use of com.opensymphony.xwork2.util.ClearableValueStack in project struts by apache.
the class AliasInterceptor method intercept.
@Override
public String intercept(ActionInvocation invocation) throws Exception {
ActionConfig config = invocation.getProxy().getConfig();
ActionContext ac = invocation.getInvocationContext();
Object action = invocation.getAction();
// get the action's parameters
final Map<String, String> parameters = config.getParams();
if (parameters.containsKey(aliasesKey)) {
String aliasExpression = parameters.get(aliasesKey);
ValueStack stack = ac.getValueStack();
Object obj = stack.findValue(aliasExpression);
if (obj instanceof Map) {
// get secure stack
ValueStack newStack = valueStackFactory.createValueStack(stack);
boolean clearableStack = newStack instanceof ClearableValueStack;
if (clearableStack) {
// if the stack's context can be cleared, do that to prevent OGNL
// from having access to objects in the stack, see XW-641
((ClearableValueStack) newStack).clearContextValues();
Map<String, Object> context = newStack.getContext();
ReflectionContextState.setCreatingNullObjects(context, true);
ReflectionContextState.setDenyMethodExecution(context, true);
ReflectionContextState.setReportingConversionErrors(context, true);
// keep locale from original context
newStack.getActionContext().withLocale(stack.getActionContext().getLocale());
}
// override
Map aliases = (Map) obj;
for (Object o : aliases.entrySet()) {
Map.Entry entry = (Map.Entry) o;
String name = entry.getKey().toString();
if (isNotAcceptableExpression(name)) {
continue;
}
String alias = (String) entry.getValue();
if (isNotAcceptableExpression(alias)) {
continue;
}
Evaluated value = new Evaluated(stack.findValue(name));
if (!value.isDefined()) {
// workaround
HttpParameters contextParameters = ActionContext.getContext().getParameters();
if (null != contextParameters) {
Parameter param = contextParameters.get(name);
if (param.isDefined()) {
value = new Evaluated(param.getValue());
}
}
}
if (value.isDefined()) {
try {
newStack.setValue(alias, value.get());
} catch (RuntimeException e) {
if (devMode) {
String developerNotification = localizedTextProvider.findText(ParametersInterceptor.class, "devmode.notification", ActionContext.getContext().getLocale(), "Developer Notification:\n{0}", new Object[] { "Unexpected Exception caught setting '" + entry.getKey() + "' on '" + action.getClass() + ": " + e.getMessage() });
LOG.error(developerNotification);
if (action instanceof ValidationAware) {
((ValidationAware) action).addActionMessage(developerNotification);
}
}
}
}
}
if (clearableStack) {
stack.getActionContext().withConversionErrors(newStack.getActionContext().getConversionErrors());
}
} else {
LOG.debug("invalid alias expression: {}", aliasesKey);
}
}
return invocation.invoke();
}
use of com.opensymphony.xwork2.util.ClearableValueStack in project struts by apache.
the class StaticParametersInterceptor method intercept.
@Override
public String intercept(ActionInvocation invocation) throws Exception {
ActionConfig config = invocation.getProxy().getConfig();
Object action = invocation.getAction();
final Map<String, String> parameters = config.getParams();
LOG.debug("Setting static parameters: {}", parameters);
// for actions marked as Parameterizable, pass the static parameters directly
if (action instanceof Parameterizable) {
((Parameterizable) action).setParams(parameters);
}
if (parameters != null) {
ActionContext ac = ActionContext.getContext();
Map<String, Object> contextMap = ac.getContextMap();
try {
ReflectionContextState.setCreatingNullObjects(contextMap, true);
ReflectionContextState.setReportingConversionErrors(contextMap, true);
final ValueStack stack = ac.getValueStack();
ValueStack newStack = valueStackFactory.createValueStack(stack);
boolean clearableStack = newStack instanceof ClearableValueStack;
if (clearableStack) {
// if the stack's context can be cleared, do that to prevent OGNL
// from having access to objects in the stack, see XW-641
((ClearableValueStack) newStack).clearContextValues();
Map<String, Object> context = newStack.getContext();
ReflectionContextState.setCreatingNullObjects(context, true);
ReflectionContextState.setDenyMethodExecution(context, true);
ReflectionContextState.setReportingConversionErrors(context, true);
// keep locale from original context
newStack.getActionContext().withLocale(stack.getActionContext().getLocale());
}
for (Map.Entry<String, String> entry : parameters.entrySet()) {
Object val = entry.getValue();
if (parse && val instanceof String) {
val = TextParseUtil.translateVariables(val.toString(), stack);
}
try {
newStack.setValue(entry.getKey(), val);
} catch (RuntimeException e) {
if (devMode) {
String developerNotification = localizedTextProvider.findText(ParametersInterceptor.class, "devmode.notification", ActionContext.getContext().getLocale(), "Developer Notification:\n{0}", new Object[] { "Unexpected Exception caught setting '" + entry.getKey() + "' on '" + action.getClass() + ": " + e.getMessage() });
LOG.error(developerNotification);
if (action instanceof ValidationAware) {
((ValidationAware) action).addActionMessage(developerNotification);
}
}
}
}
if (clearableStack) {
stack.getActionContext().withConversionErrors(newStack.getActionContext().getConversionErrors());
}
if (merge)
addParametersToContext(ac, parameters);
} finally {
ReflectionContextState.setCreatingNullObjects(contextMap, false);
ReflectionContextState.setReportingConversionErrors(contextMap, false);
}
}
return invocation.invoke();
}
use of com.opensymphony.xwork2.util.ClearableValueStack in project struts by apache.
the class ParametersInterceptor method setParameters.
protected void setParameters(final Object action, ValueStack stack, HttpParameters parameters) {
HttpParameters params;
Map<String, Parameter> acceptableParameters;
if (ordered) {
params = HttpParameters.create().withComparator(getOrderedComparator()).withParent(parameters).build();
acceptableParameters = new TreeMap<>(getOrderedComparator());
} else {
params = HttpParameters.create().withParent(parameters).build();
acceptableParameters = new TreeMap<>();
}
for (Map.Entry<String, Parameter> entry : params.entrySet()) {
String parameterName = entry.getKey();
if (isAcceptableParameter(parameterName, action)) {
acceptableParameters.put(parameterName, entry.getValue());
}
}
ValueStack newStack = valueStackFactory.createValueStack(stack);
boolean clearableStack = newStack instanceof ClearableValueStack;
if (clearableStack) {
// if the stack's context can be cleared, do that to prevent OGNL
// from having access to objects in the stack, see XW-641
((ClearableValueStack) newStack).clearContextValues();
Map<String, Object> context = newStack.getContext();
ReflectionContextState.setCreatingNullObjects(context, true);
ReflectionContextState.setDenyMethodExecution(context, true);
ReflectionContextState.setReportingConversionErrors(context, true);
// keep locale from original context
newStack.getActionContext().withLocale(stack.getActionContext().getLocale());
}
boolean memberAccessStack = newStack instanceof MemberAccessValueStack;
if (memberAccessStack) {
// block or allow access to properties
// see WW-2761 for more details
MemberAccessValueStack accessValueStack = (MemberAccessValueStack) newStack;
accessValueStack.setAcceptProperties(acceptedPatterns.getAcceptedPatterns());
accessValueStack.setExcludeProperties(excludedPatterns.getExcludedPatterns());
}
for (Map.Entry<String, Parameter> entry : acceptableParameters.entrySet()) {
String name = entry.getKey();
Parameter value = entry.getValue();
try {
newStack.setParameter(name, value.getObject());
} catch (RuntimeException e) {
if (devMode) {
notifyDeveloperParameterException(action, name, e.getMessage());
}
}
}
if (clearableStack) {
stack.getActionContext().withConversionErrors(newStack.getActionContext().getConversionErrors());
}
addParametersToContext(ActionContext.getContext(), acceptableParameters);
}
Aggregations