Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package com.opensymphony.xwork2.ognl;
import com.opensymphony.xwork2.util.ProxyUtil;
import ognl.DefaultMemberAccess;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import java.lang.reflect.*;
import java.util.Collections;
import java.util.Map;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* Allows access decisions to be made on the basis of whether a member is static or not.
* Also blocks or allows access to properties.
*/
public class SecurityMemberAccess extends DefaultMemberAccess {
private static final Logger LOG = LogManager.getLogger(SecurityMemberAccess.class);
private final boolean allowStaticMethodAccess;
private Set excludeProperties = Collections.emptySet();
private Set acceptProperties = Collections.emptySet();
private Set> excludedClasses = Collections.emptySet();
private Set excludedPackageNamePatterns = Collections.emptySet();
private Set excludedPackageNames = Collections.emptySet();
private boolean disallowProxyMemberAccess;
/**
* SecurityMemberAccess
* - access decisions based on whether member is static (or not)
* - block or allow access to properties (configurable-after-construction)
*
* @param allowStaticMethodAccess
*/
public SecurityMemberAccess(boolean allowStaticMethodAccess) {
super(false);
this.allowStaticMethodAccess = allowStaticMethodAccess;
}
public boolean getAllowStaticMethodAccess() {
return allowStaticMethodAccess;
}
@Override
public boolean isAccessible(Map context, Object target, Member member, String propertyName) {
LOG.debug("Checking access for [target: {}, member: {}, property: {}]", target, member, propertyName);
final Class memberClass = member.getDeclaringClass();
Class targetClass = (target != null ? target.getClass() : memberClass); // Note: target,propertyName may be null (static field checks OGNL 3.1.19+)
if (checkEnumAccess(target, member)) {
LOG.trace("Allowing access to enum: target class [{}] of target [{}], member [{}]", targetClass, target, member);
return true;
}
if (Modifier.isStatic(member.getModifiers()) && allowStaticMethodAccess) {
LOG.debug("Support for accessing static methods [target: {}, targetClass: {}, member: {}, property: {}] is deprecated!",
target, targetClass, member, propertyName);
if (!isClassExcluded(memberClass)) {
targetClass = memberClass;
}
}
if (isPackageExcluded(targetClass.getPackage(), memberClass.getPackage())) {
LOG.warn("Package [{}] of target class [{}] of target [{}] or package [{}] of member [{}] are excluded!", targetClass.getPackage(), targetClass,
target, memberClass.getPackage(), member);
return false;
}
if (isClassExcluded(targetClass)) {
LOG.warn("Target class [{}] of target [{}] is excluded!", targetClass, target);
return false;
}
if (isClassExcluded(memberClass)) {
LOG.warn("Declaring class of member type [{}] is excluded!", member);
return false;
}
if (disallowProxyMemberAccess && ProxyUtil.isProxyMember(member, target)) {
LOG.warn("Access to proxy is blocked! Target class [{}] of target [{}], member [{}]", targetClass, target, member);
return false;
}
boolean allow = true;
if (!checkStaticMethodAccess(member)) {
LOG.warn("Access to static [{}] is blocked!", member);
allow = false;
}
//failed static test
if (!allow) {
return false;
}
// Now check for standard scope rules
return super.isAccessible(context, target, member, propertyName) && isAcceptableProperty(propertyName);
}
protected boolean checkStaticMethodAccess(Member member) {
int modifiers = member.getModifiers();
if (Modifier.isStatic(modifiers)) {
return allowStaticMethodAccess;
} else {
return true;
}
}
protected boolean checkEnumAccess(Object target, Member member) {
if (target instanceof Class) {
Class clazz = (Class) target;
if (Enum.class.isAssignableFrom(clazz) && member.getName().equals("values")) {
return true;
}
}
return false;
}
protected boolean isPackageExcluded(Package targetPackage, Package memberPackage) {
if (targetPackage == null || memberPackage == null) {
LOG.warn("The use of the default (unnamed) package is discouraged!");
}
String targetPackageName = targetPackage == null ? "" : targetPackage.getName();
String memberPackageName = memberPackage == null ? "" : memberPackage.getName();
for (Pattern pattern : excludedPackageNamePatterns) {
if (pattern.matcher(targetPackageName).matches() || pattern.matcher(memberPackageName).matches()) {
return true;
}
}
targetPackageName = targetPackageName + ".";
memberPackageName = memberPackageName + ".";
for (String packageName: excludedPackageNames) {
if (targetPackageName.startsWith(packageName) || memberPackageName.startsWith(packageName)) {
return true;
}
}
return false;
}
protected boolean isClassExcluded(Class clazz) {
if (clazz == Object.class || (clazz == Class.class && !allowStaticMethodAccess)) {
return true;
}
for (Class excludedClass : excludedClasses) {
if (clazz.isAssignableFrom(excludedClass)) {
return true;
}
}
return false;
}
protected boolean isAcceptableProperty(String name) {
return name == null || ((!isExcluded(name)) && isAccepted(name));
}
protected boolean isAccepted(String paramName) {
if (!this.acceptProperties.isEmpty()) {
for (Pattern pattern : acceptProperties) {
Matcher matcher = pattern.matcher(paramName);
if (matcher.matches()) {
return true;
}
}
//no match, but acceptedParams is not empty
return false;
}
//empty acceptedParams
return true;
}
protected boolean isExcluded(String paramName) {
if (!this.excludeProperties.isEmpty()) {
for (Pattern pattern : excludeProperties) {
Matcher matcher = pattern.matcher(paramName);
if (matcher.matches()) {
return true;
}
}
}
return false;
}
public void setExcludeProperties(Set excludeProperties) {
this.excludeProperties = excludeProperties;
}
public void setAcceptProperties(Set acceptedProperties) {
this.acceptProperties = acceptedProperties;
}
public void setExcludedClasses(Set> excludedClasses) {
this.excludedClasses = excludedClasses;
}
public void setExcludedPackageNamePatterns(Set excludedPackageNamePatterns) {
this.excludedPackageNamePatterns = excludedPackageNamePatterns;
}
public void setExcludedPackageNames(Set excludedPackageNames) {
this.excludedPackageNames = excludedPackageNames;
}
public void setDisallowProxyMemberAccess(boolean disallowProxyMemberAccess) {
this.disallowProxyMemberAccess = disallowProxyMemberAccess;
}
}
