This is an automated email from the ASF dual-hosted git repository. lukaszlenart pushed a commit to branch WW-5627-cookie-authorization in repository https://gitbox.apache.org/repos/asf/struts.git
commit 09e3e30bb99bffdf582dbb4e164e794f7f19ddad Author: Lukasz Lenart <[email protected]> AuthorDate: Sat May 9 17:15:57 2026 +0200 WW-5627 register ParameterAllowlister bean in struts-default DI --- .../java/org/apache/struts2/config/StrutsBeanSelectionProvider.java | 2 ++ core/src/main/resources/struts-beans.xml | 3 +++ 2 files changed, 5 insertions(+) diff --git a/core/src/main/java/org/apache/struts2/config/StrutsBeanSelectionProvider.java b/core/src/main/java/org/apache/struts2/config/StrutsBeanSelectionProvider.java index f169b67f1..e3f632eda 100644 --- a/core/src/main/java/org/apache/struts2/config/StrutsBeanSelectionProvider.java +++ b/core/src/main/java/org/apache/struts2/config/StrutsBeanSelectionProvider.java @@ -73,6 +73,7 @@ import org.apache.struts2.url.UrlDecoder; import org.apache.struts2.url.UrlEncoder; import org.apache.struts2.util.ContentTypeMatcher; import org.apache.struts2.util.PatternMatcher; +import org.apache.struts2.interceptor.parameter.ParameterAllowlister; import org.apache.struts2.interceptor.parameter.ParameterAuthorizer; import org.apache.struts2.util.ProxyService; import org.apache.struts2.util.TextParser; @@ -448,6 +449,7 @@ public class StrutsBeanSelectionProvider extends AbstractBeanSelectionProvider { alias(ProxyCacheFactory.class, StrutsConstants.STRUTS_PROXY_CACHE_FACTORY, builder, props, Scope.SINGLETON); alias(ProxyService.class, StrutsConstants.STRUTS_PROXYSERVICE, builder, props, Scope.SINGLETON); alias(ParameterAuthorizer.class, StrutsConstants.STRUTS_PARAMETER_AUTHORIZER, builder, props, Scope.SINGLETON); + alias(ParameterAllowlister.class, StrutsConstants.STRUTS_PARAMETER_ALLOWLISTER, builder, props, Scope.SINGLETON); alias(SecurityMemberAccess.class, StrutsConstants.STRUTS_MEMBER_ACCESS, builder, props, Scope.PROTOTYPE); alias(OgnlGuard.class, StrutsConstants.STRUTS_OGNL_GUARD, builder, props, Scope.SINGLETON); diff --git a/core/src/main/resources/struts-beans.xml b/core/src/main/resources/struts-beans.xml index 232f0f4a4..21c4ec7e6 100644 --- a/core/src/main/resources/struts-beans.xml +++ b/core/src/main/resources/struts-beans.xml @@ -248,6 +248,9 @@ <bean type="org.apache.struts2.interceptor.parameter.ParameterAuthorizer" name="struts" class="org.apache.struts2.interceptor.parameter.StrutsParameterAuthorizer" scope="singleton"/> + <bean type="org.apache.struts2.interceptor.parameter.ParameterAllowlister" name="struts" + class="org.apache.struts2.interceptor.parameter.OgnlParameterAllowlister" scope="singleton"/> + <bean type="org.apache.struts2.url.QueryStringBuilder" name="strutsQueryStringBuilder" class="org.apache.struts2.url.StrutsQueryStringBuilder" scope="singleton"/> <bean type="org.apache.struts2.url.QueryStringParser" name="strutsQueryStringParser"
