use of com.opensymphony.xwork2.ognl.SecurityMemberAccess in project struts by apache.
the class SetPropertiesTest method testOgnlUtilEmptyStringAsLong.
public void testOgnlUtilEmptyStringAsLong() {
Bar bar = new Bar();
Map context = Ognl.createDefaultContext(bar, new SecurityMemberAccess(false, true));
context.put(XWorkConverter.REPORT_CONVERSION_ERRORS, Boolean.TRUE);
bar.setId(null);
HashMap props = new HashMap();
props.put("id", "");
ognlUtil.setProperties(props, bar, context);
assertNull(bar.getId());
assertEquals(0, bar.getFieldErrors().size());
props.put("id", new String[] { "" });
bar.setId(null);
ognlUtil.setProperties(props, bar, context);
assertNull(bar.getId());
assertEquals(0, bar.getFieldErrors().size());
}
use of com.opensymphony.xwork2.ognl.SecurityMemberAccess in project struts by apache.
the class SecurityMemberAccessProxyTest method testProxyAccessIsAccessible.
public void testProxyAccessIsAccessible() throws Exception {
ActionProxy proxy = actionProxyFactory.createActionProxy(null, "chaintoAOPedTestSubBeanAction", null, context);
SecurityMemberAccess sma = new SecurityMemberAccess(false, true);
Member member = proxy.getAction().getClass().getMethod("isExposeProxy");
boolean accessible = sma.isAccessible(context, proxy.getAction(), member, "");
assertTrue(accessible);
}
use of com.opensymphony.xwork2.ognl.SecurityMemberAccess in project struts by apache.
the class SecurityMemberAccessProxyTest method testProxyAccessIsBlocked.
public void testProxyAccessIsBlocked() throws Exception {
ActionProxy proxy = actionProxyFactory.createActionProxy(null, "chaintoAOPedTestSubBeanAction", null, context);
SecurityMemberAccess sma = new SecurityMemberAccess(false, true);
sma.setDisallowProxyMemberAccess(true);
Member member = proxy.getAction().getClass().getMethod("isExposeProxy");
boolean accessible = sma.isAccessible(context, proxy.getAction(), member, "");
assertFalse(accessible);
}
use of com.opensymphony.xwork2.ognl.SecurityMemberAccess in project struts by apache.
the class SecurityMemberAccessInServletsTest method testJavaxServletPackageAccess.
public void testJavaxServletPackageAccess() throws Exception {
// given
SecurityMemberAccess sma = new SecurityMemberAccess(false, true);
Set<Pattern> excluded = new HashSet<Pattern>();
excluded.add(Pattern.compile("^(?!javax\\.servlet\\..+)(javax\\..+)"));
sma.setExcludedPackageNamePatterns(excluded);
String propertyName = "value";
Member member = TagSupport.class.getMethod("doStartTag");
// when
boolean actual = sma.isAccessible(context, new TestAction(), member, propertyName);
// then
assertTrue("javax.servlet package isn't accessible!", actual);
}
use of com.opensymphony.xwork2.ognl.SecurityMemberAccess in project struts by apache.
the class SecurityMemberAccessInServletsTest method testJavaxServletPackageExclusion.
public void testJavaxServletPackageExclusion() throws Exception {
// given
SecurityMemberAccess sma = new SecurityMemberAccess(false, true);
Set<Pattern> excluded = new HashSet<Pattern>();
excluded.add(Pattern.compile("^javax\\..+"));
sma.setExcludedPackageNamePatterns(excluded);
String propertyName = "value";
Member member = TagSupport.class.getMethod("doStartTag");
// when
boolean actual = sma.isAccessible(context, new TestAction(), member, propertyName);
// then
assertFalse("javax.servlet package is accessible!", actual);
}
Aggregations