Looking more into it, the DMI stuff with respect to the
ParametersInterceptor is work in progress, I tried various ways to
suppress the warnings, but something extra needs to be done, ie the
parameter 'action:myAction!save' should not really be considered a
bean/ognl parameter, more system level as its associated with the page
submission mechanism.
Will look further at a possible solution.
Cheers Gerg
On 20/01/2021 17:34, Yasser Zamani wrote:
Hi Greg,
To me it looks like an app config problem because I'm wondering why it
tries to set a value to action name?! i.e. considers the action name an
an http parameter?!
Regards.
On 1/20/2021 12:22 PM, Greg Huber wrote:
Seems the regex is passing, but fails on :
Error setting expression 'action:myAction!save' with value ['Create', ]
- Class: ognl.Ognl
File: Ognl.java
Method: parseExpression
Line: 179 - ognl/Ognl.java:179:-1
##
ognl.ExpressionSyntaxException: Malformed OGNL expression:
action:myAction!save [ognl.ParseException: Encountered " ":" ": "" at
line 1, column 7.
Was expecting one of:
<EOF>
"," ...
"=" ...
"?" ...
"||" ...
"or" ...
"&&" ...
"and" ...
"|" ...
"bor" ...
"^" ...
"xor" ...
"&" ...
"band" ...
"==" ...
"eq" ...
"!=" ...
"neq" ...
"<" ...
"lt" ...
">" ...
"gt" ...
"<=" ...
"lte" ...
">=" ...
"gte" ...
"in" ...
"not" ...
"<<" ...
"shl" ...
">>" ...
"shr" ...
">>>" ...
"ushr" ...
"+" ...
"-" ...
"*" ...
"/" ...
"%" ...
"instanceof" ...
"." ...
"(" ...
"[" ...
<DYNAMIC_SUBSCRIPT> ...
"(" ...
]
####
Looking into this again, I am getting loads of these warnings in my logs
WARN com.opensymphony.xwork2.interceptor.ParametersInterceptor
ParametersInterceptor:isAccepted - Parameter [action:myAction!save]
didn't match accepted pattern
[[\w+((\.\w+)|(\[\d+])|(\(\d+\))|(\['(\w|[\u4e00-\u9fa5])+'])|(\('(\w|[\u4e00-\u9fa5])+'\)))*]]!
See Accepted / Excluded patterns at
https://struts.apache.org/security/#accepted--excluded-patterns
If I look at the
com.opensymphony.xwork2.security.DefaultAcceptedPatternsChecker there
are two patterns
ACCEPTED_PATTERNS and
DMI_AWARE_ACCEPTED_PATTERNS
There seems to be a @inject error on the DefaultAcceptedPatternsChecker
method? The @Inject should be above the public?
public DefaultAcceptedPatternsChecker(
@Inject(value =
StrutsConstants.STRUTS_ENABLE_DYNAMIC_METHOD_INVOCATION, required =
false) String dmiValue
) {
if (BooleanUtils.toBoolean(dmiValue)) {
LOG.debug("DMI is enabled, adding DMI related accepted
patterns");
setAcceptedPatterns(DMI_AWARE_ACCEPTED_PATTERNS);
} else {
setAcceptedPatterns(ACCEPTED_PATTERNS);
}
}
If I fix this locally, setting the DMI_AWARE_ACCEPTED_PATTERNS now
works, but there now seems something wrong with the regex as I now get a
warning
Error setting expression 'action:myAction!cancel' with value ['Cancel', ]
ERROR com.opensymphony.xwork2.interceptor.ParametersInterceptor
ParametersInterceptor:notifyDeveloperParameterException - Developer
Notification (set struts.devMode to false to disable this message):
Unexpected Exception caught setting 'action:myAction!cancel' on 'class
my.com.MyAction: Error setting expression 'action:myAction!cancel' with
value ['Cancel', ]
How does one check the regex on DMI_AWARE_ACCEPTED_PATTERNS ?
Cheers Greg
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org
For additional commands, e-mail: dev-h...@struts.apache.org