struts2 2.3.20 ognl allowStaticMethodAccess
[英]struts2 2.3.20 ognl allowStaticMethodAccess
问题描述
I updated my project to Struts2 version 2.3.20 . 
我将我的项目更新为Struts2版本2.3.20。 Now all cases in my JSPs that uses static method access do not work. 现在,我的JSP中使用静态方法访问的所有情况都不起作用。
ie. 即。
<s:set var="linkEscaped"
value="@org.apache.commons.lang.StringEscapeUtils@escapeHtml(#attr.myObject.link)" />
I already have set in my struts.properties -> 我已经设置了我的struts.properties - >
struts.ognl.allowStaticMethodAccess=true
and tried in struts.xml -> 并尝试在struts.xml - >
<constant name="struts.ognl.allowStaticMethodAccess" value="true"/>
with no success. 没有成功。 Does anyone know what has changed and what do I need to do to enable them again? 有谁知道发生了什么变化,我需要做些什么才能再次启用它们?
3 个解决方案
解决方案1
7 2014-12-16 13:19:40
Update 更新
Lukasz Lenart commented: Lukasz Lenart评论说:
To be clear, in context of 2.3.20 it's a bug and was temporally fixed, see issues.apache.org/jira/browse/WW-4429 but as from 2.5 access to static methods will be dropped.
--- ---
Allowing static method access was never a preferred way of doing things and in 2.3.20 it won't work even if struts.ognl.allowStaticMethodAccess is set to true . 允许静态方法访问从来不是首选的处理方式,在2.3.20 ,即使struts.ognl.allowStaticMethodAccess设置为true它也不会起作用。
Accessing static methods
In case you still use static methods in expressions (setting
struts.ognl.allowStaticMethodAccesstotrue) please be aware that this won't work anymore as internal security mechanism consider this as access tojava.lang.Classwhich is on the excluded list of classes (see above).struts.ognl.allowStaticMethodAccess设置为true),请注意这将不再起作用,因为内部安全机制将此视为对java.lang.Class访问,该列表位于排除的列表中课程(见上文)。 Temporary solution is to copy the above into yourstruts.xmland removejava.lang.Classfrom the excluded classes.struts.xml并从排除的类中删除java.lang.Class。Support for accessing static methods from expression will be disabled soon, please consider re-factoring your application to avoid further problems!
解决方案2
2 2015-03-10 10:07:22
I made it to work. 我让它发挥作用。 Copy the following from the struts-default.xml and copy it into your application's struts.xml. 从struts-default.xml复制以下内容并将其复制到应用程序的struts.xml中。
<constant name="struts.excludedClasses"
value="
java.lang.Object,
java.lang.Runtime,
java.lang.System,
java.lang.Class,
java.lang.ClassLoader,
java.lang.Shutdown,
ognl.OgnlContext,
ognl.MemberAccess,
ognl.ClassResolver,
ognl.TypeConverter,
com.opensymphony.xwork2.ActionContext" />
Remove only the the java.lang.Class from above. 从上面只删除java.lang.Class 。 Save, compile, build, and deploy. 保存,编译,构建和部署。 Happy days! 快乐的时光!
But we are doing an exit strategy for this. 但我们正在为此做出退出策略。 We are making aware all our developers not to use static access anymore and start removing it (We don't have a lot of places this being used though)! 我们已经意识到我们所有的开发人员不再使用静态访问并开始删除它(虽然我们没有很多地方使用它)!
解决方案3
0 已采纳 2015-01-19 16:30:16
Since static methods will not be able to be used in future releases, I decided to refactor the parts of the project that use them. 由于静态方法将无法在将来的版本中使用,因此我决定重构使用它们的项目部分。 The sooner the better. 越快越好。
So in y "BaseAction" I have created the methods I need and they call those methods. 所以在y“BaseAction”中我创建了我需要的方法,他们称之为方法。 This way only the "safe" methods I allow can be used in the jsp. 这样只有我允许的“安全”方法可以在jsp中使用。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.