From 0d92fd0ee5d4c23aabe7bf3c2ef1b30ff3e5c00d Mon Sep 17 00:00:00 2001 From: jumiller Date: Thu, 9 Jun 2016 15:39:23 -0600 Subject: [PATCH 1/2] add allowed methods to ActionBuilder --- .../struts2/convention/ConventionUnknownHandler.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/plugins/convention/src/main/java/org/apache/struts2/convention/ConventionUnknownHandler.java b/plugins/convention/src/main/java/org/apache/struts2/convention/ConventionUnknownHandler.java index b7c7acff7f..717bcc5b35 100644 --- a/plugins/convention/src/main/java/org/apache/struts2/convention/ConventionUnknownHandler.java +++ b/plugins/convention/src/main/java/org/apache/struts2/convention/ConventionUnknownHandler.java @@ -106,7 +106,7 @@ public ConventionUnknownHandler(Configuration configuration, ObjectFactory objec this.redirectToSlash = Boolean.parseBoolean(redirectToSlash); - allowedMethods = TextParseUtil.commaDelimitedStringToSet("execute,input,back,cancel,browse"); + allowedMethods = TextParseUtil.commaDelimitedStringToSet("execute,input,back,cancel,browse,index"); } public ActionConfig handleUnknownAction(String namespace, String actionName) @@ -219,7 +219,10 @@ protected ActionConfig buildActionConfig(String path, ResultTypeConfig resultTyp results.put(Action.SUCCESS, config); return new ActionConfig.Builder(defaultParentPackageName, "execute", ActionSupport.class.getName()). - addInterceptors(interceptors).addResultConfigs(results).build(); + addInterceptors(interceptors). + addResultConfigs(results). + addAllowedMethod(allowedMethods). + build(); } private Result scanResultsByExtension(String ns, String actionName, String pathPrefix, From dd3b80f2be6feb72de808087edcf7914e9d5bb6b Mon Sep 17 00:00:00 2001 From: jumiller Date: Fri, 10 Jun 2016 07:59:27 -0600 Subject: [PATCH 2/2] add GlobalAllowedMethods getter to PackageConfig and modified getActionConfig method in ConventionUnknownHandler to reference it --- .../opensymphony/xwork2/config/entities/PackageConfig.java | 7 +++++++ .../struts2/convention/ConventionUnknownHandler.java | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/core/src/main/java/com/opensymphony/xwork2/config/entities/PackageConfig.java b/core/src/main/java/com/opensymphony/xwork2/config/entities/PackageConfig.java index c0e9477d6f..bb34018de5 100644 --- a/core/src/main/java/com/opensymphony/xwork2/config/entities/PackageConfig.java +++ b/core/src/main/java/com/opensymphony/xwork2/config/entities/PackageConfig.java @@ -346,6 +346,13 @@ public List getGlobalExceptionMappingConfigs() { return globalExceptionMappingConfigs; } + /** + * gets the GlobalAllowedMethods local to this package + * + * @return a Set of method names allowed to be executed if strict method invocation is enabled + */ + public Set getGlobalAllowedMethods() { return globalAllowedMethods; } + public boolean isStrictMethodInvocation() { return strictMethodInvocation; } diff --git a/plugins/convention/src/main/java/org/apache/struts2/convention/ConventionUnknownHandler.java b/plugins/convention/src/main/java/org/apache/struts2/convention/ConventionUnknownHandler.java index 717bcc5b35..ace9446dd9 100644 --- a/plugins/convention/src/main/java/org/apache/struts2/convention/ConventionUnknownHandler.java +++ b/plugins/convention/src/main/java/org/apache/struts2/convention/ConventionUnknownHandler.java @@ -221,7 +221,7 @@ protected ActionConfig buildActionConfig(String path, ResultTypeConfig resultTyp return new ActionConfig.Builder(defaultParentPackageName, "execute", ActionSupport.class.getName()). addInterceptors(interceptors). addResultConfigs(results). - addAllowedMethod(allowedMethods). + addAllowedMethod(pkg.getGlobalAllowedMethods()). build(); }