This is an automated email from the ASF dual-hosted git repository.
kusal pushed a commit to branch WW-5341-classloaders
in repository https://gitbox.apache.org/repos/asf/struts.git
commit 71fa91d8246d87c730b08bf4cba0967c3016b4f7
Author: Kusal Kithul-Godage <g...@kusal.io>
AuthorDate: Tue Aug 29 09:21:30 2023 +1000
WW-5341 Split package exclusion check
---
.../xwork2/ognl/SecurityMemberAccess.java | 28 ++++++----------------
.../xwork2/ognl/SecurityMemberAccessTest.java | 6 ++---
.../com/test/ExternalSecurityMemberAccess.java | 4 ++--
3 files changed, 12 insertions(+), 26 deletions(-)
diff --git
a/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
b/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
index e75805d71..3e1c69d5d 100644
--- a/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
+++ b/core/src/main/java/com/opensymphony/xwork2/ognl/SecurityMemberAccess.java
@@ -152,19 +152,16 @@ public class SecurityMemberAccess implements MemberAccess
{
LOG.warn("The use of the default (unnamed) package is
discouraged!");
}
- if (isPackageExcluded(targetClass, memberClass)) {
- LOG.warn(
- "Package [{}] of target class [{}] of target [{}] or
package [{}] of member [{}] are excluded!",
+ if (isPackageExcluded(targetClass)) {
+ LOG.warn("Package [{}] of target class [{}] of target [{}] is
excluded!",
targetClass.getPackage(),
targetClass,
- target,
- memberClass.getPackage(),
- member);
+ target);
return false;
}
- if (disallowProxyMemberAccess && ProxyUtil.isProxyMember(member,
target)) {
- LOG.warn("Access to proxy is blocked! Target class [{}] of target
[{}], member [{}]", targetClass, target, member);
+ if (isPackageExcluded(memberClass)) {
+ LOG.warn("Package [{}] of member [{}] are excluded!",
memberClass.getPackage(), member);
return false;
}
@@ -222,19 +219,8 @@ public class SecurityMemberAccess implements MemberAccess {
return false;
}
- protected boolean isPackageExcluded(Class<?> targetClass, Class<?>
memberClass) {
- if (targetClass == null || memberClass == null) {
- throw new IllegalArgumentException(
- "Parameters should never be null - if member is static,
targetClass should be the same as memberClass.");
- }
-
- List<Class<?>> classesToCheck = Arrays.asList(targetClass,
memberClass);
- for (Class<?> clazz : classesToCheck) {
- if (!excludedPackageExemptClasses.contains(clazz.getName()) &&
(isExcludedPackageNames(clazz) || isExcludedPackageNamePatterns(clazz))) {
- return true;
- }
- }
- return false;
+ protected boolean isPackageExcluded(Class<?> clazz) {
+ return !excludedPackageExemptClasses.contains(clazz.getName()) &&
(isExcludedPackageNames(clazz) || isExcludedPackageNamePatterns(clazz));
}
public static String toPackageName(Class<?> clazz) {
diff --git
a/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
b/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
index b7b1bce09..15a9885c9 100644
---
a/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
+++
b/core/src/test/java/com/opensymphony/xwork2/ognl/SecurityMemberAccessTest.java
@@ -309,7 +309,7 @@ public class SecurityMemberAccessTest {
Class<?> clazz = Class.forName("PackagelessAction");
// when
- boolean actual = sma.isPackageExcluded(clazz, clazz);
+ boolean actual = sma.isPackageExcluded(clazz);
// then
assertFalse("default package is excluded!", actual);
@@ -325,7 +325,7 @@ public class SecurityMemberAccessTest {
Class<?> clazz = Class.forName("PackagelessAction");
// when
- boolean actual = sma.isPackageExcluded(clazz, clazz);
+ boolean actual = sma.isPackageExcluded(clazz);
// then
assertTrue("default package isn't excluded!", actual);
@@ -768,7 +768,7 @@ public class SecurityMemberAccessTest {
sma.useExcludedPackageNames(TextParseUtil.commaDelimitedStringToSet("java.lang"));
// when
- boolean actual = sma.isPackageExcluded(String.class, String.class);
+ boolean actual = sma.isPackageExcluded(String.class);
// then
assertTrue("package java.lang. is accessible!", actual);
diff --git a/core/src/test/java/com/test/ExternalSecurityMemberAccess.java
b/core/src/test/java/com/test/ExternalSecurityMemberAccess.java
index 41183fa39..a53f1736b 100644
--- a/core/src/test/java/com/test/ExternalSecurityMemberAccess.java
+++ b/core/src/test/java/com/test/ExternalSecurityMemberAccess.java
@@ -27,7 +27,7 @@ class ExternalSecurityMemberAccess extends
SecurityMemberAccess {
}
@Override
- public boolean isPackageExcluded(Class<?> targetClass, Class<?>
memberClass) {
- return super.isPackageExcluded(targetClass, memberClass);
+ public boolean isPackageExcluded(Class<?> clazz) {
+ return super.isPackageExcluded(clazz);
}
}
