildbot --- output/tag-developers/ognl-basics.html | 98 +++--- output/tag-developers/ognl.html| 76 +++--- 2 files changed, 51 insertions(+), 123 deletions(-) diff --git a/output/tag-developers/ognl-basics.html b/output/tag-developers/ognl-basics.html index 9bd857119..4377ccd05 100644 --- a/output/tag-developers/ognl-basics.html +++ b/output/tag-developers/ognl-basics.html @@ -136,7 +136,6 @@ Struts-specific language features Accessing static properties - Differences from the WebWork 1.x EL Struts 2 Named Objects @@ -144,11 +143,11 @@ Struts-specific language features -The biggest addition that Struts provides on top of OGNL is the support for the ValueStack. While OGNL operates under +The biggest addition that Struts provides on top of OGNL is the support for the ValueStack. While OGNL operates under the assumption there is only one “root”, Struts’s ValueStack concept requires there be many “roots”. -For example, suppose we are using standard OGNL (not using Struts) and there are two objects in the OgnlContext map: -“foo” -> foo and “bar” -> bar and that the foo object is also configured to be the single root object. +For example, suppose we are using standard OGNL (not using Struts) and there are two objects in the OgnlContext map: +“foo” -> foo and “bar” -> bar and that the foo object is also configured to be the single root object. The following code illustrates how OGNL deals with these three situations: #foo.blah // returns foo.getBlah() @@ -156,34 +155,34 @@ The following code illustrates how OGNL deals with these three situations: blah // returns foo.getBlah() because foo is the root -What this means is that OGNL allows many objects in the context, but unless the object you are trying to access is the root, -it must be prepended with a namespaces such as @bar. Now let’s talk about how Struts is a little different… +What this means is that OGNL allows many objects in the context, but unless the object you are trying to access is the +root, it must be prepended with a namespaces such as @bar. Now let’s talk about how Struts is a little different… - In Struts, the entire ValueStack is the root object in the context. Rather than having your expressions get the object -you want from the stack and then get properties from that (ie: peek().blah), Struts has a special OGNL PropertyAccessor -that will automatically look at the all entries in the stack (from the top down) until it finds an object with the property -you are looking for. + In Struts, the entire ValueStack is the root object in the context. Rather than having your expressions get the object +you want from the stack and then get properties from that (ie: peek().blah), Struts has a special OGNL +PropertyAccessor that will automatically look at the all entries in the stack (from the top down) until it finds +an object with the property you are looking for. -For example, suppose the stack contains two objects: Animal and Person. Both objects have a “name” property, Animal has -a “species” property, and Person has a “salary” property. Animal is on the top of the stack, and Person is below it. -The follow code fragments help you get an idea of what is going on here: +For example, suppose the stack contains two objects: Animal and Person. Both objects have a name property, +Animal has a species property, and Person has a salary property. Animal is on the top of the stack, +and Person is below it. The follow code fragments help you get an idea of what is going on here: species// call to animal.getSpecies() salary // call to person.getSalary() name // call to animal.getName() because animal is on the top -In the last example, there was a tie and so the animal’s name was returned. Usually this is the desired effect, but -sometimes you want the property of a lower-level object. To do this, XWork has added support for indexes on the ValueStack. -All you have to do is: +In the last example, there was a tie and so the animal’s name was returned. Usually this is the desired effect, but +sometimes you want the property of a lower-level object. To do this, XWork has added support for indexes on the +ValueStack. All you have to do is: [0].name // call to animal.getName() [1].name // call to person.getName() -With expression like [0] ... [3] etc. Struts will cut the stack and still
[struts-site] branch asf-staging updated: Updates stage by Jenkins
This is an automated email from the ASF dual-hosted git repository. git-site-role pushed a commit to branch asf-staging in repository https://gitbox.apache.org/repos/asf/struts-site.git The following commit(s) were added to refs/heads/asf-staging by this push: new a385ef296 Updates stage by Jenkins a385ef296 is described below commit a385ef2968b950d64786fc97f65b416439d1f2c7 Author: jenkins AuthorDate: Sun May 28 07:16:07 2023 + Updates stage by Jenkins
[struts] branch master updated: Update: - Add a few additional tests to SecurityMemberAccessTest. - Rename some existing tests involving non-static methods to more accurately reflect that. - Add one m
This is an automated email from the ASF dual-hosted git repository.
lukaszlenart pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/struts.git
The following commit(s) were added to refs/heads/master by this push:
new 269a10274 Update: - Add a few additional tests to
SecurityMemberAccessTest. - Rename some existing tests involving non-static
methods to more accurately reflect that. - Add one minor optimization to
SecurityMemberAccess.
new 3ef77471d Merge pull request #690 from
JCgH4164838Gh792C124B5/localS2_62_SecurityMemberTestUpdate1
269a10274 is described below
commit 269a1027495c2b425e87946cf768e7f8a5784d9a
Author: JCgH4164838Gh792C124B5
<43964333+jcgh4164838gh792c12...@users.noreply.github.com>
AuthorDate: Sun May 28 19:43:47 2023 -0400
Update:
- Add a few additional tests to SecurityMemberAccessTest.
- Rename some existing tests involving non-static methods to more
accurately reflect that.
- Add one minor optimization to SecurityMemberAccess.
---
.../xwork2/ognl/SecurityMemberAccess.java | 3 +-
.../xwork2/ognl/SecurityMemberAccessTest.java | 167 -
2 files changed, 164 insertions(+), 6 deletions(-)
diff --git
a/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
b/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index 384d6cf24..c21b5b089 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -129,7 +129,8 @@ public class SecurityMemberAccess implements MemberAccess {
return false;
}
-if (isClassExcluded(targetClass)) {
+if (targetClass != memberClass && isClassExcluded(targetClass)) {
+// Optimization: Already checked memberClass exclusion, so
if-and-only-if targetClass == memberClass, this check is redundant.
LOG.warn("Target class [{}] of target [{}] is excluded!",
targetClass, target);
return false;
}
diff --git
a/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
b/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
index e0f4ed183..acf4bbc80 100644
---
a/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
+++
b/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
@@ -29,11 +29,13 @@ import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
+import java.util.Objects;
import java.util.Set;
import java.util.regex.Pattern;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
public class SecurityMemberAccessTest {
@@ -383,8 +385,9 @@ public class SecurityMemberAccessTest {
}
@Test
-public void testBlockedStaticFieldWhenFlagIsFalse() throws Exception {
+public void testBlockedStaticFieldWhenFlagIsTrue() throws Exception {
// given
+assignNewSma(true);
sma.setExcludedClasses(new
HashSet<>(Collections.singletonList(Class.class)));
// when
@@ -479,6 +482,104 @@ public class SecurityMemberAccessTest {
assertFalse("Access to private final static field is allowed?",
actual);
}
+@Test
+public void testBlockedStaticFieldWhenFlagIsFalse() throws Exception {
+// given
+assignNewSma(false);
+sma.setExcludedClasses(new
HashSet<>(Collections.singletonList(Class.class)));
+
+// when
+Member method = StaticTester.class.getField("MAX_VALUE");
+boolean actual = sma.isAccessible(context, null, method, null);
+
+// then
+assertFalse("Access to public static field is allowed when flag
false?", actual);
+
+// public static final test
+// given
+assignNewSma(false);
+sma.setExcludedClasses(new
HashSet<>(Collections.singletonList(Class.class)));
+
+// when
+method = StaticTester.class.getField("MIN_VALUE");
+actual = sma.isAccessible(context, null, method, null);
+
+// then
+assertFalse("Access to public final static field is allowed when flag
is false?", actual);
+
+// package static test
+// given
+assignNewSma(false);
+sma.setExcludedClasses(new
HashSet<>(Collections.singletonList(Class.class)));
+
+// when
+method = StaticTester.getFieldByName("PACKAGE_STRING");
+actual = sma.isAccessible(context, null, method, null);
+
+// then
+assertFalse("Access to package static field is allowed?", actual);
+
+// package final static test
+// given
+assignNewSma(false);
+sma.setExcludedClasses(new
HashSet<>(Collections.singletonList(Class.class)));
+
+// when
+method = StaticTester.getFieldByName("FI
