1

We are using Struts 2 validators @FieldExpressionValidator and @ExpressionValidator. These validators check on OGNL expression. There are lots of cases where we deal with Strings in these expressions.

expression="(captcha=='' && captcha== null || ....)

We find it is very useful if we can use StringUtils ( isEmpty ,trimToEmpty,... ) here.

As we set the struts.ognl.allowStaticMethodAccess to false, for security issues, we tried to solve it by adding this getter to action

public StringUtils getStringUtils(){
        return new StringUtils();
    }

and then stringUtils.isEmpty(captcha) in the expression. But it didn't work.

To debug we tested 

ActionContext.getContext().getValueStack().findValue("stringUtils"); //returns org.apache.commons.lang3.StringUtils@693ade51 which shows there is an object in the stack

ActionContext.getContext().getValueStack().findValue("stringUtils.isEmpty('dd')"); //returns null

Any comments ?!

Roman C
  • 49,761
  • 33
  • 66
  • 176
Alireza Fattahi
  • 42,517
  • 14
  • 123
  • 173

1 Answers1

1

isEmpty is a static method and should be accessed statically with class prefix. As soon as you are using OGNL you have to allow static method access or write a wrapper for the method, i.e.

public boolean stringUtilsIsEmpty(String captcha) {
    return StringUtils.isEmpty(captcha);
}

then

ActionContext.getContext().getValueStack().findValue("stringUtilsIsEmpty('dd')");

However, in JSP you can do 

<s:if test="captcha != null && captcha != ''">
  do something
</s:if>

This is doing the same likeStringUtils#isEmpty().

Roman C
  • 49,761
  • 33
  • 66
  • 176
  • So I should add a method for each of `StringUtil`s methods :-( Are there better solutions ? – Alireza Fattahi Oct 05 '16 at 11:53
  • May be there's a lot of ways to do it. I don't know what specifically are you asking, the code that does work is here, the code that didn't work in your question. Clarify your specific problem, or it looks like too broad. Or you are looking for comments only? – Roman C Oct 05 '16 at 12:13
  • Dear @RomanC Yes the code works thanks, I was looking for an `enhancement` a way which eliminated the need to defining separate each method for each `StringUtils` method. If you think this is another question I can ask it in different one ! – Alireza Fattahi Oct 05 '16 at 12:34
  • You may ask another question if you clarify what you need actually. – Roman C Oct 05 '16 at 12:46
  • http://stackoverflow.com/questions/39875242/struts-2-calling-static-method-when-struts-ognl-allowstaticmethodaccess-is-false – Alireza Fattahi Oct 05 '16 at 13:27