protected Map createDefaultContext(Object root, ClassResolver classResolver) { ClassResolver resolver = classResolver; if (resolver == null) { resolver = container.getInstance(CompoundRootAccessor.class); } SecurityMemberAccess memberAccess = new SecurityMemberAccess(allowStaticMethodAccess); memberAccess.setExcludedClasses(excludedClasses); memberAccess.setExcludedPackageNamePatterns(excludedPackageNamePatterns); memberAccess.setExcludedPackageNames(excludedPackageNames); memberAccess.setDisallowProxyMemberAccess(disallowProxyMemberAccess); return Ognl.createDefaultContext(root, resolver, defaultConverter, memberAccess); }
protected boolean isAcceptableProperty(String name) { return name == null || ((!isExcluded(name)) && isAccepted(name)); }
public void setAcceptProperties(Set<Pattern> acceptedProperties) { securityMemberAccess.setAcceptProperties(acceptedProperties); }
Class memberClass = member.getDeclaringClass(); if (checkEnumAccess(target, member)) { if (LOG.isTraceEnabled()) { LOG.trace("Allowing access to enum: target class [#0] of target [#1], member [#2]", targetClass, target, member); target, targetClass, member, propertyName); if (!isClassExcluded(member.getDeclaringClass())) { targetClass = member.getDeclaringClass(); if (isPackageExcluded(targetClass.getPackage(), memberClass.getPackage())) { if (LOG.isWarnEnabled()) { LOG.warn("Package [#0] of target class [#1] of target [#2] or package [#3] of member [#4] are excluded!", targetClass.getPackage(), if (isClassExcluded(targetClass)) { if (LOG.isWarnEnabled()) { LOG.warn("Target class [#0] of target [#1] is excluded!", targetClass, target); if (isClassExcluded(memberClass)) { if (LOG.isWarnEnabled()) { LOG.warn("Declaring class of member type [#0] is excluded!", member); if (!checkStaticMethodAccess(member)) { if (LOG.isTraceEnabled()) { LOG.warn("Access to static [#0] is blocked!", member); && isAcceptableProperty(propertyName);
protected void setRoot(XWorkConverter xworkConverter, CompoundRootAccessor accessor, CompoundRoot compoundRoot, boolean allowStaticMethodAccess) { this.root = compoundRoot; this.securityMemberAccess = new SecurityMemberAccess(allowStaticMethodAccess); this.context = Ognl.createDefaultContext(this.root, accessor, new OgnlTypeConverterWrapper(xworkConverter), securityMemberAccess); context.put(VALUE_STACK, this); Ognl.setClassResolver(context, accessor); ((OgnlContext) context).setTraceEvaluations(false); ((OgnlContext) context).setKeepLastEvaluation(false); }
@Inject public void setOgnlUtil(OgnlUtil ognlUtil) { this.ognlUtil = ognlUtil; securityMemberAccess.setExcludedClasses(ognlUtil.getExcludedClasses()); securityMemberAccess.setExcludedPackageNamePatterns(ognlUtil.getExcludedPackageNamePatterns()); securityMemberAccess.setExcludedPackageNames(ognlUtil.getExcludedPackageNames()); securityMemberAccess.setDisallowProxyMemberAccess(ognlUtil.isDisallowProxyMemberAccess()); }