Examples with ParametersInterceptor com.opensymphony.xwork2.interceptor.ParametersInterceptor used on opensource projects

Search in sources :

Example 6 with ParametersInterceptor

use of com.opensymphony.xwork2.interceptor.ParametersInterceptor in project struts by apache.

the class ValidateAction method testParameterNameAware.

public void testParameterNameAware() {
    ParametersInterceptor pi = createParametersInterceptor();
    final Map<String, Object> actual = injectValueStackFactory(pi);
    ValueStack stack = createStubValueStack(actual);
    final Map<String, Object> expected = new HashMap<String, Object>() {

        {
            put("fooKey", "fooValue");
            put("barKey", "barValue");
        }
    };
    Object a = new ParameterNameAware() {

        public boolean acceptableParameterName(String parameterName) {
            return expected.containsKey(parameterName);
        }
    };
    final Map<String, Object> parameters = new HashMap<String, Object>() {

        {
            put("fooKey", "fooValue");
            put("barKey", "barValue");
            put("error-key", "error");
            put("error key", "error");
            put("error:key", "error");
            put("error+key", "error");
            put("test%test", "test%test");
        }
    };
    pi.setParameters(a, stack, HttpParameters.create(parameters).build());
    assertEquals(expected, actual);
}
Also used : OgnlValueStack(com.opensymphony.xwork2.ognl.OgnlValueStack) ValueStack(com.opensymphony.xwork2.util.ValueStack) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap)

Example 7 with ParametersInterceptor

use of com.opensymphony.xwork2.interceptor.ParametersInterceptor in project struts by apache.

the class TestConfigurationProvider method loadPackages.

/**
 * Initializes the configuration object.
 */
public void loadPackages() {
    Map<String, String> successParams = new HashMap<>();
    successParams.put("propertyName", "executionCount");
    successParams.put("expectedValue", "1");
    ActionConfig executionCountActionConfig = new ActionConfig.Builder("", "", ExecutionCountTestAction.class.getName()).addResultConfig(new ResultConfig.Builder(Action.SUCCESS, TestResult.class.getName()).addParams(successParams).build()).build();
    ValidationInterceptor validationInterceptor = new ValidationInterceptor();
    validationInterceptor.setIncludeMethods("*");
    ActionConfig doubleValidationActionConfig = new ActionConfig.Builder("", "doubleValidationAction", DoubleValidationAction.class.getName()).addResultConfig(new ResultConfig.Builder(Action.SUCCESS, ServletDispatcherResult.class.getName()).addParam("location", "success.jsp").build()).addInterceptor(new InterceptorMapping("validation", validationInterceptor)).build();
    ActionConfig testActionConfig = new ActionConfig.Builder("", "", TestAction.class.getName()).addResultConfig(new ResultConfig.Builder(Action.SUCCESS, ServletDispatcherResult.class.getName()).addParam("location", "success.jsp").build()).addInterceptor(new InterceptorMapping("params", new ParametersInterceptor())).build();
    ActionConfig tokenActionConfig = new ActionConfig.Builder("", "", TestAction.class.getName()).addInterceptor(new InterceptorMapping("token", new TokenInterceptor())).addResultConfig(new ResultConfig.Builder("invalid.token", MockResult.class.getName()).build()).addResultConfig(new ResultConfig.Builder("success", MockResult.class.getName()).build()).build();
    // empty results for token session unit test
    ActionConfig tokenSessionActionConfig = new ActionConfig.Builder("", "", TestAction.class.getName()).addResultConfig(new ResultConfig.Builder("invalid.token", MockResult.class.getName()).build()).addResultConfig(new ResultConfig.Builder("success", MockResult.class.getName()).build()).addInterceptor(new InterceptorMapping("tokenSession", new TokenSessionStoreInterceptor())).build();
    PackageConfig defaultPackageConfig = new PackageConfig.Builder("").addActionConfig(EXECUTION_COUNT_ACTION_NAME, executionCountActionConfig).addActionConfig(TEST_ACTION_NAME, testActionConfig).addActionConfig("doubleValidationAction", doubleValidationActionConfig).addActionConfig(TOKEN_ACTION_NAME, tokenActionConfig).addActionConfig(TOKEN_SESSION_ACTION_NAME, tokenSessionActionConfig).addActionConfig("testActionTagAction", new ActionConfig.Builder("", "", TestAction.class.getName()).addResultConfig(new ResultConfig.Builder(Action.SUCCESS, TestActionTagResult.class.getName()).build()).addResultConfig(new ResultConfig.Builder(Action.INPUT, TestActionTagResult.class.getName()).build()).addAllowedMethod("input").build()).build();
    configuration.addPackageConfig("", defaultPackageConfig);
    PackageConfig namespacePackageConfig = new PackageConfig.Builder("namespacePackage").namespace(TEST_NAMESPACE).addParent(defaultPackageConfig).addActionConfig(TEST_NAMESPACE_ACTION, new ActionConfig.Builder("", "", TestAction.class.getName()).build()).build();
    configuration.addPackageConfig("namespacePackage", namespacePackageConfig);
    PackageConfig testActionWithNamespacePackageConfig = new PackageConfig.Builder("testActionNamespacePackages").namespace(TEST_NAMESPACE).addParent(defaultPackageConfig).addActionConfig(TEST_ACTION_NAME, new ActionConfig.Builder("", "", TestAction.class.getName()).build()).build();
    configuration.addPackageConfig("testActionNamespacePackages", testActionWithNamespacePackageConfig);
}
Also used : ValidationInterceptor(com.opensymphony.xwork2.validator.ValidationInterceptor) ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig) ResultConfig(com.opensymphony.xwork2.config.entities.ResultConfig) MockResult(com.opensymphony.xwork2.mock.MockResult) HashMap(java.util.HashMap) ContainerBuilder(com.opensymphony.xwork2.inject.ContainerBuilder) ParametersInterceptor(com.opensymphony.xwork2.interceptor.ParametersInterceptor) PackageConfig(com.opensymphony.xwork2.config.entities.PackageConfig) TokenSessionStoreInterceptor(org.apache.struts2.interceptor.TokenSessionStoreInterceptor) InterceptorMapping(com.opensymphony.xwork2.config.entities.InterceptorMapping) TokenInterceptor(org.apache.struts2.interceptor.TokenInterceptor)

Example 8 with ParametersInterceptor

use of com.opensymphony.xwork2.interceptor.ParametersInterceptor in project struts by apache.

the class ValidateAction method testInsecureParameters.

public void testInsecureParameters() throws Exception {
    // given
    loadConfigurationProviders(new StrutsDefaultConfigurationProvider(), new StrutsXmlConfigurationProvider("xwork-param-test.xml"));
    final Map<String, Object> params = new HashMap<String, Object>() {

        {
            put("name", "(#context[\"xwork.MethodAccessor.denyMethodExecution\"]= new " + "java.lang.Boolean(false), #_memberAccess[\"allowStaticMethodAccess\"]= new java.lang.Boolean(true), " + "@java.lang.Runtime@getRuntime().exec('mkdir /tmp/PWNAGE'))(meh)");
            put("top['name'](0)", "true");
            put("expression", "#f=#_memberAccess.getClass().getDeclaredField('allowStaticMethodAccess'),#f.setAccessible(true),#f.set(#_memberAccess,true),#req=@org.apache.struts2.ServletActionContext@getRequest(),#resp=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#resp.println(#req.getRealPath('/')),#resp.close()");
        }
    };
    ParametersInterceptor pi = new ParametersInterceptor();
    container.inject(pi);
    ValueStack vs = ActionContext.getContext().getValueStack();
    // when
    ValidateAction action = new ValidateAction();
    pi.setParameters(action, vs, HttpParameters.create(params).build());
    // then
    assertEquals(3, action.getActionMessages().size());
    String msg1 = action.getActionMessage(0);
    String msg2 = action.getActionMessage(1);
    String msg3 = action.getActionMessage(2);
    assertEquals("Error setting expression 'expression' with value '#f=#_memberAccess.getClass().getDeclaredField('allowStaticMethodAccess'),#f.setAccessible(true),#f.set(#_memberAccess,true),#req=@org.apache.struts2.ServletActionContext@getRequest(),#resp=@org.apache.struts2.ServletActionContext@getResponse().getWriter(),#resp.println(#req.getRealPath('/')),#resp.close()'", msg1);
    assertEquals("Error setting expression 'name' with value '(#context[\"xwork.MethodAccessor.denyMethodExecution\"]= new java.lang.Boolean(false), #_memberAccess[\"allowStaticMethodAccess\"]= new java.lang.Boolean(true), @java.lang.Runtime@getRuntime().exec('mkdir /tmp/PWNAGE'))(meh)'", msg2);
    assertEquals("Error setting expression 'top['name'](0)' with value 'true'", msg3);
    assertNull(action.getName());
}
Also used : StrutsXmlConfigurationProvider(org.apache.struts2.config.StrutsXmlConfigurationProvider) OgnlValueStack(com.opensymphony.xwork2.ognl.OgnlValueStack) ValueStack(com.opensymphony.xwork2.util.ValueStack) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) StrutsDefaultConfigurationProvider(com.opensymphony.xwork2.config.providers.StrutsDefaultConfigurationProvider)

Example 9 with ParametersInterceptor

use of com.opensymphony.xwork2.interceptor.ParametersInterceptor in project struts by apache.

the class ValidateAction method testDMIMethodsAreIgnored.

public void testDMIMethodsAreIgnored() throws Exception {
    // given
    ParametersInterceptor interceptor = createParametersInterceptor();
    final Map<String, Object> actual = injectValueStackFactory(interceptor);
    ValueStack stack = injectValueStack(actual);
    final Map<String, Object> expected = new HashMap<String, Object>() {

        {
            put("ordinary.bean", "value");
        }
    };
    Map<String, Object> parameters = new HashMap<String, Object>() {

        {
            put("ordinary.bean", "value");
            put("action:", "myAction");
            put("method:", "doExecute");
        }
    };
    // when
    interceptor.setParameters(new NoParametersAction(), stack, HttpParameters.create(parameters).build());
    // then
    assertEquals(expected, actual);
}
Also used : OgnlValueStack(com.opensymphony.xwork2.ognl.OgnlValueStack) ValueStack(com.opensymphony.xwork2.util.ValueStack) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap)

Example 10 with ParametersInterceptor

use of com.opensymphony.xwork2.interceptor.ParametersInterceptor in project struts by apache.

the class ValidateAction method testClassPollutionBlockedByOgnl.

public void testClassPollutionBlockedByOgnl() throws Exception {
    // given
    final String pollution1 = "class.classLoader.jarPath";
    final String pollution2 = "model.class.classLoader.jarPath";
    final String pollution3 = "class.classLoader.defaultAssertionStatus";
    loadConfigurationProviders(new StrutsDefaultConfigurationProvider(), new StrutsXmlConfigurationProvider("xwork-class-param-test.xml"));
    final Map<String, Object> params = new HashMap<String, Object>() {

        {
            put(pollution1, "bad");
            put(pollution2, "very bad");
            put(pollution3, true);
        }
    };
    final Map<String, Boolean> excluded = new HashMap<>();
    ParametersInterceptor pi = new ParametersInterceptor() {

        @Override
        protected boolean isExcluded(String paramName) {
            boolean result = super.isExcluded(paramName);
            excluded.put(paramName, result);
            return result;
        }
    };
    container.inject(pi);
    ValueStack vs = ActionContext.getContext().getValueStack();
    // when
    ValidateAction action = new ValidateAction();
    pi.setParameters(action, vs, HttpParameters.create(params).build());
    // then
    assertEquals(3, action.getActionMessages().size());
    String msg1 = action.getActionMessage(0);
    String msg2 = action.getActionMessage(1);
    String msg3 = action.getActionMessage(2);
    assertEquals("Error setting expression 'class.classLoader.defaultAssertionStatus' with value 'true'", msg1);
    assertEquals("Error setting expression 'class.classLoader.jarPath' with value 'bad'", msg2);
    assertEquals("Error setting expression 'model.class.classLoader.jarPath' with value 'very bad'", msg3);
    assertFalse(excluded.get(pollution1));
    assertFalse(excluded.get(pollution2));
    assertFalse(excluded.get(pollution3));
}
Also used : StrutsXmlConfigurationProvider(org.apache.struts2.config.StrutsXmlConfigurationProvider) OgnlValueStack(com.opensymphony.xwork2.ognl.OgnlValueStack) ValueStack(com.opensymphony.xwork2.util.ValueStack) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) StrutsDefaultConfigurationProvider(com.opensymphony.xwork2.config.providers.StrutsDefaultConfigurationProvider)

Aggregations

HashMap (java.util.HashMap)14 LinkedHashMap (java.util.LinkedHashMap)13 OgnlValueStack (com.opensymphony.xwork2.ognl.OgnlValueStack)11 ValueStack (com.opensymphony.xwork2.util.ValueStack)11 SimpleAction (com.opensymphony.xwork2.SimpleAction)6 Action (com.opensymphony.xwork2.Action)4 ModelDrivenAction (com.opensymphony.xwork2.ModelDrivenAction)4 StrutsDefaultConfigurationProvider (com.opensymphony.xwork2.config.providers.StrutsDefaultConfigurationProvider)4 StrutsXmlConfigurationProvider (org.apache.struts2.config.StrutsXmlConfigurationProvider)4 ActionConfig (com.opensymphony.xwork2.config.entities.ActionConfig)3 ActionProxy (com.opensymphony.xwork2.ActionProxy)2 ArrayList (java.util.ArrayList)2 InterceptorMapping (com.opensymphony.xwork2.config.entities.InterceptorMapping)1 PackageConfig (com.opensymphony.xwork2.config.entities.PackageConfig)1 ResultConfig (com.opensymphony.xwork2.config.entities.ResultConfig)1 ContainerBuilder (com.opensymphony.xwork2.inject.ContainerBuilder)1 ParametersInterceptor (com.opensymphony.xwork2.interceptor.ParametersInterceptor)1 MockActionInvocation (com.opensymphony.xwork2.mock.MockActionInvocation)1 MockResult (com.opensymphony.xwork2.mock.MockResult)1 ValidationInterceptor (com.opensymphony.xwork2.validator.ValidationInterceptor)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial