Examples with SecurityMemberAccess com.opensymphony.xwork2.ognl.SecurityMemberAccess used on opensource projects

Search in sources :

Example 6 with SecurityMemberAccess

use of com.opensymphony.xwork2.ognl.SecurityMemberAccess in project struts by apache.

the class ValidateAction method testAccessToOgnlInternals.

public void testAccessToOgnlInternals() throws Exception {
    // given
    Map<String, Object> params = new HashMap<>();
    params.put("blah", "This is blah");
    params.put("('\\u0023_memberAccess[\\'allowStaticMethodAccess\\']')(meh)", "true");
    params.put("('(aaa)(('\\u0023context[\\'xwork.MethodAccessor.denyMethodExecution\\']\\u003d\\u0023foo')(\\u0023foo\\u003dnew java.lang.Boolean(\"false\")))", "");
    params.put("(asdf)(('\\u0023rt.exit(1)')(\\u0023rt\\u003d@java.lang.Runtime@getRuntime()))", "1");
    HashMap<String, Object> extraContext = new HashMap<>();
    extraContext.put(ActionContext.PARAMETERS, HttpParameters.create(params).build());
    ActionProxy proxy = actionProxyFactory.createActionProxy("", MockConfigurationProvider.PARAM_INTERCEPTOR_ACTION_NAME, null, extraContext);
    ValueStack stack = proxy.getInvocation().getStack();
    // when
    proxy.execute();
    proxy.getAction();
    // then
    assertEquals("This is blah", ((SimpleAction) proxy.getAction()).getBlah());
    boolean allowMethodAccess = ((SecurityMemberAccess) ((OgnlContext) stack.getContext()).getMemberAccess()).getAllowStaticMethodAccess();
    assertFalse(allowMethodAccess);
}
Also used : ActionProxy(com.opensymphony.xwork2.ActionProxy) OgnlValueStack(com.opensymphony.xwork2.ognl.OgnlValueStack) ValueStack(com.opensymphony.xwork2.util.ValueStack) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) SecurityMemberAccess(com.opensymphony.xwork2.ognl.SecurityMemberAccess)

Aggregations

Member (java.lang.reflect.Member)4 ActionProxy (com.opensymphony.xwork2.ActionProxy)3 SecurityMemberAccess (com.opensymphony.xwork2.ognl.SecurityMemberAccess)3 HashSet (java.util.HashSet)2 Pattern (java.util.regex.Pattern)2 TestAction (org.apache.struts2.TestAction)2 OgnlValueStack (com.opensymphony.xwork2.ognl.OgnlValueStack)1 Bar (com.opensymphony.xwork2.util.Bar)1 ValueStack (com.opensymphony.xwork2.util.ValueStack)1 HashMap (java.util.HashMap)1 LinkedHashMap (java.util.LinkedHashMap)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial