This is an automated email from the ASF dual-hosted git repository.
yasserzamani pushed a commit to branch support-2-3
in repository https://gitbox.apache.org/repos/asf/struts.git
The following commit(s) were added to refs/heads/support-2-3 by this push:
new 9181823 fix some sonar issue
9181823 is described below
commit 918182344cc97515353cc3dcb09b9fce19c739c0
Author: Yasser Zamani <yasserzam...@apache.org>
AuthorDate: Fri Jun 29 23:25:59 2018 +0430
fix some sonar issue
---
.../java/org/apache/struts2/StrutsConstants.java | 5 +
.../dispatcher/mapper/DefaultActionMapper.java | 44 +++++-
.../dispatcher/mapper/DefaultActionMapperTest.java | 147 ++++++++++++---------
.../apache/struts2/util/OgnlUtilStrutsTest.java | 57 ++++++++
.../org/apache/struts2/rest/RestActionMapper.java | 2 +-
.../com/opensymphony/xwork2/ognl/OgnlUtil.java | 52 ++++++--
.../com/opensymphony/xwork2/ognl/OgnlUtilTest.java | 2 +-
7 files changed, 232 insertions(+), 77 deletions(-)
diff --git a/core/src/main/java/org/apache/struts2/StrutsConstants.java
b/core/src/main/java/org/apache/struts2/StrutsConstants.java
index 09c7e05..d0d466d 100644
--- a/core/src/main/java/org/apache/struts2/StrutsConstants.java
+++ b/core/src/main/java/org/apache/struts2/StrutsConstants.java
@@ -270,6 +270,11 @@ public final class StrutsConstants {
public static final String STRUTS_EXPRESSION_PARSER =
"struts.expression.parser";
+ /** namespaces names' whitelist **/
+ public static final String STRUTS_ALLOWED_NAMESPACE_NAMES =
"struts.allowed.namespace.names";
+ /** default namespace name to use when namespace didn't match the
whitelist **/
+ public static final String STRUTS_DEFAULT_NAMESPACE_NAME =
"struts.default.namespace.name";
+
/** actions names' whitelist **/
public static final String STRUTS_ALLOWED_ACTION_NAMES =
"struts.allowed.action.names";
/** default action name to use when action didn't match the whitelist **/
diff --git
a/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
b/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
index 8850311..09de607 100644
---
a/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
+++
b/core/src/main/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapper.java
@@ -120,6 +120,10 @@ public class DefaultActionMapper implements ActionMapper {
protected boolean allowSlashesInActionNames = false;
protected boolean alwaysSelectFullNamespace = false;
protected PrefixTrie prefixTrie = null;
+
+ protected Pattern allowedNamespaceNames =
Pattern.compile("[a-zA-Z0-9._/\\-]*");
+ protected String defaultNamespaceName = "/";
+
protected Pattern allowedActionNames =
Pattern.compile("[a-zA-Z0-9._!/\\-]*");
protected String defaultActionName = "index";
@@ -166,8 +170,8 @@ public class DefaultActionMapper implements ActionMapper {
}
}
if (!allowSlashesInActionNames &&
!allowActionCrossNamespaceAccess) {
- if (actionName.lastIndexOf("/") != -1) {
- actionName =
actionName.substring(actionName.lastIndexOf("/") + 1);
+ if (actionName.lastIndexOf('/') != -1) {
+ actionName =
actionName.substring(actionName.lastIndexOf('/') + 1);
}
}
mapping.setName(actionName);
@@ -205,6 +209,16 @@ public class DefaultActionMapper implements ActionMapper {
this.alwaysSelectFullNamespace = "true".equals(val);
}
+ @Inject(value = StrutsConstants.STRUTS_ALLOWED_NAMESPACE_NAMES, required =
false)
+ public void setAllowedNamespaceNames(String allowedNamespaceNames) {
+ this.allowedNamespaceNames = Pattern.compile(allowedNamespaceNames);
+ }
+
+ @Inject(value = StrutsConstants.STRUTS_DEFAULT_NAMESPACE_NAME, required =
false)
+ public void setDefaultNamespaceName(String defaultNamespaceName) {
+ this.defaultNamespaceName = defaultNamespaceName;
+ }
+
@Inject(value = StrutsConstants.STRUTS_ALLOWED_ACTION_NAMES, required =
false)
public void setAllowedActionNames(String allowedActionNames) {
this.allowedActionNames = Pattern.compile(allowedActionNames);
@@ -274,7 +288,7 @@ public class DefaultActionMapper implements ActionMapper {
ActionMapping mapping = new ActionMapping();
String uri = RequestUtils.getUri(request);
- int indexOfSemicolon = uri.indexOf(";");
+ int indexOfSemicolon = uri.indexOf(';');
uri = (indexOfSemicolon > -1) ? uri.substring(0, indexOfSemicolon) :
uri;
uri = dropExtension(uri, mapping);
@@ -294,7 +308,7 @@ public class DefaultActionMapper implements ActionMapper {
if (allowDynamicMethodCalls) {
// handle "name!method" convention.
String name = mapping.getName();
- int exclamation = name.lastIndexOf("!");
+ int exclamation = name.lastIndexOf('!');
if (exclamation != -1) {
mapping.setName(name.substring(0, exclamation));
@@ -343,7 +357,7 @@ public class DefaultActionMapper implements ActionMapper {
*/
protected void parseNameAndNamespace(String uri, ActionMapping mapping,
ConfigurationManager configManager) {
String namespace, name;
- int lastSlash = uri.lastIndexOf("/");
+ int lastSlash = uri.lastIndexOf('/');
if (lastSlash == -1) {
namespace = "";
name = uri;
@@ -391,11 +405,29 @@ public class DefaultActionMapper implements ActionMapper {
}
}
- mapping.setNamespace(namespace);
+ mapping.setNamespace(cleanupNamespaceName(namespace));
mapping.setName(cleanupActionName(name));
}
/**
+ * Checks namespace name against allowed pattern if not matched returns
default namespace
+ *
+ * @param rawNamespace name extracted from URI
+ * @return safe namespace name
+ */
+ protected String cleanupNamespaceName(final String rawNamespace) {
+ if (allowedNamespaceNames.matcher(rawNamespace).matches()) {
+ return rawNamespace;
+ } else {
+ LOG.warn(
+ "{} did not match allowed namespace names {} - default
namespace {} will be used!",
+ rawNamespace, allowedActionNames, defaultActionName
+ );
+ return defaultNamespaceName;
+ }
+ }
+
+ /**
* Checks action name against allowed pattern if not matched returns
default action name
*
* @param rawActionName action name extracted from URI
diff --git
a/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
b/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
index 729e63e..65b7d53 100644
---
a/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
+++
b/core/src/test/java/org/apache/struts2/dispatcher/mapper/DefaultActionMapperTest.java
@@ -68,7 +68,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
};
}
- public void testGetMapping() throws Exception {
+ public void testGetMapping() {
req.setupGetRequestURI("/my/namespace/actionName.action");
req.setupGetServletPath("/my/namespace/actionName.action");
req.setupGetAttribute(null);
@@ -82,7 +82,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertNull(mapping.getMethod());
}
- public void testGetMappingWithMethod() throws Exception {
+ public void testGetMappingWithMethod() {
req.setupGetParameterMap(new HashMap());
req.setupGetRequestURI("/my/namespace/actionName!add.action");
req.setupGetServletPath("/my/namespace/actionName!add.action");
@@ -98,7 +98,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("add", mapping.getMethod());
}
- public void testGetMappingWithSlashedName() throws Exception {
+ public void testGetMappingWithSlashedName() {
req.setupGetRequestURI("/my/foo/actionName.action");
req.setupGetServletPath("/my/foo/actionName.action");
@@ -114,7 +114,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertNull(mapping.getMethod());
}
- public void testGetMappingWithSlashedNameAtRootButNoSlashPackage() throws
Exception {
+ public void testGetMappingWithSlashedNameAtRootButNoSlashPackage() {
req.setupGetRequestURI("/foo/actionName.action");
req.setupGetServletPath("/foo/actionName.action");
@@ -130,7 +130,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertNull(mapping.getMethod());
}
- public void testGetMappingWithSlashedNameAtRoot() throws Exception {
+ public void testGetMappingWithSlashedNameAtRoot() {
config = new DefaultConfiguration();
PackageConfig pkg = new PackageConfig.Builder("myns")
.namespace("/my/namespace").build();
@@ -161,7 +161,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
- public void testGetMappingWithNamespaceSlash() throws Exception {
+ public void testGetMappingWithNamespaceSlash() {
req.setupGetRequestURI("/my-hh/abc.action");
req.setupGetServletPath("/my-hh/abc.action");
@@ -184,7 +184,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("my-hh/abc", mapping.getName());
}
- public void testGetMappingWithUnknownNamespace() throws Exception {
+ public void testGetMappingWithUnknownNamespace() {
req.setupGetRequestURI("/bo/foo/actionName.action");
req.setupGetServletPath("/bo/foo/actionName.action");
req.setupGetAttribute(null);
@@ -198,7 +198,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertNull(mapping.getMethod());
}
- public void testGetMappingWithUnknownNamespaceButFullNamespaceSelect()
throws Exception {
+ public void testGetMappingWithUnknownNamespaceButFullNamespaceSelect() {
req.setupGetRequestURI("/bo/foo/actionName.action");
req.setupGetServletPath("/bo/foo/actionName.action");
req.setupGetAttribute(null);
@@ -213,7 +213,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertNull(mapping.getMethod());
}
- public void testGetMappingWithActionName_methodAndName() throws Exception {
+ public void testGetMappingWithActionName_methodAndName() {
DefaultActionMapper mapper = new DefaultActionMapper();
mapper.setAllowDynamicMethodCalls("true");
ActionMapping mapping =
mapper.getMappingFromActionName("actionName!add");
@@ -221,22 +221,22 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("add", mapping.getMethod());
}
- public void testGetMappingWithActionName_name() throws Exception {
+ public void testGetMappingWithActionName_name() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping mapping = mapper.getMappingFromActionName("actionName");
assertEquals("actionName", mapping.getName());
- assertEquals(null, mapping.getMethod());
+ assertNull(mapping.getMethod());
}
- public void testGetMappingWithActionName_noDynamicMethod() throws
Exception {
+ public void testGetMappingWithActionName_noDynamicMethod() {
DefaultActionMapper mapper = new DefaultActionMapper();
mapper.setAllowDynamicMethodCalls("false");
ActionMapping mapping =
mapper.getMappingFromActionName("actionName!add");
assertEquals("actionName!add", mapping.getName());
- assertEquals(null, mapping.getMethod());
+ assertNull(mapping.getMethod());
}
- public void testGetMappingWithActionName_noDynamicMethodColonPrefix()
throws Exception {
+ public void testGetMappingWithActionName_noDynamicMethodColonPrefix() {
Map parameterMap = new HashMap();
parameterMap.put(DefaultActionMapper.METHOD_PREFIX + "someMethod", "");
@@ -250,16 +250,16 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
ActionMapping actionMapping = defaultActionMapper.getMapping(request,
configManager);
assertEquals("someServletPath", actionMapping.getName());
- assertEquals(null, actionMapping.getMethod());
+ assertNull(actionMapping.getMethod());
}
- public void testGetMappingWithActionName_null() throws Exception {
+ public void testGetMappingWithActionName_null() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping mapping = mapper.getMappingFromActionName(null);
assertNull(mapping);
}
- public void testGetUri() throws Exception {
+ public void testGetUri() {
req.setupGetParameterMap(new HashMap());
req.setupGetRequestURI("/my/namespace/actionName.action");
req.setupGetServletPath("/my/namespace/actionName.action");
@@ -271,7 +271,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/my/namespace/actionName.action",
mapper.getUriFromActionMapping(mapping));
}
- public void testGetUriWithSemicolonPresent() throws Exception {
+ public void testGetUriWithSemicolonPresent() {
req.setupGetParameterMap(new HashMap());
req.setupGetRequestURI("/my/namespace/actionName.action;abc=123rty56");
req.setupGetServletPath("/my/namespace/actionName.action;abc=123rty56");
@@ -283,7 +283,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/my/namespace/actionName.action",
mapper.getUriFromActionMapping(mapping));
}
- public void testGetUriWithMethod() throws Exception {
+ public void testGetUriWithMethod() {
req.setupGetParameterMap(new HashMap());
req.setupGetRequestURI("/my/namespace/actionName!add.action");
req.setupGetServletPath("/my/namespace/actionName!add.action");
@@ -296,7 +296,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/my/namespace/actionName!add.action",
mapper.getUriFromActionMapping(mapping));
}
- public void testGetUriWithOriginalExtension() throws Exception {
+ public void testGetUriWithOriginalExtension() {
ActionMapping mapping = new ActionMapping("actionName", "/ns", null,
new HashMap());
ActionMapping orig = new ActionMapping();
@@ -307,7 +307,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/ns/actionName.foo",
mapper.getUriFromActionMapping(mapping));
}
- public void testGetMappingWithNoExtension() throws Exception {
+ public void testGetMappingWithNoExtension() {
req.setupGetParameterMap(new HashMap());
req.setupGetRequestURI("/my/namespace/actionName");
req.setupGetServletPath("/my/namespace/actionName");
@@ -323,7 +323,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertNull(mapping.getMethod());
}
- public void testGetMappingWithNoExtensionButUriHasExtension() throws
Exception {
+ public void testGetMappingWithNoExtensionButUriHasExtension() {
req.setupGetParameterMap(new HashMap());
req.setupGetRequestURI("/my/namespace/actionName.html");
req.setupGetServletPath("/my/namespace/actionName.html");
@@ -343,7 +343,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
// === test name & namespace ===
// =============================
- public void testParseNameAndNamespace1() throws Exception {
+ public void testParseNameAndNamespace1() {
ActionMapping actionMapping = new ActionMapping();
DefaultActionMapper defaultActionMapper = new DefaultActionMapper();
@@ -353,7 +353,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals(actionMapping.getNamespace(), "");
}
- public void testParseNameAndNamespace2() throws Exception {
+ public void testParseNameAndNamespace2() {
ActionMapping actionMapping = new ActionMapping();
DefaultActionMapper defaultActionMapper = new DefaultActionMapper();
@@ -363,7 +363,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals(actionMapping.getNamespace(), "/");
}
- public void testParseNameAndNamespace3() throws Exception {
+ public void testParseNameAndNamespace3() {
ActionMapping actionMapping = new ActionMapping();
DefaultActionMapper defaultActionMapper = new DefaultActionMapper();
@@ -373,7 +373,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals(actionMapping.getNamespace(), "/my");
}
- public void testParseNameAndNamespace_NoSlashes() throws Exception {
+ public void testParseNameAndNamespace_NoSlashes() {
ActionMapping actionMapping = new ActionMapping();
DefaultActionMapper defaultActionMapper = new DefaultActionMapper();
@@ -384,7 +384,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals(actionMapping.getNamespace(), "");
}
- public void testParseNameAndNamespace_AllowSlashes() throws Exception {
+ public void testParseNameAndNamespace_AllowSlashes() {
ActionMapping actionMapping = new ActionMapping();
DefaultActionMapper defaultActionMapper = new DefaultActionMapper();
@@ -400,7 +400,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
// === test special prefix ===
// ===========================
- public void testActionPrefixWhenDisabled() throws Exception {
+ public void testActionPrefixWhenDisabled() {
Map parameterMap = new HashMap();
parameterMap.put(DefaultActionMapper.ACTION_PREFIX + "myAction", "");
@@ -414,7 +414,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("someServletPath", actionMapping.getName());
}
- public void testActionPrefixWhenEnabled() throws Exception {
+ public void testActionPrefixWhenEnabled() {
Map parameterMap = new HashMap();
parameterMap.put(DefaultActionMapper.ACTION_PREFIX + "myAction", "");
@@ -429,7 +429,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("myAction", actionMapping.getName());
}
- public void testActionPrefixWhenSlashesAndCrossNamespaceDisabled() throws
Exception {
+ public void testActionPrefixWhenSlashesAndCrossNamespaceDisabled() {
Map parameterMap = new HashMap();
parameterMap.put(DefaultActionMapper.ACTION_PREFIX + "my/Action", "");
@@ -445,7 +445,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("my/Action", actionMapping.getName());
}
- public void
testActionPrefixWhenSlashesButSlashesDisabledAndCrossNamespaceDisabled() throws
Exception {
+ public void
testActionPrefixWhenSlashesButSlashesDisabledAndCrossNamespaceDisabled() {
Map parameterMap = new HashMap();
parameterMap.put(DefaultActionMapper.ACTION_PREFIX + "my/Action", "");
@@ -461,7 +461,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("Action", actionMapping.getName());
}
- public void
testActionPrefixWhenSlashesButSlashesDisabledAndCrossNamespace() throws
Exception {
+ public void
testActionPrefixWhenSlashesButSlashesDisabledAndCrossNamespace() {
Map parameterMap = new HashMap();
parameterMap.put(DefaultActionMapper.ACTION_PREFIX + "my/Action", "");
@@ -478,7 +478,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("my/Action", actionMapping.getName());
}
- public void testActionPrefixWhenCrossNamespace() throws Exception {
+ public void testActionPrefixWhenCrossNamespace() {
Map parameterMap = new HashMap();
parameterMap.put(DefaultActionMapper.ACTION_PREFIX + "/my/Action", "");
@@ -494,7 +494,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/my/Action", actionMapping.getName());
}
- public void testActionPrefix_fromImageButton() throws Exception {
+ public void testActionPrefix_fromImageButton() {
Map parameterMap = new HashMap();
parameterMap.put(DefaultActionMapper.ACTION_PREFIX + "myAction", "");
parameterMap.put(DefaultActionMapper.ACTION_PREFIX + "myAction.x", "");
@@ -511,7 +511,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("myAction", actionMapping.getName());
}
- public void testActionPrefix_fromIEImageButton() throws Exception {
+ public void testActionPrefix_fromIEImageButton() {
Map parameterMap = new HashMap();
parameterMap.put(DefaultActionMapper.ACTION_PREFIX + "myAction.x", "");
parameterMap.put(DefaultActionMapper.ACTION_PREFIX + "myAction.y", "");
@@ -527,7 +527,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("myAction", actionMapping.getName());
}
- public void testRedirectPrefix() throws Exception {
+ public void testRedirectPrefix() {
Map parameterMap = new HashMap();
parameterMap.put("redirect:" + "http://www.google.com";, "");
@@ -543,7 +543,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertNull(result);
}
- public void testUnsafeRedirectPrefix() throws Exception {
+ public void testUnsafeRedirectPrefix() {
Map parameterMap = new HashMap();
parameterMap.put("redirect:" + "http://%{3*4}";, "");
@@ -559,7 +559,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertNull(result);
}
- public void testRedirectActionPrefix() throws Exception {
+ public void testRedirectActionPrefix() {
Map parameterMap = new HashMap();
parameterMap.put("redirectAction:" + "myAction", "");
@@ -576,7 +576,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertNull(result);
}
- public void testUnsafeRedirectActionPrefix() throws Exception {
+ public void testUnsafeRedirectActionPrefix() {
Map parameterMap = new HashMap();
parameterMap.put("redirectAction:" + "%{3*4}", "");
@@ -593,7 +593,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertNull(result);
}
- public void testRedirectActionPrefixWithEmptyExtension() throws Exception {
+ public void testRedirectActionPrefixWithEmptyExtension() {
Map parameterMap = new HashMap();
parameterMap.put("redirectAction:" + "myAction", "");
@@ -611,7 +611,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertNull(result);
}
- public void testCustomActionPrefix() throws Exception {
+ public void testCustomActionPrefix() {
Map parameterMap = new HashMap();
parameterMap.put("foo:myAction", "");
@@ -630,7 +630,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals(actionMapping.getName(), "myAction");
}
- public void testDropExtension() throws Exception {
+ public void testDropExtension() {
DefaultActionMapper mapper = new DefaultActionMapper();
String name = mapper.dropExtension("foo.action");
assertTrue("Name not right: "+name, "foo".equals(name));
@@ -640,7 +640,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
}
- public void testDropExtensionWhenBlank() throws Exception {
+ public void testDropExtensionWhenBlank() {
DefaultActionMapper mapper = new DefaultActionMapper();
mapper.setExtensions("action,,");
String name = mapper.dropExtension("foo.action");
@@ -651,7 +651,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertNull(mapper.dropExtension("foo."));
}
- public void testDropExtensionEmbeddedDot() throws Exception {
+ public void testDropExtensionEmbeddedDot() {
DefaultActionMapper mapper = new DefaultActionMapper();
mapper.setExtensions("action,,");
@@ -662,7 +662,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertTrue("Name not right: "+name, "/foo/bar-1.0/baz".equals(name));
}
- public void testGetUriFromActionMapper1() throws Exception {
+ public void testGetUriFromActionMapper1() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setMethod("myMethod");
@@ -673,7 +673,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/myNamespace/myActionName!myMethod.action", uri);
}
- public void testGetUriFromActionMapper2() throws Exception {
+ public void testGetUriFromActionMapper2() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setMethod("myMethod");
@@ -684,7 +684,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/myActionName!myMethod.action", uri);
}
- public void testGetUriFromActionMapper3() throws Exception {
+ public void testGetUriFromActionMapper3() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setMethod("myMethod");
@@ -696,7 +696,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
}
- public void testGetUriFromActionMapper4() throws Exception {
+ public void testGetUriFromActionMapper4() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setName("myActionName");
@@ -706,7 +706,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/myActionName.action", uri);
}
- public void testGetUriFromActionMapper5() throws Exception {
+ public void testGetUriFromActionMapper5() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setName("myActionName");
@@ -717,7 +717,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
}
//
- public void testGetUriFromActionMapper6() throws Exception {
+ public void testGetUriFromActionMapper6() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setMethod("myMethod");
@@ -728,7 +728,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/myNamespace/myActionName!myMethod.action?test=bla",
uri);
}
- public void testGetUriFromActionMapper7() throws Exception {
+ public void testGetUriFromActionMapper7() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setMethod("myMethod");
@@ -739,7 +739,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/myActionName!myMethod.action?test=bla", uri);
}
- public void testGetUriFromActionMapper8() throws Exception {
+ public void testGetUriFromActionMapper8() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setMethod("myMethod");
@@ -751,7 +751,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
}
- public void testGetUriFromActionMapper9() throws Exception {
+ public void testGetUriFromActionMapper9() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setName("myActionName?test=bla");
@@ -761,7 +761,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/myActionName.action?test=bla", uri);
}
- public void testGetUriFromActionMapper10() throws Exception {
+ public void testGetUriFromActionMapper10() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setName("myActionName?test=bla");
@@ -771,7 +771,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/myActionName.action?test=bla", uri);
}
- public void testGetUriFromActionMapper11() throws Exception {
+ public void testGetUriFromActionMapper11() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setName("myActionName.action");
@@ -781,7 +781,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/myActionName.action", uri);
}
- public void testGetUriFromActionMapper12() throws Exception {
+ public void testGetUriFromActionMapper12() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setName("myActionName.action");
@@ -791,7 +791,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/myActionName.action", uri);
}
- public void testGetUriFromActionMapper_justActionAndMethod() throws
Exception {
+ public void testGetUriFromActionMapper_justActionAndMethod() {
DefaultActionMapper mapper = new DefaultActionMapper();
ActionMapping actionMapping = new ActionMapping();
actionMapping.setMethod("myMethod");
@@ -802,7 +802,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("myActionName!myMethod", uri);
}
- public void testGetUriFromActionMapperWhenBlankExtension() throws
Exception {
+ public void testGetUriFromActionMapperWhenBlankExtension() {
DefaultActionMapper mapper = new DefaultActionMapper();
mapper.setExtensions(",,");
ActionMapping actionMapping = new ActionMapping();
@@ -814,7 +814,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("/myNamespace/myActionName!myMethod", uri);
}
- public void testSetExtension() throws Exception {
+ public void testSetExtension() {
DefaultActionMapper mapper = new DefaultActionMapper();
mapper.setExtensions("");
assertNull(mapper.extensions);
@@ -839,7 +839,32 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
}
- public void testAllowedActionNames() throws Exception {
+ public void testAllowedNamespaceNames() {
+ DefaultActionMapper mapper = new DefaultActionMapper();
+
+ String namespace = "/";
+ assertEquals(namespace, mapper.cleanupNamespaceName(namespace));
+
+ namespace = "${namespace}";
+ assertEquals(mapper.defaultNamespaceName,
mapper.cleanupNamespaceName(namespace));
+
+ namespace = "${${%{namespace}}}";
+ assertEquals(mapper.defaultNamespaceName,
mapper.cleanupNamespaceName(namespace));
+
+ namespace = "${#foo='namespace',#foo}";
+ assertEquals(mapper.defaultNamespaceName,
mapper.cleanupNamespaceName(namespace));
+
+ namespace = "/test-namespace/namespace/";
+ assertEquals("/test-namespace/namespace/",
mapper.cleanupNamespaceName(namespace));
+
+ namespace = "/test_namespace/namespace-test/";
+ assertEquals("/test_namespace/namespace-test/",
mapper.cleanupNamespaceName(namespace));
+
+ namespace = "/test_namespace/namespace.test/";
+ assertEquals("/test_namespace/namespace.test/",
mapper.cleanupActionName(namespace));
+ }
+
+ public void testAllowedActionNames() {
DefaultActionMapper mapper = new DefaultActionMapper();
String actionName = "action";
@@ -864,7 +889,7 @@ public class DefaultActionMapperTest extends
StrutsInternalTestCase {
assertEquals("test!bar.action", mapper.cleanupActionName(actionName));
}
- public void testAllowedMethodNames() throws Exception {
+ public void testAllowedMethodNames() {
DefaultActionMapper mapper = new DefaultActionMapper();
assertEquals("", mapper.cleanupMethodName(""));
diff --git a/core/src/test/java/org/apache/struts2/util/OgnlUtilStrutsTest.java
b/core/src/test/java/org/apache/struts2/util/OgnlUtilStrutsTest.java
new file mode 100644
index 0000000..06d44cc
--- /dev/null
+++ b/core/src/test/java/org/apache/struts2/util/OgnlUtilStrutsTest.java
@@ -0,0 +1,57 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.struts2.util;
+
+import com.opensymphony.xwork2.ognl.OgnlUtil;
+import org.apache.struts2.StrutsInternalTestCase;
+
+public class OgnlUtilStrutsTest extends StrutsInternalTestCase {
+
+ private OgnlUtil ognlUtil;
+
+ @Override
+ public void setUp() throws Exception {
+ super.setUp();
+ ognlUtil = container.getInstance(OgnlUtil.class);
+ }
+
+ public void testDefaultExcludes() {
+ ognlUtil.setExcludedClasses("");
+ ognlUtil.setExcludedPackageNames("");
+ ognlUtil.setExcludedPackageNamePatterns("");
+ assertTrue(ognlUtil.getExcludedClasses().size() > 0);
+ assertTrue(ognlUtil.getExcludedPackageNames().size() > 0);
+
+ try {
+ ognlUtil.getExcludedClasses().clear();
+ } catch (Exception ex){
+ assertTrue(ex instanceof UnsupportedOperationException);
+ }
+ try {
+ ognlUtil.getExcludedPackageNames().clear();
+ } catch (Exception ex){
+ assertTrue(ex instanceof UnsupportedOperationException);
+ }
+ try {
+ ognlUtil.getExcludedPackageNamePatterns().clear();
+ } catch (Exception ex){
+ assertTrue(ex instanceof UnsupportedOperationException);
+ }
+ }
+}
\ No newline at end of file
diff --git
a/plugins/rest/src/main/java/org/apache/struts2/rest/RestActionMapper.java
b/plugins/rest/src/main/java/org/apache/struts2/rest/RestActionMapper.java
index e861344..16adf64 100644
--- a/plugins/rest/src/main/java/org/apache/struts2/rest/RestActionMapper.java
+++ b/plugins/rest/src/main/java/org/apache/struts2/rest/RestActionMapper.java
@@ -359,7 +359,7 @@ public class RestActionMapper extends DefaultActionMapper {
name = uri.substring(namespace.length() + 1);
}
- mapping.setNamespace(namespace);
+ mapping.setNamespace(cleanupNamespaceName(namespace));
mapping.setName(name);
}
diff --git
a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
index e1cc46e..197ac15 100644
--- a/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
+++ b/xwork-core/src/main/java/com/opensymphony/xwork2/ognl/OgnlUtil.java
@@ -40,6 +40,7 @@ import java.beans.Introspector;
import java.beans.PropertyDescriptor;
import java.lang.reflect.Method;
import java.util.Collection;
+import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
@@ -66,14 +67,20 @@ public class OgnlUtil {
private boolean enableExpressionCache = true;
private boolean enableEvalExpression;
- private Set<Class<?>> excludedClasses = new HashSet<Class<?>>();
- private Set<Pattern> excludedPackageNamePatterns = new HashSet<Pattern>();
- private Set<String> excludedPackageNames = new HashSet<String>();
+ private Set<Class<?>> excludedClasses;
+ private Set<Pattern> excludedPackageNamePatterns;
+ private Set<String> excludedPackageNames;
private Container container;
private boolean allowStaticMethodAccess;
private boolean disallowProxyMemberAccess;
+ public OgnlUtil() {
+ excludedClasses = new HashSet<Class<?>>();
+ excludedPackageNamePatterns = new HashSet<Pattern>();
+ excludedPackageNames = new HashSet<String>();
+ }
+
@Inject
public void setXWorkConverter(XWorkConverter conv) {
this.defaultConverter = new OgnlTypeConverterWrapper(conv);
@@ -100,27 +107,56 @@ public class OgnlUtil {
@Inject(value = XWorkConstants.OGNL_EXCLUDED_CLASSES, required = false)
public void setExcludedClasses(String commaDelimitedClasses) {
- Set<String> classes =
TextParseUtil.commaDelimitedStringToSet(commaDelimitedClasses);
- for (String className : classes) {
+ Set<Class<?>> excludedClasses = new HashSet<Class<?>>();
+ excludedClasses.addAll(this.excludedClasses);
+ excludedClasses.addAll(parseExcludedClasses(commaDelimitedClasses));
+ this.excludedClasses = Collections.unmodifiableSet(excludedClasses);
+ }
+
+ private Set<Class<?>> parseExcludedClasses(String commaDelimitedClasses) {
+ Set<String> classNames =
TextParseUtil.commaDelimitedStringToSet(commaDelimitedClasses);
+ Set<Class<?>> classes = new HashSet<Class<?>>();
+
+ for (String className : classNames) {
try {
- excludedClasses.add(Class.forName(className));
+ classes.add(Class.forName(className));
} catch (ClassNotFoundException e) {
throw new ConfigurationException("Cannot load excluded class:
" + className, e);
}
}
+
+ return classes;
}
@Inject(value = XWorkConstants.OGNL_EXCLUDED_PACKAGE_NAME_PATTERNS,
required = false)
public void setExcludedPackageNamePatterns(String
commaDelimitedPackagePatterns) {
+ Set<Pattern> excludedPackageNamePatterns = new HashSet<Pattern>();
+ excludedPackageNamePatterns.addAll(this.excludedPackageNamePatterns);
+
excludedPackageNamePatterns.addAll(parseExcludedPackageNamePatterns(commaDelimitedPackagePatterns));
+ this.excludedPackageNamePatterns =
Collections.unmodifiableSet(excludedPackageNamePatterns);
+ }
+
+ private Set<Pattern> parseExcludedPackageNamePatterns(String
commaDelimitedPackagePatterns) {
Set<String> packagePatterns =
TextParseUtil.commaDelimitedStringToSet(commaDelimitedPackagePatterns);
+ Set<Pattern> packageNamePatterns = new HashSet<Pattern>();
+
for (String pattern : packagePatterns) {
- excludedPackageNamePatterns.add(Pattern.compile(pattern));
+ packageNamePatterns.add(Pattern.compile(pattern));
}
+
+ return packageNamePatterns;
}
@Inject(value = XWorkConstants.OGNL_EXCLUDED_PACKAGE_NAMES, required =
false)
public void setExcludedPackageNames(String commaDelimitedPackageNames) {
- excludedPackageNames =
TextParseUtil.commaDelimitedStringToSet(commaDelimitedPackageNames);
+ Set<String> excludedPackageNames = new HashSet<String>();
+ excludedPackageNames.addAll(this.excludedPackageNames);
+
excludedPackageNames.addAll(parseExcludedPackageNames(commaDelimitedPackageNames));
+ this.excludedPackageNames =
Collections.unmodifiableSet(excludedPackageNames);
+ }
+
+ private Set<String> parseExcludedPackageNames(String
commaDelimitedPackageNames) {
+ return
TextParseUtil.commaDelimitedStringToSet(commaDelimitedPackageNames);
}
public Set<Class<?>> getExcludedClasses() {
diff --git
a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
index f8ca5a6..fec54a7 100644
--- a/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
+++ b/xwork-core/src/test/java/com/opensymphony/xwork2/ognl/OgnlUtilTest.java
@@ -30,7 +30,7 @@ import java.util.*;
/**
- * Unit test of {@link ognlUtil}.
+ * Unit test of {@link OgnlUtil}.
*
* @version $Date$ $Id$
*/
