struts2对Ognl的打包-MemberAccess

Ognl的扩展点：

http://java12345678.iteye.com/blog/2031790

MemberAccess接口

 定义了对于Memeber(Constructor,Method,Filed是否可以访问)，Ognl默认实现DefaultMemberAccess对非公有Member不可以访问。

 Struts2对DefaultMemberAccess进行了扩展：在DefaultMemberAccess的非公有Member不可以访问的基础上，添加哪些公有Member可以访问或不可被访问

 一、参数决定哪些Memeber可以访问

  1.静态方法是否可以访问：由boolean型构建参数决定

public SecurityMemberAccess(boolean method) {
        allowStaticMethodAccess = method;
    }

2.哪些公有Member不可以访问:由属性Set<Pattern> excludeProperties决定

3.哪些公有Member可以访问：Set<Pattern> acceptProperties

4.由PropertiesJudge propertiesJudge对象决定某个Memeber是否可以访问

    程序代码中的判断：

  protected boolean isAcceptableProperty(String name) {
        if ( name == null) {
            return true;
        }
//属性名propertyName 不匹配excludeProperties
//属性名propertyName 匹配acceptProperties
//如果存在propertiesJudge ，则acceptProperty返回true
//全满足才能访问
        if ((!isExcluded(name)) && isAccepted(name) && (propertiesJudge == null || propertiesJudge.acceptProperty(name))) {
            return true;
        }
        return false;
    }

二、参数的由来：OgnlValueStack

public class OgnlValueStack{
  transient SecurityMemberAccess securityMemberAccess;
	protected void setRoot(XWorkConverter xworkConverter, CompoundRootAccessor accessor, CompoundRoot compoundRoot,
                           boolean allowStaticMethodAccess) {
    //省略了部分代码
        this.securityMemberAccess = new SecurityMemberAccess(allowStaticMethodAccess);
        this.context = Ognl.createDefaultContext(this.root, accessor, new OgnlTypeConverterWrapper(xworkConverter), securityMemberAccess);
    }
   public void setAcceptProperties(Set<Pattern> acceptedProperties) {
        securityMemberAccess.setAcceptProperties(acceptedProperties);
    }

    public void setPropertiesJudge(PropertiesJudge judge) {
        securityMemberAccess.setPropertiesJudge(judge);
    }

    public void setExcludeProperties(Set<Pattern> excludeProperties) {
        securityMemberAccess.setExcludeProperties(excludeProperties);
    }
  
}

 OgnlValueStack 由OgnlValueStackFactory构建：

  public class OgnlValueStackFactory implements ValueStackFactory{
    @Inject(value="allowStaticMethodAccess", required=false)
    public void setAllowStaticMethodAccess(String allowStaticMethodAccess) {
        this.allowStaticMethodAccess = "true".equalsIgnoreCase(allowStaticMethodAccess);
    }
  }