Search in sources :

Example 1 with SecurityMemberAccess

use of com.opensymphony.xwork2.ognl.SecurityMemberAccess in project struts by apache.

the class SetPropertiesTest method testOgnlUtilEmptyStringAsLong.

public void testOgnlUtilEmptyStringAsLong() {
    Bar bar = new Bar();
    Map context = Ognl.createDefaultContext(bar, new SecurityMemberAccess(false, true));
    context.put(XWorkConverter.REPORT_CONVERSION_ERRORS, Boolean.TRUE);
    bar.setId(null);
    HashMap props = new HashMap();
    props.put("id", "");
    ognlUtil.setProperties(props, bar, context);
    assertNull(bar.getId());
    assertEquals(0, bar.getFieldErrors().size());
    props.put("id", new String[] { "" });
    bar.setId(null);
    ognlUtil.setProperties(props, bar, context);
    assertNull(bar.getId());
    assertEquals(0, bar.getFieldErrors().size());
}
Also used : Bar(com.opensymphony.xwork2.util.Bar)

Example 2 with SecurityMemberAccess

use of com.opensymphony.xwork2.ognl.SecurityMemberAccess in project struts by apache.

the class SecurityMemberAccessProxyTest method testProxyAccessIsAccessible.

public void testProxyAccessIsAccessible() throws Exception {
    ActionProxy proxy = actionProxyFactory.createActionProxy(null, "chaintoAOPedTestSubBeanAction", null, context);
    SecurityMemberAccess sma = new SecurityMemberAccess(false, true);
    Member member = proxy.getAction().getClass().getMethod("isExposeProxy");
    boolean accessible = sma.isAccessible(context, proxy.getAction(), member, "");
    assertTrue(accessible);
}
Also used : ActionProxy(com.opensymphony.xwork2.ActionProxy) Member(java.lang.reflect.Member)

Example 3 with SecurityMemberAccess

use of com.opensymphony.xwork2.ognl.SecurityMemberAccess in project struts by apache.

the class SecurityMemberAccessProxyTest method testProxyAccessIsBlocked.

public void testProxyAccessIsBlocked() throws Exception {
    ActionProxy proxy = actionProxyFactory.createActionProxy(null, "chaintoAOPedTestSubBeanAction", null, context);
    SecurityMemberAccess sma = new SecurityMemberAccess(false, true);
    sma.setDisallowProxyMemberAccess(true);
    Member member = proxy.getAction().getClass().getMethod("isExposeProxy");
    boolean accessible = sma.isAccessible(context, proxy.getAction(), member, "");
    assertFalse(accessible);
}
Also used : ActionProxy(com.opensymphony.xwork2.ActionProxy) Member(java.lang.reflect.Member)

Example 4 with SecurityMemberAccess

use of com.opensymphony.xwork2.ognl.SecurityMemberAccess in project struts by apache.

the class SecurityMemberAccessInServletsTest method testJavaxServletPackageAccess.

public void testJavaxServletPackageAccess() throws Exception {
    // given
    SecurityMemberAccess sma = new SecurityMemberAccess(false, true);
    Set<Pattern> excluded = new HashSet<Pattern>();
    excluded.add(Pattern.compile("^(?!javax\\.servlet\\..+)(javax\\..+)"));
    sma.setExcludedPackageNamePatterns(excluded);
    String propertyName = "value";
    Member member = TagSupport.class.getMethod("doStartTag");
    // when
    boolean actual = sma.isAccessible(context, new TestAction(), member, propertyName);
    // then
    assertTrue("javax.servlet package isn't accessible!", actual);
}
Also used : Pattern(java.util.regex.Pattern) SecurityMemberAccess(com.opensymphony.xwork2.ognl.SecurityMemberAccess) Member(java.lang.reflect.Member) HashSet(java.util.HashSet) TestAction(org.apache.struts2.TestAction)

Example 5 with SecurityMemberAccess

use of com.opensymphony.xwork2.ognl.SecurityMemberAccess in project struts by apache.

the class SecurityMemberAccessInServletsTest method testJavaxServletPackageExclusion.

public void testJavaxServletPackageExclusion() throws Exception {
    // given
    SecurityMemberAccess sma = new SecurityMemberAccess(false, true);
    Set<Pattern> excluded = new HashSet<Pattern>();
    excluded.add(Pattern.compile("^javax\\..+"));
    sma.setExcludedPackageNamePatterns(excluded);
    String propertyName = "value";
    Member member = TagSupport.class.getMethod("doStartTag");
    // when
    boolean actual = sma.isAccessible(context, new TestAction(), member, propertyName);
    // then
    assertFalse("javax.servlet package is accessible!", actual);
}
Also used : Pattern(java.util.regex.Pattern) SecurityMemberAccess(com.opensymphony.xwork2.ognl.SecurityMemberAccess) Member(java.lang.reflect.Member) HashSet(java.util.HashSet) TestAction(org.apache.struts2.TestAction)

Aggregations

Member (java.lang.reflect.Member)4 ActionProxy (com.opensymphony.xwork2.ActionProxy)3 SecurityMemberAccess (com.opensymphony.xwork2.ognl.SecurityMemberAccess)3 HashSet (java.util.HashSet)2 Pattern (java.util.regex.Pattern)2 TestAction (org.apache.struts2.TestAction)2 OgnlValueStack (com.opensymphony.xwork2.ognl.OgnlValueStack)1 Bar (com.opensymphony.xwork2.util.Bar)1 ValueStack (com.opensymphony.xwork2.util.ValueStack)1 HashMap (java.util.HashMap)1 LinkedHashMap (java.util.LinkedHashMap)1