Struts 2 当 struts.ognl.allowStaticMethodAccess 为假时调用静态方法
Struts 2 calling static method when struts.ognl.allowStaticMethodAccess is false
struts 2 设置struts.ognl.allowStaticMethodAccess
为false
,出于安全问题。静态方法调用在某些情况下可能很有用,例如在处理基于表达式的验证器 时。
解决这个问题的一种方法是在action中定义一个helper方法,例如,如果我们想使用Math
class我们应该在下面添加:
public double randomMath(){
return Math.random();
}
public double asinMath(double a){
return Math.asin(a);
}
....
并将其用作 ${randomMath}
或 ${asinMath(1)}
如您所见,对于 Math
class 中的每个方法,我们需要在我们的操作中定义一个具有相同签名的 public
方法。
有没有更好的方法来避免这些样板吸气剂?!
OGNL 允许执行方法,但默认禁用静态访问,因此不能在表达式中使用静态方法。但是,您可以告诉 OGNL 哪些 classes 需要访问静态方法。
OGNL developer guide: Method Accessors
Method calls are another area where OGNL needs to do lookups for methods based on dynamic information. The MethodAccessor
interface provides a hook into how OGNL calls a method. When a static or instance method is requested the implementor of this interface is called to actually execute the method.
public interface MethodAccessor
{
Object callStaticMethod( Map context, Class targetClass, String methodName, List args )
throws MethodFailedException;
Object callMethod( Map context, Object target, String methodName, List args )
throws MethodFailedException;
}
You can set a method accessor on a class-by-class basis using OgnlRuntime.setMethodAccessor()
. The is a default method accessor for Object (which simply finds an appropriate method based on method name and argument types and uses reflection to call the method).
你可以编写代码
public class StringUtil extends StringUtils implements MethodAccessor {
//implement above methods
}
操作class
public static final String MESSAGE = "hello.message";
/**
* Field for Message property.
*/
private String message;
/**
* Return Message property.
*
* @return Message property
*/
public String getMessage() {
return message;
}
private StringUtil stringUtil = new StringUtil();
public StringUtil getStringUtil() {
return stringUtil;
}
public String execute() throws Exception {
setMessage(getText(MESSAGE));
OgnlRuntime.setMethodAccessor(StringUtil.class, stringUtil);
return SUCCESS;
}
在JSP
<s:if test="!stringUtil.isEmpty(message)">
<h2><s:property value="message"/></h2>
</s:if>
struts 2 设置struts.ognl.allowStaticMethodAccess
为false
,出于安全问题。静态方法调用在某些情况下可能很有用,例如在处理基于表达式的验证器
解决这个问题的一种方法是在action中定义一个helper方法,例如,如果我们想使用Math
class我们应该在下面添加:
public double randomMath(){
return Math.random();
}
public double asinMath(double a){
return Math.asin(a);
}
....
并将其用作 ${randomMath}
或 ${asinMath(1)}
如您所见,对于 Math
class 中的每个方法,我们需要在我们的操作中定义一个具有相同签名的 public
方法。
有没有更好的方法来避免这些样板吸气剂?!
OGNL 允许执行方法,但默认禁用静态访问,因此不能在表达式中使用静态方法。但是,您可以告诉 OGNL 哪些 classes 需要访问静态方法。
OGNL developer guide: Method Accessors
Method calls are another area where OGNL needs to do lookups for methods based on dynamic information. The
MethodAccessor
interface provides a hook into how OGNL calls a method. When a static or instance method is requested the implementor of this interface is called to actually execute the method.public interface MethodAccessor { Object callStaticMethod( Map context, Class targetClass, String methodName, List args ) throws MethodFailedException; Object callMethod( Map context, Object target, String methodName, List args ) throws MethodFailedException; }
You can set a method accessor on a class-by-class basis using
OgnlRuntime.setMethodAccessor()
. The is a default method accessor for Object (which simply finds an appropriate method based on method name and argument types and uses reflection to call the method).
你可以编写代码
public class StringUtil extends StringUtils implements MethodAccessor {
//implement above methods
}
操作class
public static final String MESSAGE = "hello.message";
/**
* Field for Message property.
*/
private String message;
/**
* Return Message property.
*
* @return Message property
*/
public String getMessage() {
return message;
}
private StringUtil stringUtil = new StringUtil();
public StringUtil getStringUtil() {
return stringUtil;
}
public String execute() throws Exception {
setMessage(getText(MESSAGE));
OgnlRuntime.setMethodAccessor(StringUtil.class, stringUtil);
return SUCCESS;
}
在JSP
<s:if test="!stringUtil.isEmpty(message)">
<h2><s:property value="message"/></h2>
</s:if>