Search in sources :

Example 1 with ClearableValueStack

use of com.opensymphony.xwork2.util.ClearableValueStack in project struts by apache.

the class AliasInterceptor method intercept.

@Override
public String intercept(ActionInvocation invocation) throws Exception {
    ActionConfig config = invocation.getProxy().getConfig();
    ActionContext ac = invocation.getInvocationContext();
    Object action = invocation.getAction();
    // get the action's parameters
    final Map<String, String> parameters = config.getParams();
    if (parameters.containsKey(aliasesKey)) {
        String aliasExpression = parameters.get(aliasesKey);
        ValueStack stack = ac.getValueStack();
        Object obj = stack.findValue(aliasExpression);
        if (obj instanceof Map) {
            // get secure stack
            ValueStack newStack = valueStackFactory.createValueStack(stack);
            boolean clearableStack = newStack instanceof ClearableValueStack;
            if (clearableStack) {
                // if the stack's context can be cleared, do that to prevent OGNL
                // from having access to objects in the stack, see XW-641
                ((ClearableValueStack) newStack).clearContextValues();
                Map<String, Object> context = newStack.getContext();
                ReflectionContextState.setCreatingNullObjects(context, true);
                ReflectionContextState.setDenyMethodExecution(context, true);
                ReflectionContextState.setReportingConversionErrors(context, true);
                // keep locale from original context
                newStack.getActionContext().withLocale(stack.getActionContext().getLocale());
            }
            // override
            Map aliases = (Map) obj;
            for (Object o : aliases.entrySet()) {
                Map.Entry entry = (Map.Entry) o;
                String name = entry.getKey().toString();
                if (isNotAcceptableExpression(name)) {
                    continue;
                }
                String alias = (String) entry.getValue();
                if (isNotAcceptableExpression(alias)) {
                    continue;
                }
                Evaluated value = new Evaluated(stack.findValue(name));
                if (!value.isDefined()) {
                    // workaround
                    HttpParameters contextParameters = ActionContext.getContext().getParameters();
                    if (null != contextParameters) {
                        Parameter param = contextParameters.get(name);
                        if (param.isDefined()) {
                            value = new Evaluated(param.getValue());
                        }
                    }
                }
                if (value.isDefined()) {
                    try {
                        newStack.setValue(alias, value.get());
                    } catch (RuntimeException e) {
                        if (devMode) {
                            String developerNotification = localizedTextProvider.findText(ParametersInterceptor.class, "devmode.notification", ActionContext.getContext().getLocale(), "Developer Notification:\n{0}", new Object[] { "Unexpected Exception caught setting '" + entry.getKey() + "' on '" + action.getClass() + ": " + e.getMessage() });
                            LOG.error(developerNotification);
                            if (action instanceof ValidationAware) {
                                ((ValidationAware) action).addActionMessage(developerNotification);
                            }
                        }
                    }
                }
            }
            if (clearableStack) {
                stack.getActionContext().withConversionErrors(newStack.getActionContext().getConversionErrors());
            }
        } else {
            LOG.debug("invalid alias expression: {}", aliasesKey);
        }
    }
    return invocation.invoke();
}
Also used : ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig) ClearableValueStack(com.opensymphony.xwork2.util.ClearableValueStack) ValueStack(com.opensymphony.xwork2.util.ValueStack) HttpParameters(org.apache.struts2.dispatcher.HttpParameters) Evaluated(com.opensymphony.xwork2.util.Evaluated) ActionContext(com.opensymphony.xwork2.ActionContext) ClearableValueStack(com.opensymphony.xwork2.util.ClearableValueStack) Parameter(org.apache.struts2.dispatcher.Parameter) Map(java.util.Map)

Example 2 with ClearableValueStack

use of com.opensymphony.xwork2.util.ClearableValueStack in project struts by apache.

the class StaticParametersInterceptor method intercept.

@Override
public String intercept(ActionInvocation invocation) throws Exception {
    ActionConfig config = invocation.getProxy().getConfig();
    Object action = invocation.getAction();
    final Map<String, String> parameters = config.getParams();
    LOG.debug("Setting static parameters: {}", parameters);
    // for actions marked as Parameterizable, pass the static parameters directly
    if (action instanceof Parameterizable) {
        ((Parameterizable) action).setParams(parameters);
    }
    if (parameters != null) {
        ActionContext ac = ActionContext.getContext();
        Map<String, Object> contextMap = ac.getContextMap();
        try {
            ReflectionContextState.setCreatingNullObjects(contextMap, true);
            ReflectionContextState.setReportingConversionErrors(contextMap, true);
            final ValueStack stack = ac.getValueStack();
            ValueStack newStack = valueStackFactory.createValueStack(stack);
            boolean clearableStack = newStack instanceof ClearableValueStack;
            if (clearableStack) {
                // if the stack's context can be cleared, do that to prevent OGNL
                // from having access to objects in the stack, see XW-641
                ((ClearableValueStack) newStack).clearContextValues();
                Map<String, Object> context = newStack.getContext();
                ReflectionContextState.setCreatingNullObjects(context, true);
                ReflectionContextState.setDenyMethodExecution(context, true);
                ReflectionContextState.setReportingConversionErrors(context, true);
                // keep locale from original context
                newStack.getActionContext().withLocale(stack.getActionContext().getLocale());
            }
            for (Map.Entry<String, String> entry : parameters.entrySet()) {
                Object val = entry.getValue();
                if (parse && val instanceof String) {
                    val = TextParseUtil.translateVariables(val.toString(), stack);
                }
                try {
                    newStack.setValue(entry.getKey(), val);
                } catch (RuntimeException e) {
                    if (devMode) {
                        String developerNotification = localizedTextProvider.findText(ParametersInterceptor.class, "devmode.notification", ActionContext.getContext().getLocale(), "Developer Notification:\n{0}", new Object[] { "Unexpected Exception caught setting '" + entry.getKey() + "' on '" + action.getClass() + ": " + e.getMessage() });
                        LOG.error(developerNotification);
                        if (action instanceof ValidationAware) {
                            ((ValidationAware) action).addActionMessage(developerNotification);
                        }
                    }
                }
            }
            if (clearableStack) {
                stack.getActionContext().withConversionErrors(newStack.getActionContext().getConversionErrors());
            }
            if (merge)
                addParametersToContext(ac, parameters);
        } finally {
            ReflectionContextState.setCreatingNullObjects(contextMap, false);
            ReflectionContextState.setReportingConversionErrors(contextMap, false);
        }
    }
    return invocation.invoke();
}
Also used : ActionConfig(com.opensymphony.xwork2.config.entities.ActionConfig) ClearableValueStack(com.opensymphony.xwork2.util.ClearableValueStack) ValueStack(com.opensymphony.xwork2.util.ValueStack) ActionContext(com.opensymphony.xwork2.ActionContext) ClearableValueStack(com.opensymphony.xwork2.util.ClearableValueStack) Parameterizable(com.opensymphony.xwork2.config.entities.Parameterizable) Map(java.util.Map)

Example 3 with ClearableValueStack

use of com.opensymphony.xwork2.util.ClearableValueStack in project struts by apache.

the class ParametersInterceptor method setParameters.

protected void setParameters(final Object action, ValueStack stack, HttpParameters parameters) {
    HttpParameters params;
    Map<String, Parameter> acceptableParameters;
    if (ordered) {
        params = HttpParameters.create().withComparator(getOrderedComparator()).withParent(parameters).build();
        acceptableParameters = new TreeMap<>(getOrderedComparator());
    } else {
        params = HttpParameters.create().withParent(parameters).build();
        acceptableParameters = new TreeMap<>();
    }
    for (Map.Entry<String, Parameter> entry : params.entrySet()) {
        String parameterName = entry.getKey();
        if (isAcceptableParameter(parameterName, action)) {
            acceptableParameters.put(parameterName, entry.getValue());
        }
    }
    ValueStack newStack = valueStackFactory.createValueStack(stack);
    boolean clearableStack = newStack instanceof ClearableValueStack;
    if (clearableStack) {
        // if the stack's context can be cleared, do that to prevent OGNL
        // from having access to objects in the stack, see XW-641
        ((ClearableValueStack) newStack).clearContextValues();
        Map<String, Object> context = newStack.getContext();
        ReflectionContextState.setCreatingNullObjects(context, true);
        ReflectionContextState.setDenyMethodExecution(context, true);
        ReflectionContextState.setReportingConversionErrors(context, true);
        // keep locale from original context
        newStack.getActionContext().withLocale(stack.getActionContext().getLocale());
    }
    boolean memberAccessStack = newStack instanceof MemberAccessValueStack;
    if (memberAccessStack) {
        // block or allow access to properties
        // see WW-2761 for more details
        MemberAccessValueStack accessValueStack = (MemberAccessValueStack) newStack;
        accessValueStack.setAcceptProperties(acceptedPatterns.getAcceptedPatterns());
        accessValueStack.setExcludeProperties(excludedPatterns.getExcludedPatterns());
    }
    for (Map.Entry<String, Parameter> entry : acceptableParameters.entrySet()) {
        String name = entry.getKey();
        Parameter value = entry.getValue();
        try {
            newStack.setParameter(name, value.getObject());
        } catch (RuntimeException e) {
            if (devMode) {
                notifyDeveloperParameterException(action, name, e.getMessage());
            }
        }
    }
    if (clearableStack) {
        stack.getActionContext().withConversionErrors(newStack.getActionContext().getConversionErrors());
    }
    addParametersToContext(ActionContext.getContext(), acceptableParameters);
}
Also used : HttpParameters(org.apache.struts2.dispatcher.HttpParameters) ClearableValueStack(com.opensymphony.xwork2.util.ClearableValueStack) MemberAccessValueStack(com.opensymphony.xwork2.util.MemberAccessValueStack) ValueStack(com.opensymphony.xwork2.util.ValueStack) MemberAccessValueStack(com.opensymphony.xwork2.util.MemberAccessValueStack) ClearableValueStack(com.opensymphony.xwork2.util.ClearableValueStack) Parameter(org.apache.struts2.dispatcher.Parameter) TreeMap(java.util.TreeMap) Map(java.util.Map)

Aggregations

ClearableValueStack (com.opensymphony.xwork2.util.ClearableValueStack)3 ValueStack (com.opensymphony.xwork2.util.ValueStack)3 Map (java.util.Map)3 ActionContext (com.opensymphony.xwork2.ActionContext)2 ActionConfig (com.opensymphony.xwork2.config.entities.ActionConfig)2 HttpParameters (org.apache.struts2.dispatcher.HttpParameters)2 Parameter (org.apache.struts2.dispatcher.Parameter)2 Parameterizable (com.opensymphony.xwork2.config.entities.Parameterizable)1 Evaluated (com.opensymphony.xwork2.util.Evaluated)1 MemberAccessValueStack (com.opensymphony.xwork2.util.MemberAccessValueStack)1 TreeMap (java.util.TreeMap)1