Author: musachy
Date: Sun Nov 8 08:18:59 2009
New Revision: 833846
URL:
http://svn.apache.org/viewvc?rev=833846&view=revLog:
add test, prevent method evaluation, organize classes
Added:
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AbstractELResolver.java
- copied, changed from r833776, struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AbstractResolver.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/MethodInvocationGuardELResolver.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/ValueStackContextReferenceELResolver.java
- copied, changed from r833776, struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/ValueStackContextResolver.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkValueStackContext.java
- copied, changed from r833776, struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AccessorsContextKey.java
struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/VulnerabilityTest.java
struts/sandbox/trunk/struts2-uel-plugin/src/test/resources/struts.xml
Removed:
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AbstractResolver.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AccessorsContextKey.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/ValueStackContextResolver.java
Modified:
struts/sandbox/trunk/struts2-uel-plugin/pom.xml
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/BuiltinFunctionMapper.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/CompoundRootELContext.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/JUELExtensionBuilder.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/UELServletContextListener.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/UELValueStack.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/CompoundRootELResolver.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkArrayELResolver.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkBeanELResolver.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkListELResolver.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkMapELResolver.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/ClassCacheInspector.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/DefaultMemberAccess.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/Entry.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/MemberAccess.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/ObjectIndexedPropertyDescriptor.java
struts/sandbox/trunk/struts2-uel-plugin/src/main/resources/struts-plugin.xml
struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/AbstractUELTest.java
struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/BuiltinFunctionsTest.java
struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/TestAction.java
struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/TestObject.java
struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELMethodInvocationTest.java
struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELStackReadValueTest.java
struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELStackSetValueTest.java
struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELValueStackOtherTests.java
Modified: struts/sandbox/trunk/struts2-uel-plugin/pom.xml
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/pom.xml?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/pom.xml (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/pom.xml Sun Nov 8 08:18:59 2009
@@ -1,5 +1,4 @@
-<project xmlns="
http://maven.apache.org/POM/4.0.0" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="
http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+<project xmlns="
http://maven.apache.org/POM/4.0.0" xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="
http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.apache.struts</groupId>
@@ -56,6 +55,12 @@
</exclusions>
</dependency>
<dependency>
+ <groupId>org.apache.struts</groupId>
+ <artifactId>struts2-junit-plugin</artifactId>
+ <version>2.2.0-SNAPSHOT</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${struts2.springPlatformVersion}</version>
@@ -85,10 +90,10 @@
<scope>test</scope>
</dependency>
<dependency>
- <groupId>org.mortbay.jetty</groupId>
- <artifactId>jsp-2.1</artifactId>
- <version>6.1.3</version>
- <scope>provided</scope>
+ <groupId>org.easymock</groupId>
+ <artifactId>easymock</artifactId>
+ <version>2.4</version>
+ <scope>test</scope>
</dependency>
<dependency>
<groupId>commons-beanutils</groupId>
@@ -111,5 +116,11 @@
</exclusion>
</exclusions>
</dependency>
+ <dependency>
+ <groupId>javax.servlet</groupId>
+ <artifactId>jsp-api</artifactId>
+ <version>2.0</version>
+ <scope>test</scope>
+ </dependency>
</dependencies>
</project>
\ No newline at end of file
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/BuiltinFunctionMapper.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/BuiltinFunctionMapper.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/BuiltinFunctionMapper.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/BuiltinFunctionMapper.java Sun Nov 8 08:18:59 2009
@@ -1,18 +1,16 @@
package org.apache.struts2.uelplugin;
import com.opensymphony.xwork2.ActionContext;
-import com.opensymphony.xwork2.TextProviderFactory;
-import com.opensymphony.xwork2.TextProvider;
import com.opensymphony.xwork2.LocaleProvider;
-import com.opensymphony.xwork2.util.CompoundRoot;
+import com.opensymphony.xwork2.TextProvider;
+import com.opensymphony.xwork2.TextProviderFactory;
import com.opensymphony.xwork2.util.ValueStack;
+import org.apache.commons.lang.xwork.StringUtils;
import javax.el.FunctionMapper;
import java.lang.reflect.Method;
-import java.util.Map;
import java.util.HashMap;
-
-import org.apache.commons.lang.xwork.StringUtils;
+import java.util.Map;
/**
* <p>Builtin function availabe from UEL. Available functions are</p>
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/CompoundRootELContext.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/CompoundRootELContext.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/CompoundRootELContext.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/CompoundRootELContext.java Sun Nov 8 08:18:59 2009
@@ -4,7 +4,10 @@
import de.odysseus.el.util.SimpleContext;
import org.apache.struts2.uelplugin.elresolvers.*;
-import javax.el.*;
+import javax.el.BeanELResolver;
+import javax.el.CompositeELResolver;
+import javax.el.FunctionMapper;
+import javax.el.VariableMapper;
/**
@@ -13,11 +16,13 @@
*/
public class CompoundRootELContext extends SimpleContext {
private final static BuiltinFunctionMapper BUILTIN_FUNCTION_MAPPER = new BuiltinFunctionMapper();
+
public CompoundRootELContext(final Container container) {
super(new CompositeELResolver() {
{
+ add(new MethodInvocationGuardELResolver(container));
add(new CompoundRootELResolver(container));
- add(new ValueStackContextResolver());
+ add(new ValueStackContextReferenceELResolver(container));
add(new XWorkBeanELResolver(container));
add(new XWorkListELResolver(container));
add(new XWorkMapELResolver(container));
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/JUELExtensionBuilder.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/JUELExtensionBuilder.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/JUELExtensionBuilder.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/JUELExtensionBuilder.java Sun Nov 8 08:18:59 2009
@@ -1,16 +1,21 @@
package org.apache.struts2.uelplugin;
-import de.odysseus.el.misc.TypeConverter;
import de.odysseus.el.misc.NumberOperations;
+import de.odysseus.el.misc.TypeConverter;
+import de.odysseus.el.tree.Bindings;
+import de.odysseus.el.tree.Node;
import de.odysseus.el.tree.impl.Builder;
import de.odysseus.el.tree.impl.Parser;
import de.odysseus.el.tree.impl.Scanner;
import de.odysseus.el.tree.impl.ast.AstBinary;
import de.odysseus.el.tree.impl.ast.AstNode;
import de.odysseus.el.tree.impl.ast.AstUnary;
-import de.odysseus.el.tree.impl.ast.AstIdentifier;
import org.apache.commons.lang.xwork.StringUtils;
+import javax.el.ELContext;
+import javax.el.MethodInfo;
+import javax.el.ValueReference;
+
/**
* Plugs into JUEL parser to supper expressions like "#obj", to provide some level
* of backward compatibility with OGNL
@@ -54,9 +59,7 @@
*/
static Parser.ExtensionHandler SHARP_HANDLER = new Parser.ExtensionHandler(Parser.ExtensionPoint.UNARY) {
public AstNode createAstNode(AstNode... children) {
- //AstIdentifier astIdentifier = (AstIdentifier) children[0];
- //ValueStackAstIdentifier valueStackAstIdentifier = new ValueStackAstIdentifier(astIdentifier.getName(), astIdentifier.getIndex());
- return new AstUnary(children[0], SHARP_OPERATOR);
+ return new DelegateAstNode(children[0]);
}
};
@@ -123,3 +126,59 @@
return new ExtendedParser(this, expression);
}
}
+
+class DelegateAstNode extends AstNode {
+ private final AstNode child;
+
+ public DelegateAstNode(AstNode child) {
+ this.child = child;
+ }
+
+ public void appendStructure(StringBuilder builder, Bindings bindings) {
+ child.appendStructure(builder, bindings);
+ }
+
+ public Object eval(Bindings bindings, ELContext context) {
+ return child.eval(bindings, context);
+ }
+
+ public int getCardinality() {
+ return child.getCardinality();
+ }
+
+ public Node getChild(int i) {
+ return child.getChild(i);
+ }
+
+ public MethodInfo getMethodInfo(Bindings bindings, ELContext context, Class<?> returnType, Class<?>[] paramTypes) {
+ return child.getMethodInfo(bindings, context, returnType, paramTypes);
+ }
+
+ public Class<?> getType(Bindings bindings, ELContext context) {
+ return child.getType(bindings, context);
+ }
+
+ public ValueReference getValueReference(Bindings bindings, ELContext context) {
+ return child.getValueReference(bindings, context);
+ }
+
+ public Object invoke(Bindings bindings, ELContext context, Class<?> returnType, Class<?>[] paramTypes, Object[] paramValues) {
+ return child.invoke(bindings, context, returnType, paramTypes, paramValues);
+ }
+
+ public boolean isLeftValue() {
+ return child.isLeftValue();
+ }
+
+ public boolean isLiteralText() {
+ return child.isLiteralText();
+ }
+
+ public boolean isReadOnly(Bindings bindings, ELContext context) {
+ return child.isReadOnly(bindings, context);
+ }
+
+ public void setValue(Bindings bindings, ELContext context, Object value) {
+ child.setValue(bindings, context, value);
+ }
+}
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/UELServletContextListener.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/UELServletContextListener.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/UELServletContextListener.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/UELServletContextListener.java Sun Nov 8 08:18:59 2009
@@ -4,13 +4,10 @@
import de.odysseus.el.tree.TreeBuilder;
import javax.el.ExpressionFactory;
-import javax.servlet.ServletContext;
import javax.servlet.ServletContextEvent;
import javax.servlet.ServletContextListener;
import java.util.Properties;
-import org.apache.struts2.uelplugin.ExpressionFactoryHolder;
-
/**
* Responsible for creating the ExpressionFactory that will be used by the
* UelValueStack
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/UELValueStack.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/UELValueStack.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/UELValueStack.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/UELValueStack.java Sun Nov 8 08:18:59 2009
@@ -9,15 +9,15 @@
import com.opensymphony.xwork2.util.ValueStack;
import com.opensymphony.xwork2.util.logging.Logger;
import com.opensymphony.xwork2.util.logging.LoggerFactory;
-import org.apache.struts2.uelplugin.elresolvers.AccessorsContextKey;
+import org.apache.struts2.uelplugin.elresolvers.XWorkValueStackContext;
import javax.el.ELContext;
import javax.el.ExpressionFactory;
import javax.el.PropertyNotFoundException;
import javax.el.ValueExpression;
+import java.io.Serializable;
import java.util.Map;
import java.util.TreeMap;
-import java.io.Serializable;
/**
* A ValueStack that uses Unified EL as the underlying Expression Language.
@@ -95,7 +95,7 @@
expr = "#{" + expr + "}";
}
- elContext.putContext(AccessorsContextKey.class, context);
+ elContext.putContext(XWorkValueStackContext.class, context);
elContext.putContext(XWorkConverter.class, xworkConverter);
elContext.putContext(CompoundRoot.class, root);
@@ -195,7 +195,7 @@
if (expr != null && !expr.startsWith("${") && !expr.startsWith("#{")) {
expr = "#{" + expr + "}";
}
- elContext.putContext(AccessorsContextKey.class, context);
+ elContext.putContext(XWorkValueStackContext.class, context);
elContext.putContext(XWorkConverter.class, xworkConverter);
elContext.putContext(CompoundRoot.class, root);
Copied: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AbstractELResolver.java (from r833776, struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AbstractResolver.java)
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AbstractELResolver.java?p2=struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AbstractELResolver.java&p1=struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AbstractResolver.java&r1=833776&r2=833846&rev=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AbstractResolver.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AbstractELResolver.java Sun Nov 8 08:18:59 2009
@@ -1,26 +1,26 @@
package org.apache.struts2.uelplugin.elresolvers;
-import com.opensymphony.xwork2.util.reflection.ReflectionProvider;
-import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
+import com.opensymphony.xwork2.ObjectFactory;
import com.opensymphony.xwork2.conversion.NullHandler;
import com.opensymphony.xwork2.conversion.ObjectTypeDeterminer;
+import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
import com.opensymphony.xwork2.inject.Container;
-import com.opensymphony.xwork2.ObjectFactory;
+import com.opensymphony.xwork2.util.reflection.ReflectionProvider;
-import javax.el.ELResolver;
import javax.el.ELContext;
-import java.util.Iterator;
+import javax.el.ELResolver;
import java.beans.FeatureDescriptor;
+import java.util.Iterator;
-public abstract class AbstractResolver extends ELResolver {
- protected ReflectionProvider reflectionProvider;
- protected XWorkConverter xworkConverter;
- protected NullHandler nullHandler;
- protected ObjectTypeDeterminer objectTypeDeterminer;
- protected ObjectFactory objectFactory;
+public abstract class AbstractELResolver extends ELResolver {
+ protected final ReflectionProvider reflectionProvider;
+ protected final XWorkConverter xworkConverter;
+ protected final NullHandler nullHandler;
+ protected final ObjectTypeDeterminer objectTypeDeterminer;
+ protected final ObjectFactory objectFactory;
- public AbstractResolver(Container container) {
+ public AbstractELResolver(Container container) {
this.reflectionProvider = container.getInstance(ReflectionProvider.class);
this.xworkConverter = container.getInstance(XWorkConverter.class);
this.nullHandler = container.getInstance(NullHandler.class, "java.lang.Object");
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/CompoundRootELResolver.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/CompoundRootELResolver.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/CompoundRootELResolver.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/CompoundRootELResolver.java Sun Nov 8 08:18:59 2009
@@ -1,9 +1,9 @@
package org.apache.struts2.uelplugin.elresolvers;
import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
+import com.opensymphony.xwork2.inject.Container;
import com.opensymphony.xwork2.util.CompoundRoot;
import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
-import com.opensymphony.xwork2.inject.Container;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.beanutils.PropertyUtils;
import org.apache.commons.lang.xwork.StringUtils;
@@ -16,7 +16,7 @@
* An ELResolver that is capable of resolving properties against the
* CompoundRoot if available in the ELContext.
*/
-public class CompoundRootELResolver extends AbstractResolver {
+public class CompoundRootELResolver extends AbstractELResolver {
public CompoundRootELResolver(Container container) {
super(container);
@@ -48,7 +48,7 @@
return root.get(0);
}
- Map<String, Object> reflectionContext = (Map) elContext.getContext(AccessorsContextKey.class);
+ Map<String, Object> reflectionContext = (Map) elContext.getContext(XWorkValueStackContext.class);
Object bean = findObjectForProperty(root, propertyName);
if (bean != null) {
@@ -86,7 +86,7 @@
}
CompoundRoot root = (CompoundRoot) context.getContext(CompoundRoot.class);
- Map<String, Object> reflectionContext = (Map) context.getContext(AccessorsContextKey.class);
+ Map<String, Object> reflectionContext = (Map) context.getContext(XWorkValueStackContext.class);
String propertyName = (String) property;
try {
if (base == null && property != null && root != null) {
Added: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/MethodInvocationGuardELResolver.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/MethodInvocationGuardELResolver.java?rev=833846&view=auto==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/MethodInvocationGuardELResolver.java (added)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/MethodInvocationGuardELResolver.java Sun Nov 8 08:18:59 2009
@@ -0,0 +1,34 @@
+package org.apache.struts2.uelplugin.elresolvers;
+
+import com.opensymphony.xwork2.inject.Container;
+import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
+
+import javax.el.ELContext;
+import javax.el.ELException;
+import java.util.Map;
+
+/**
+ * Will throw an exception if invoke is called and method invocation is not allowed
+ */
+public class MethodInvocationGuardELResolver extends AbstractELResolver {
+ public MethodInvocationGuardELResolver(Container container) {
+ super(container);
+ }
+
+ public Object getValue(ELContext context, Object base, Object property) {
+ return null;
+ }
+
+ public void setValue(ELContext context, Object base, Object property, Object value) {
+ }
+
+ @Override
+ public Object invoke(ELContext elContext, Object base, Object method, Class<?>[] paramTypes, Object[] params) {
+ Map<String, Object> context = (Map) elContext.getContext(XWorkValueStackContext.class);
+ if (ReflectionContextState.isDenyMethodExecution(context)) {
+ //you aint invoking this
+ throw new ELException("Method ivocations are disabled");
+ } else
+ return null;
+ }
+}
Copied: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/ValueStackContextReferenceELResolver.java (from r833776, struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/ValueStackContextResolver.java)
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/ValueStackContextReferenceELResolver.java?p2=struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/ValueStackContextReferenceELResolver.java&p1=struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/ValueStackContextResolver.java&r1=833776&r2=833846&rev=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/ValueStackContextResolver.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/ValueStackContextReferenceELResolver.java Sun Nov 8 08:18:59 2009
@@ -1,29 +1,38 @@
package org.apache.struts2.uelplugin.elresolvers;
import com.opensymphony.xwork2.ActionContext;
+import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
+import com.opensymphony.xwork2.inject.Container;
import com.opensymphony.xwork2.util.ValueStack;
+import org.apache.commons.lang.xwork.StringUtils;
-import javax.el.ELResolver;
import javax.el.ELContext;
-import java.util.Iterator;
import java.beans.FeatureDescriptor;
+import java.util.Iterator;
+import java.util.Map;
-import org.apache.commons.lang.xwork.StringUtils;
+public class ValueStackContextReferenceELResolver extends AbstractELResolver {
+ public ValueStackContextReferenceELResolver(Container container) {
+ super(container);
+ }
-public class ValueStackContextResolver extends ELResolver {
- public Object getValue(ELContext context, Object base, Object property) {
+ public Object getValue(ELContext elContext, Object base, Object property) {
String objectName = property.toString();
if (StringUtils.startsWith(objectName, "#")) {
objectName = StringUtils.removeStart(property.toString(), "#");
ActionContext actionContext = ActionContext.getContext();
- if (context != null) {
+ if (elContext != null) {
ValueStack valueStack = actionContext.getValueStack();
if (valueStack != null) {
Object obj = valueStack.getContext().get(objectName);
if (obj != null) {
- context.setPropertyResolved(true);
+ Map<String, Object> reflectionContext = (Map) elContext.getContext(XWorkValueStackContext.class);
+
+ reflectionContext.put(XWorkConverter.LAST_BEAN_CLASS_ACCESSED, obj.getClass());
+ reflectionContext.put(XWorkConverter.LAST_BEAN_PROPERTY_ACCESSED, objectName);
+ elContext.setPropertyResolved(true);
return obj;
}
}
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkArrayELResolver.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkArrayELResolver.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkArrayELResolver.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkArrayELResolver.java Sun Nov 8 08:18:59 2009
@@ -1,17 +1,16 @@
package org.apache.struts2.uelplugin.elresolvers;
-import com.opensymphony.xwork2.inject.Container;
import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
+import com.opensymphony.xwork2.inject.Container;
import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
import javax.el.ELContext;
import javax.el.ELException;
-import java.util.List;
-import java.util.Map;
import java.lang.reflect.Array;
+import java.util.Map;
-public class XWorkArrayELResolver extends AbstractResolver {
+public class XWorkArrayELResolver extends AbstractELResolver {
public XWorkArrayELResolver(Container container) {
super(container);
}
@@ -19,7 +18,7 @@
public Object getValue(ELContext elContext, Object target, Object property) {
if (target != null && property != null && target.getClass().isArray()) {
- Map<String, Object> context = (Map) elContext.getContext(AccessorsContextKey.class);
+ Map<String, Object> context = (Map) elContext.getContext(XWorkValueStackContext.class);
Class lastClass = (Class) context.get(XWorkConverter.LAST_BEAN_CLASS_ACCESSED);
String lastProperty = (String) context.get(XWorkConverter.LAST_BEAN_PROPERTY_ACCESSED);
@@ -74,7 +73,7 @@
public void setValue(ELContext elContext, Object target, Object property, Object value) {
if (target != null && property != null && target.getClass().isArray()) {
- Map<String, Object> context = (Map) elContext.getContext(AccessorsContextKey.class);
+ Map<String, Object> context = (Map) elContext.getContext(XWorkValueStackContext.class);
Class lastClass = (Class) context.get(XWorkConverter.LAST_BEAN_CLASS_ACCESSED);
String lastProperty = (String) context.get(XWorkConverter.LAST_BEAN_PROPERTY_ACCESSED);
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkBeanELResolver.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkBeanELResolver.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkBeanELResolver.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkBeanELResolver.java Sun Nov 8 08:18:59 2009
@@ -9,14 +9,14 @@
import javax.el.ELContext;
import java.util.Map;
-public class XWorkBeanELResolver extends AbstractResolver {
+public class XWorkBeanELResolver extends AbstractELResolver {
public XWorkBeanELResolver(Container container) {
super(container);
}
public Object getValue(ELContext elContext, Object target, Object property) {
if (target != null && property != null) {
- Map<String, Object> reflectionContext = (Map<String, Object>) elContext.getContext(AccessorsContextKey.class);
+ Map<String, Object> reflectionContext = (Map<String, Object>) elContext.getContext(XWorkValueStackContext.class);
String propertyName = property.toString();
Class targetType = target.getClass();
@@ -48,7 +48,7 @@
public void setValue(ELContext elContext, Object target, Object property, Object value) {
if (target != null && property != null) {
try {
- Map<String, Object> reflectionContext = (Map<String, Object>) elContext.getContext(AccessorsContextKey.class);
+ Map<String, Object> reflectionContext = (Map<String, Object>) elContext.getContext(XWorkValueStackContext.class);
String propertyName = property.toString();
Class targetType = target.getClass();
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkListELResolver.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkListELResolver.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkListELResolver.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkListELResolver.java Sun Nov 8 08:18:59 2009
@@ -1,16 +1,16 @@
package org.apache.struts2.uelplugin.elresolvers;
-import com.opensymphony.xwork2.inject.Container;
+import com.opensymphony.xwork2.XWorkException;
import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
+import com.opensymphony.xwork2.inject.Container;
import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
-import com.opensymphony.xwork2.XWorkException;
import javax.el.ELContext;
+import java.util.Collection;
import java.util.List;
import java.util.Map;
-import java.util.Collection;
-public class XWorkListELResolver extends AbstractResolver {
+public class XWorkListELResolver extends AbstractELResolver {
public XWorkListELResolver(Container container) {
super(container);
}
@@ -18,7 +18,7 @@
public Object getValue(ELContext elContext, Object target, Object property) {
if (target != null && property != null && target instanceof List) {
- Map<String, Object> context = (Map) elContext.getContext(AccessorsContextKey.class);
+ Map<String, Object> context = (Map) elContext.getContext(XWorkValueStackContext.class);
List list = (List) target;
Class lastClass = (Class) context.get(XWorkConverter.LAST_BEAN_CLASS_ACCESSED);
@@ -82,7 +82,7 @@
}
public void setValue(ELContext elContext, Object target, Object property, Object value) {
- Map<String, Object> context = (Map) elContext.getContext(AccessorsContextKey.class);
+ Map<String, Object> context = (Map) elContext.getContext(XWorkValueStackContext.class);
if (target != null && property != null && target instanceof List) {
Class lastClass = (Class) context.get(XWorkConverter.LAST_BEAN_CLASS_ACCESSED);
String lastProperty = (String) context.get(XWorkConverter.LAST_BEAN_PROPERTY_ACCESSED);
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkMapELResolver.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkMapELResolver.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkMapELResolver.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkMapELResolver.java Sun Nov 8 08:18:59 2009
@@ -1,15 +1,14 @@
package org.apache.struts2.uelplugin.elresolvers;
-import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
import com.opensymphony.xwork2.inject.Container;
+import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
import javax.el.ELContext;
import java.util.Map;
-import java.util.List;
import java.util.WeakHashMap;
-public class XWorkMapELResolver extends AbstractResolver {
+public class XWorkMapELResolver extends AbstractELResolver {
private final Map<Key, Class> keyClassCache = new WeakHashMap<Key, Class>();
public XWorkMapELResolver(Container container) {
@@ -17,7 +16,7 @@
}
public Object getValue(ELContext elContext, Object target, Object property) {
- Map<String, Object> context = (Map) elContext.getContext(AccessorsContextKey.class);
+ Map<String, Object> context = (Map) elContext.getContext(XWorkValueStackContext.class);
if (target != null && property != null && target instanceof Map) {
Object result = null;
@@ -84,12 +83,13 @@
}
public void setValue(ELContext elContext, Object target, Object property, Object value) {
- Map<String, Object> context = (Map) elContext.getContext(AccessorsContextKey.class);
+ Map<String, Object> context = (Map) elContext.getContext(XWorkValueStackContext.class);
if (target != null && property != null && target instanceof Map) {
Object key = getKey(context, property);
Map map = (Map) target;
- map.put(key, getValue(context, value));
+ map.put(key, value);
+ elContext.setPropertyResolved(true);
}
}
Copied: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkValueStackContext.java (from r833776, struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AccessorsContextKey.java)
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkValueStackContext.java?p2=struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkValueStackContext.java&p1=struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AccessorsContextKey.java&r1=833776&r2=833846&rev=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/AccessorsContextKey.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/elresolvers/XWorkValueStackContext.java Sun Nov 8 08:18:59 2009
@@ -1,5 +1,7 @@
package org.apache.struts2.uelplugin.elresolvers;
+import java.util.Map;
-public interface AccessorsContextKey {
+
+public interface XWorkValueStackContext extends Map {
}
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/ClassCacheInspector.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/ClassCacheInspector.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/ClassCacheInspector.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/ClassCacheInspector.java Sun Nov 8 08:18:59 2009
@@ -8,9 +8,7 @@
/**
* Invoked just before storing a class type within a cache instance.
*
- * @param type
- * The class that is to be stored.
- *
+ * @param type The class that is to be stored.
* @return True if the class can be cached, false otherwise.
*/
boolean shouldCache(Class type);
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/DefaultMemberAccess.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/DefaultMemberAccess.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/DefaultMemberAccess.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/DefaultMemberAccess.java Sun Nov 8 08:18:59 2009
@@ -1,78 +1,68 @@
package org.apache.struts2.uelplugin.reflection;
-import java.util.Map;
-import java.lang.reflect.Member;
import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.Member;
import java.lang.reflect.Modifier;
+import java.util.Map;
/**
* Taken from OGNL
*/
-public class DefaultMemberAccess implements MemberAccess
-{
- public boolean allowPrivateAccess = false;
- public boolean allowProtectedAccess = false;
- public boolean allowPackageProtectedAccess = false;
-
- /*===================================================================
- Constructors
- ===================================================================*/
- public DefaultMemberAccess(boolean allowAllAccess)
- {
- this(allowAllAccess, allowAllAccess, allowAllAccess);
- }
+public class DefaultMemberAccess implements MemberAccess {
+ public boolean allowPrivateAccess = false;
+ public boolean allowProtectedAccess = false;
+ public boolean allowPackageProtectedAccess = false;
+
+ /*===================================================================
+ Constructors
+ ===================================================================*/
+ public DefaultMemberAccess(boolean allowAllAccess) {
+ this(allowAllAccess, allowAllAccess, allowAllAccess);
+ }
- public DefaultMemberAccess(boolean allowPrivateAccess, boolean allowProtectedAccess, boolean allowPackageProtectedAccess)
- {
- super();
- this.allowPrivateAccess = allowPrivateAccess;
- this.allowProtectedAccess = allowProtectedAccess;
- this.allowPackageProtectedAccess = allowPackageProtectedAccess;
- }
+ public DefaultMemberAccess(boolean allowPrivateAccess, boolean allowProtectedAccess, boolean allowPackageProtectedAccess) {
+ super();
+ this.allowPrivateAccess = allowPrivateAccess;
+ this.allowProtectedAccess = allowProtectedAccess;
+ this.allowPackageProtectedAccess = allowPackageProtectedAccess;
+ }
- /*===================================================================
- Public methods
- ===================================================================*/
- public boolean getAllowPrivateAccess()
- {
- return allowPrivateAccess;
- }
+ /*===================================================================
+ Public methods
+ ===================================================================*/
+ public boolean getAllowPrivateAccess() {
+ return allowPrivateAccess;
+ }
- public void setAllowPrivateAccess(boolean value)
- {
- allowPrivateAccess = value;
- }
+ public void setAllowPrivateAccess(boolean value) {
+ allowPrivateAccess = value;
+ }
- public boolean getAllowProtectedAccess()
- {
- return allowProtectedAccess;
- }
+ public boolean getAllowProtectedAccess() {
+ return allowProtectedAccess;
+ }
- public void setAllowProtectedAccess(boolean value)
- {
- allowProtectedAccess = value;
- }
+ public void setAllowProtectedAccess(boolean value) {
+ allowProtectedAccess = value;
+ }
- public boolean getAllowPackageProtectedAccess()
- {
- return allowPackageProtectedAccess;
- }
+ public boolean getAllowPackageProtectedAccess() {
+ return allowPackageProtectedAccess;
+ }
- public void setAllowPackageProtectedAccess(boolean value)
- {
- allowPackageProtectedAccess = value;
- }
+ public void setAllowPackageProtectedAccess(boolean value) {
+ allowPackageProtectedAccess = value;
+ }
- /*===================================================================
- MemberAccess interface
- ===================================================================*/
- public Object setup(Map context, Object target, Member member, String propertyName)
- {
- Object result = null;
+ /*===================================================================
+ MemberAccess interface
+ ===================================================================*/
+ public Object setup(Map context, Object target, Member member, String propertyName) {
+ Object result = null;
if (isAccessible(context, target, member, propertyName)) {
- AccessibleObject accessible = (AccessibleObject)member;
+ AccessibleObject accessible = (AccessibleObject) member;
if (!accessible.isAccessible()) {
result = Boolean.TRUE;
@@ -82,33 +72,31 @@
return result;
}
- public void restore(Map context, Object target, Member member, String propertyName, Object state)
- {
+ public void restore(Map context, Object target, Member member, String propertyName, Object state) {
if (state != null) {
- ((AccessibleObject)member).setAccessible(((Boolean)state).booleanValue());
+ ((AccessibleObject) member).setAccessible(((Boolean) state).booleanValue());
}
}
/**
- Returns true if the given member is accessible or can be made accessible
- by this object.
+ * Returns true if the given member is accessible or can be made accessible
+ * by this object.
*/
- public boolean isAccessible(Map context, Object target, Member member, String propertyName)
- {
- int modifiers = member.getModifiers();
- boolean result = Modifier.isPublic(modifiers);
-
- if (!result) {
- if (Modifier.isPrivate(modifiers)) {
- result = getAllowPrivateAccess();
- } else {
- if (Modifier.isProtected(modifiers)) {
- result = getAllowProtectedAccess();
- } else {
- result = getAllowPackageProtectedAccess();
- }
- }
- }
- return result;
+ public boolean isAccessible(Map context, Object target, Member member, String propertyName) {
+ int modifiers = member.getModifiers();
+ boolean result = Modifier.isPublic(modifiers);
+
+ if (!result) {
+ if (Modifier.isPrivate(modifiers)) {
+ result = getAllowPrivateAccess();
+ } else {
+ if (Modifier.isProtected(modifiers)) {
+ result = getAllowProtectedAccess();
+ } else {
+ result = getAllowPackageProtectedAccess();
+ }
+ }
+ }
+ return result;
}
}
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/Entry.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/Entry.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/Entry.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/Entry.java Sun Nov 8 08:18:59 2009
@@ -9,21 +9,19 @@
Class key;
Object value;
- public Entry(Class key, Object value)
- {
+ public Entry(Class key, Object value) {
this.key = key;
this.value = value;
}
- public String toString()
- {
+ public String toString() {
return "Entry[" +
- "next=" + next +
- '\n' +
- ", key=" + key +
- '\n' +
- ", value=" + value +
- '\n' +
- ']';
+ "next=" + next +
+ '\n' +
+ ", key=" + key +
+ '\n' +
+ ", value=" + value +
+ '\n' +
+ ']';
}
}
\ No newline at end of file
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/MemberAccess.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/MemberAccess.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/MemberAccess.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/MemberAccess.java Sun Nov 8 08:18:59 2009
@@ -1,26 +1,25 @@
package org.apache.struts2.uelplugin.reflection;
-import java.util.Map;
import java.lang.reflect.Member;
+import java.util.Map;
/**
* Taken from OGNL
*/
-public interface MemberAccess
-{
+public interface MemberAccess {
/**
- Sets the member up for accessibility
+ * Sets the member up for accessibility
*/
public Object setup(Map context, Object target, Member member, String propertyName);
/**
- Restores the member from the previous setup call.
+ * Restores the member from the previous setup call.
*/
public void restore(Map context, Object target, Member member, String propertyName, Object state);
/**
- Returns true if the given member is accessible or can be made accessible
- by this object.
+ * Returns true if the given member is accessible or can be made accessible
+ * by this object.
*/
- public boolean isAccessible(Map context, Object target, Member member, String propertyName);
+ public boolean isAccessible(Map context, Object target, Member member, String propertyName);
}
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/ObjectIndexedPropertyDescriptor.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/ObjectIndexedPropertyDescriptor.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/ObjectIndexedPropertyDescriptor.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/java/org/apache/struts2/uelplugin/reflection/ObjectIndexedPropertyDescriptor.java Sun Nov 8 08:18:59 2009
@@ -1,38 +1,33 @@
package org.apache.struts2.uelplugin.reflection;
-import java.beans.PropertyDescriptor;
import java.beans.IntrospectionException;
+import java.beans.PropertyDescriptor;
import java.lang.reflect.Method;
/**
* Taken from OGNL
*/
-public class ObjectIndexedPropertyDescriptor extends PropertyDescriptor
-{
+public class ObjectIndexedPropertyDescriptor extends PropertyDescriptor {
private Method indexedReadMethod;
- private Method indexedWriteMethod;
- private Class propertyType;
+ private Method indexedWriteMethod;
+ private Class propertyType;
- public ObjectIndexedPropertyDescriptor(String propertyName, Class propertyType, Method indexedReadMethod, Method indexedWriteMethod) throws IntrospectionException
- {
+ public ObjectIndexedPropertyDescriptor(String propertyName, Class propertyType, Method indexedReadMethod, Method indexedWriteMethod) throws IntrospectionException {
super(propertyName, null, null);
this.propertyType = propertyType;
this.indexedReadMethod = indexedReadMethod;
this.indexedWriteMethod = indexedWriteMethod;
}
- public Method getIndexedReadMethod()
- {
+ public Method getIndexedReadMethod() {
return indexedReadMethod;
}
- public Method getIndexedWriteMethod()
- {
+ public Method getIndexedWriteMethod() {
return indexedWriteMethod;
}
- public Class getPropertyType()
- {
+ public Class getPropertyType() {
return propertyType;
}
}
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/main/resources/struts-plugin.xml
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/main/resources/struts-plugin.xml?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/main/resources/struts-plugin.xml (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/main/resources/struts-plugin.xml Sun Nov 8 08:18:59 2009
@@ -5,12 +5,9 @@
"
http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
- <bean type="com.opensymphony.xwork2.util.ValueStackFactory" name="uel"
- class="org.apache.struts2.uelplugin.UELValueStackFactory"/>
- <bean type="com.opensymphony.xwork2.util.reflection.ReflectionProvider" name="uel"
- class="org.apache.struts2.uelplugin.reflection.GenericReflectionProvider"/>
- <bean type="com.opensymphony.xwork2.util.reflection.ReflectionContextFactory" name="uel"
- class="org.apache.struts2.uelplugin.UELReflectionContextFactory"/>
+ <bean type="com.opensymphony.xwork2.util.ValueStackFactory" name="uel" class="org.apache.struts2.uelplugin.UELValueStackFactory"/>
+ <bean type="com.opensymphony.xwork2.util.reflection.ReflectionProvider" name="uel" class="org.apache.struts2.uelplugin.reflection.GenericReflectionProvider"/>
+ <bean type="com.opensymphony.xwork2.util.reflection.ReflectionContextFactory" name="uel" class="org.apache.struts2.uelplugin.UELReflectionContextFactory"/>
<constant name="struts.valueStackFactory" value="uel"/>
<constant name="struts.reflectionProvider" value="uel"/>
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/AbstractUELTest.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/AbstractUELTest.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/AbstractUELTest.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/AbstractUELTest.java Sun Nov 8 08:18:59 2009
@@ -1,26 +1,26 @@
package org.apache.struts2.uelplugin;
-import com.opensymphony.xwork2.XWorkTestCase;
import com.opensymphony.xwork2.ActionContext;
+import com.opensymphony.xwork2.XWorkTestCase;
+import com.opensymphony.xwork2.config.ConfigurationException;
+import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
import com.opensymphony.xwork2.inject.ContainerBuilder;
import com.opensymphony.xwork2.test.StubConfigurationProvider;
-import com.opensymphony.xwork2.config.ConfigurationException;
import com.opensymphony.xwork2.util.CompoundRoot;
import com.opensymphony.xwork2.util.ValueStack;
import com.opensymphony.xwork2.util.ValueStackFactory;
import com.opensymphony.xwork2.util.location.LocatableProperties;
import com.opensymphony.xwork2.util.reflection.ReflectionProvider;
-import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
-import org.springframework.mock.web.MockServletContext;
import org.apache.struts2.ServletActionContext;
import org.apache.struts2.uelplugin.reflection.GenericReflectionProvider;
import org.apache.struts2.util.StrutsTypeConverter;
+import org.springframework.mock.web.MockServletContext;
-import javax.servlet.ServletContextEvent;
import javax.el.ExpressionFactory;
-import java.util.Map;
-import java.text.ParseException;
+import javax.servlet.ServletContextEvent;
import java.text.DateFormat;
+import java.text.ParseException;
+import java.util.Map;
public abstract class AbstractUELTest extends XWorkTestCase {
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/BuiltinFunctionsTest.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/BuiltinFunctionsTest.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/BuiltinFunctionsTest.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/BuiltinFunctionsTest.java Sun Nov 8 08:18:59 2009
@@ -1,9 +1,9 @@
package org.apache.struts2.uelplugin;
-import java.lang.reflect.InvocationTargetException;
-
import org.apache.struts2.views.util.ContextUtil;
+import java.lang.reflect.InvocationTargetException;
+
public class BuiltinFunctionsTest extends AbstractUELTest {
public void testGetText() throws IllegalAccessException, InvocationTargetException, NoSuchMethodException {
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/TestAction.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/TestAction.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/TestAction.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/TestAction.java Sun Nov 8 08:18:59 2009
@@ -2,8 +2,6 @@
import com.opensymphony.xwork2.ActionSupport;
import com.opensymphony.xwork2.conversion.annotations.Conversion;
-import com.opensymphony.xwork2.conversion.annotations.ConversionType;
-import com.opensymphony.xwork2.conversion.annotations.TypeConversion;
@Conversion
public class TestAction extends ActionSupport {
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/TestObject.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/TestObject.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/TestObject.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/TestObject.java Sun Nov 8 08:18:59 2009
@@ -1,8 +1,8 @@
package org.apache.struts2.uelplugin;
import java.util.Date;
-import java.util.Map;
import java.util.List;
+import java.util.Map;
import java.util.Set;
@@ -23,6 +23,11 @@
private Set set;
private ChildTestAction childTestAction;
+ private boolean invoked;
+
+ public boolean wasInvoked() {
+ return invoked;
+ }
public ChildTestAction getChildTestAction() {
return childTestAction;
@@ -32,6 +37,10 @@
this.childTestAction = childTestAction;
}
+ public void invoke() {
+ this.invoked = true;
+ }
+
public Object getFail() {
throw new RuntimeException("kaboom");
}
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELMethodInvocationTest.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELMethodInvocationTest.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELMethodInvocationTest.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELMethodInvocationTest.java Sun Nov 8 08:18:59 2009
@@ -20,7 +20,7 @@
assertEquals("Lex Luthor", stack.findValue("${#s0.concat(' ').concat(#s1)}"));
}
- public void testCallMethodsOnCompundRoot() {
+ public void testCallMethodsOnCompundRoot() {
//this shuld not fail as the property is defined on a parent class
TestObject obj = new TestObject();
root.push(obj);
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELStackReadValueTest.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELStackReadValueTest.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELStackReadValueTest.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELStackReadValueTest.java Sun Nov 8 08:18:59 2009
@@ -9,7 +9,7 @@
TestObject obj = new TestObject();
obj.setValue("0");
root.push(obj);
-
+
obj = new TestObject();
obj.setValue("1");
root.push(obj);
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELStackSetValueTest.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELStackSetValueTest.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELStackSetValueTest.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELStackSetValueTest.java Sun Nov 8 08:18:59 2009
@@ -2,8 +2,8 @@
import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
-import java.util.*;
import java.lang.reflect.InvocationTargetException;
+import java.util.*;
public class UELStackSetValueTest extends AbstractUELTest {
@@ -46,6 +46,13 @@
stack.setValue("typedList[1].value", "val");
assertEquals(2, obj.getTypedList().size());
assertEquals("val", obj.getTypedList().get(1).getValue());
+
+ //context ref
+ list = new ArrayList();
+ stack.getContext().put("theTypedList", list);
+ stack.setValue("#theTypedList[0]", "val");
+ assertEquals(1, list.size());
+ assertEquals("val", list.get(0));
}
public void testWriteArray() throws IllegalAccessException, InvocationTargetException, NoSuchMethodException {
@@ -85,6 +92,13 @@
stack.setValue("typedMap[1].value", "val");
assertEquals(1, obj.getTypedMap().size());
assertEquals("val", obj.getTypedMap().get(1).getValue());
+
+ //context ref
+ map = new HashMap();
+ stack.getContext().put("themap", map);
+ stack.setValue("#themap['str']", "val");
+ assertEquals(1, map.size());
+ assertEquals("val", map.get("str"));
}
public void testSetPropertiesOnNestedNullObject() {
Modified: struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELValueStackOtherTests.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELValueStackOtherTests.java?rev=833846&r1=833845&r2=833846&view=diff==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELValueStackOtherTests.java (original)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/UELValueStackOtherTests.java Sun Nov 8 08:18:59 2009
@@ -1,10 +1,10 @@
package org.apache.struts2.uelplugin;
-import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
import com.opensymphony.xwork2.ActionContext;
+import com.opensymphony.xwork2.conversion.impl.XWorkConverter;
-import java.util.Map;
import java.util.LinkedHashMap;
+import java.util.Map;
public class UELValueStackOtherTests extends AbstractUELTest {
@@ -56,7 +56,7 @@
}
}
- public void testFailsOnMissingNestedPropertyWithThrowException() {
+ public void testFailsOnMissingNestedPropertyWithThrowException() {
TestObject obj = new TestObject();
root.push(obj);
try {
@@ -123,7 +123,7 @@
}
}
- public void testPrimitiveSettingWithInvalidValueAddsFieldErrorInNonDevMode() {
+ public void testPrimitiveSettingWithInvalidValueAddsFieldErrorInNonDevMode() {
TestAction action = new TestAction();
stack.getContext().put(XWorkConverter.REPORT_CONVERSION_ERRORS, Boolean.TRUE);
stack.setDevMode("false");
@@ -134,7 +134,7 @@
assertTrue(conversionErrors.containsKey("bar"));
}
- public void testPrimitiveSettingWithInvalidValueAddsFieldErrorInDevMode() {
+ public void testPrimitiveSettingWithInvalidValueAddsFieldErrorInDevMode() {
TestAction action = new TestAction();
stack.getContext().put(XWorkConverter.REPORT_CONVERSION_ERRORS, Boolean.TRUE);
stack.setDevMode("true");
Added: struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/VulnerabilityTest.java
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/VulnerabilityTest.java?rev=833846&view=auto==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/VulnerabilityTest.java (added)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/test/java/org/apache/struts2/uelplugin/VulnerabilityTest.java Sun Nov 8 08:18:59 2009
@@ -0,0 +1,80 @@
+package org.apache.struts2.uelplugin;
+
+import com.opensymphony.xwork2.ActionContext;
+import com.opensymphony.xwork2.util.CompoundRoot;
+import com.opensymphony.xwork2.util.ValueStack;
+import com.opensymphony.xwork2.util.reflection.ReflectionContextState;
+import org.apache.struts2.StrutsTestCase;
+
+import javax.servlet.ServletContextEvent;
+import java.util.HashMap;
+import java.util.Map;
+
+public class VulnerabilityTest extends StrutsTestCase {
+
+ public void testMethodsAreNotInvokedUnlessDenyMethodExecutionIsTrue() {
+ CompoundRoot root = new CompoundRoot();
+ ValueStack stack = new UELValueStack(container);
+ TestObject obj = new TestObject();
+ root.push(obj);
+
+ Map contextMap = stack.getContext();
+ ReflectionContextState.setCreatingNullObjects(contextMap, true);
+ ReflectionContextState.setDenyMethodExecution(contextMap, true);
+ ReflectionContextState.setReportingConversionErrors(contextMap, true);
+
+ //simple
+ stack.findValue("top.invoke()");
+ assertFalse(obj.wasInvoked());
+
+ //nested
+ TestObject nested = new TestObject();
+ obj.setInner(nested);
+ stack.findValue("top.inner.invoke()");
+ assertFalse(nested.wasInvoked());
+ }
+
+ public void testParametersDoesNotAffectSession() throws Exception {
+ HashMap<String, Object> session = new HashMap<String, Object>();
+ ValueStack stack = ActionContext.getContext().getValueStack();
+ stack.getContext().put("session", session);
+ assertSame(session, stack.findValue("#session"));
+
+ //make sure that values can tb set in session
+ stack.setValue("#session['clean']", "clean");
+ assertEquals("clean", stack.findValue("#session['clean']"));
+
+ Map<String, Object> params = new HashMap<String, Object>();
+ params.put("bar", "123");
+ params.put("#session.foo", "Foo");
+ params.put("\u0023session[\'user\']", "0wn3d");
+ params.put("\\u0023session[\'user\']", "0wn3d");
+ params.put("\u0023session.user2", "0wn3d");
+ params.put("\\u0023session.user2", "0wn3d");
+ params.put("('\u0023'%20%2b%20'session[\'user3\']')(unused)", "0wn3d");
+ params.put("('\\u0023' + 'session[\\'user4\\']')(unused)", "0wn3d");
+ params.put("('\u0023'%2b'session[\'user5\']')(unused)", "0wn3d");
+ params.put("('\\u0023'%2b'session[\'user5\']')(unused)", "0wn3d");
+ request.setParameters(params);
+
+ executeAction("/test/test.action");
+
+ assertEquals(123, findValueAfterExecute("top.bar"));
+ assertNull(session.get("foo"));
+ assertNull(session.get("user"));
+ assertNull(session.get("user2"));
+ assertNull(session.get("user3"));
+ assertNull(session.get("user4"));
+ assertNull(session.get("user5"));
+ }
+
+
+ @Override
+ protected void setUp() throws Exception {
+ super.setUp();
+
+ //simulate start up
+ UELServletContextListener listener = new UELServletContextListener();
+ listener.contextInitialized(new ServletContextEvent(servletContext));
+ }
+}
Added: struts/sandbox/trunk/struts2-uel-plugin/src/test/resources/struts.xml
URL:
http://svn.apache.org/viewvc/struts/sandbox/trunk/struts2-uel-plugin/src/test/resources/struts.xml?rev=833846&view=auto==============================================================================
--- struts/sandbox/trunk/struts2-uel-plugin/src/test/resources/struts.xml (added)
+++ struts/sandbox/trunk/struts2-uel-plugin/src/test/resources/struts.xml Sun Nov 8 08:18:59 2009
@@ -0,0 +1,10 @@
+<!DOCTYPE struts PUBLIC
+ "-//Apache Software Foundation//DTD Struts Configuration 2.1.7//EN"
+ "
http://struts.apache.org/dtds/struts-2.0.dtd">
+<struts>
+ <package name="test" namespace="/test" extends="struts-default">
+ <action name="test" class="org.apache.struts2.uelplugin.TestAction">
+ <result>something.jsp</result>
+ </action>
+ </package>
+</struts>
\ No newline at end of file
