This is an automated email from the ASF dual-hosted git repository.
namelchev pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ignite.git
The following commit(s) were added to refs/heads/master by this push:
new 3c5cf62061a IGNITE-19742 Disabled Spring expressions in the cache
create command. (#10776)
3c5cf62061a is described below
commit 3c5cf62061a7b3669449d80cf2cec901b77761a6
Author: Nikita Amelchev <[email protected]>
AuthorDate: Fri Jun 16 12:44:51 2023 +0300
IGNITE-19742 Disabled Spring expressions in the cache create command.
(#10776)
---
.../util/GridCommandHandlerClusterByClassTest.java | 8 ++++
.../config/cache/cache-create-with-spel.xml | 27 +++++++++++++
.../internal/util/spring/IgniteSpringHelper.java | 13 ++++++
.../internal/visor/cache/VisorCacheCreateTask.java | 2 +-
.../util/spring/IgniteSpringHelperImpl.java | 47 ++++++++++++++++++++--
5 files changed, 92 insertions(+), 5 deletions(-)
diff --git
a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerClusterByClassTest.java
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerClusterByClassTest.java
index d2342de799b..a164a1f0d6d 100644
---
a/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerClusterByClassTest.java
+++
b/modules/control-utility/src/test/java/org/apache/ignite/util/GridCommandHandlerClusterByClassTest.java
@@ -1296,6 +1296,14 @@ public class GridCommandHandlerClusterByClassTest
extends GridCommandHandlerClus
cfgPath + "/cache-create-correct.xml"));
assertTrue(crd.cacheNames().containsAll(F.asList("cache1", "cache2")));
+
+ int expSize = G.allGrids().size();
+
+ assertContains(log, executeCommand(EXIT_CODE_UNEXPECTED_ERROR,
"--cache", CREATE,
+ SPRING_XML_CONFIG, cfgPath + "/cache-create-with-spel.xml"),
+ "Spring expressions are prohibited.");
+
+ assertEquals(expSize, G.allGrids().size());
}
/** */
diff --git
a/modules/control-utility/src/test/resources/config/cache/cache-create-with-spel.xml
b/modules/control-utility/src/test/resources/config/cache/cache-create-with-spel.xml
new file mode 100644
index 00000000000..482c9ed1e64
--- /dev/null
+++
b/modules/control-utility/src/test/resources/config/cache/cache-create-with-spel.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<beans xmlns="http://www.springframework.org/schema/beans";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="
+ http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";>
+ <bean class="org.apache.ignite.configuration.CacheConfiguration">
+ <property name="name" value="cache-#{T(System).exit(0)}"/>
+ </bean>
+</beans>
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/util/spring/IgniteSpringHelper.java
b/modules/core/src/main/java/org/apache/ignite/internal/util/spring/IgniteSpringHelper.java
index 94ce6631903..056f4eef5c7 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/util/spring/IgniteSpringHelper.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/util/spring/IgniteSpringHelper.java
@@ -91,6 +91,19 @@ public interface IgniteSpringHelper {
public <T> IgniteBiTuple<Collection<T>, ? extends
GridSpringResourceContext> loadConfigurations(
InputStream cfgStream, Class<T> cls, String... excludedProps) throws
IgniteCheckedException;
+ /**
+ * Loads all configurations with given type specified within given
configuration input stream.
+ *
+ * @param cfgStream Configuration input stream. This cannot be {@code
null}.
+ * @param cls Required type of configuration.
+ * @param expEnabled Whether Spring bean expressions enabled.
+ * @param excludedProps Properties to exclude.
+ * @return Tuple containing all loaded configurations and Spring context
used to load them.
+ * @throws IgniteCheckedException If configuration could not be read.
+ */
+ public <T> IgniteBiTuple<Collection<T>, ? extends
GridSpringResourceContext> loadConfigurations(
+ InputStream cfgStream, Class<T> cls, boolean expEnabled, String...
excludedProps) throws IgniteCheckedException;
+
/**
* Loads bean instances that match the given types from given
configuration file.
*
diff --git
a/modules/core/src/main/java/org/apache/ignite/internal/visor/cache/VisorCacheCreateTask.java
b/modules/core/src/main/java/org/apache/ignite/internal/visor/cache/VisorCacheCreateTask.java
index 7ea209fa789..0296cc3003b 100644
---
a/modules/core/src/main/java/org/apache/ignite/internal/visor/cache/VisorCacheCreateTask.java
+++
b/modules/core/src/main/java/org/apache/ignite/internal/visor/cache/VisorCacheCreateTask.java
@@ -82,7 +82,7 @@ public class VisorCacheCreateTask extends
VisorOneNodeTask<CacheCreateCommandArg
try {
ccfgs = spring.loadConfigurations(new
ByteArrayInputStream(arg.fileContent().getBytes()),
- CacheConfiguration.class).get1();
+ CacheConfiguration.class, false).get1();
}
catch (IgniteCheckedException e) {
throw new IgniteException("Failed to create caches. Make sure
that Spring XML contains '" +
diff --git
a/modules/spring/src/main/java/org/apache/ignite/internal/util/spring/IgniteSpringHelperImpl.java
b/modules/spring/src/main/java/org/apache/ignite/internal/util/spring/IgniteSpringHelperImpl.java
index e67e5b4ca0f..1cc383a8433 100644
---
a/modules/spring/src/main/java/org/apache/ignite/internal/util/spring/IgniteSpringHelperImpl.java
+++
b/modules/spring/src/main/java/org/apache/ignite/internal/util/spring/IgniteSpringHelperImpl.java
@@ -29,6 +29,7 @@ import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import org.apache.ignite.IgniteCheckedException;
+import org.apache.ignite.IgniteException;
import org.apache.ignite.IgniteLogger;
import org.apache.ignite.configuration.IgniteConfiguration;
import
org.apache.ignite.internal.processors.resource.GridSpringResourceContext;
@@ -53,6 +54,11 @@ import
org.springframework.context.support.GenericApplicationContext;
import org.springframework.core.io.ByteArrayResource;
import org.springframework.core.io.InputStreamResource;
import org.springframework.core.io.UrlResource;
+import org.springframework.expression.Expression;
+import org.springframework.expression.common.LiteralExpression;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
+
+import static org.springframework.expression.ParserContext.TEMPLATE_EXPRESSION;
/**
* Spring configuration helper.
@@ -126,7 +132,16 @@ public class IgniteSpringHelperImpl implements
IgniteSpringHelper {
/** {@inheritDoc} */
@Override public <T> IgniteBiTuple<Collection<T>, ? extends
GridSpringResourceContext> loadConfigurations(
InputStream cfgStream, Class<T> cls, String... excludedProps) throws
IgniteCheckedException {
- ApplicationContext springCtx = applicationContext(cfgStream,
excludedProps);
+ return loadConfigurations(cfgStream, cls, true, excludedProps);
+ }
+
+ /** {@inheritDoc} */
+ @Override public <T> IgniteBiTuple<Collection<T>, ? extends
GridSpringResourceContext> loadConfigurations(
+ InputStream cfgStream, Class<T> cls,
+ boolean expEnabled,
+ String... excludedProps
+ ) throws IgniteCheckedException {
+ ApplicationContext springCtx = applicationContext(cfgStream,
expEnabled, excludedProps);
Map<String, T> cfgMap;
try {
@@ -368,7 +383,7 @@ public class IgniteSpringHelperImpl implements
IgniteSpringHelper {
public static ApplicationContext applicationContext(URL cfgUrl, final
String... excludedProps)
throws IgniteCheckedException {
try {
- GenericApplicationContext springCtx =
prepareSpringContext(excludedProps);
+ GenericApplicationContext springCtx = prepareSpringContext(true,
excludedProps);
new XmlBeanDefinitionReader(springCtx).loadBeanDefinitions(new
UrlResource(cfgUrl));
@@ -400,8 +415,17 @@ public class IgniteSpringHelperImpl implements
IgniteSpringHelper {
*/
public static ApplicationContext applicationContext(InputStream cfgStream,
final String... excludedProps)
throws IgniteCheckedException {
+ return applicationContext(cfgStream, true, excludedProps);
+ }
+
+ /** */
+ private static ApplicationContext applicationContext(
+ InputStream cfgStream,
+ boolean expEnabled,
+ final String... excludedProps
+ ) throws IgniteCheckedException {
try {
- GenericApplicationContext springCtx =
prepareSpringContext(excludedProps);
+ GenericApplicationContext springCtx =
prepareSpringContext(expEnabled, excludedProps);
XmlBeanDefinitionReader reader = new
XmlBeanDefinitionReader(springCtx);
@@ -426,12 +450,27 @@ public class IgniteSpringHelperImpl implements
IgniteSpringHelper {
/**
* Prepares Spring context.
*
+ * @param expEnabled Whether Spring bean expressions enabled.
* @param excludedProps Properties to be excluded.
* @return application context.
*/
- private static GenericApplicationContext prepareSpringContext(final
String... excludedProps) {
+ private static GenericApplicationContext prepareSpringContext(boolean
expEnabled, final String... excludedProps) {
GenericApplicationContext springCtx = new GenericApplicationContext();
+ if (!expEnabled) {
+ springCtx.addBeanFactoryPostProcessor(factory ->
factory.setBeanExpressionResolver((value, evalContext) -> {
+ if (F.isEmpty(value))
+ return value;
+
+ Expression exp = new
SpelExpressionParser().parseExpression(value, TEMPLATE_EXPRESSION);
+
+ if (!(exp instanceof LiteralExpression))
+ throw new IgniteException("Spring expressions are
prohibited.");
+
+ return value;
+ }));
+ }
+
if (excludedProps.length > 0) {
final List<String> excludedPropsList =
Arrays.asList(excludedProps);
