diff --git a/core/src/main/java/com/predic8/membrane/core/interceptor/flow/ConditionalInterceptor.java b/core/src/main/java/com/predic8/membrane/core/interceptor/flow/ConditionalInterceptor.java index 69073f3e9..2d76db2e7 100644 --- a/core/src/main/java/com/predic8/membrane/core/interceptor/flow/ConditionalInterceptor.java +++ b/core/src/main/java/com/predic8/membrane/core/interceptor/flow/ConditionalInterceptor.java @@ -23,6 +23,8 @@ import com.predic8.membrane.core.lang.spel.*; import org.slf4j.*; import org.springframework.expression.*; +import org.springframework.expression.spel.SpelCompilerMode; +import org.springframework.expression.spel.SpelParserConfiguration; import org.springframework.expression.spel.standard.*; import java.util.*; @@ -61,6 +63,7 @@ public class ConditionalInterceptor extends AbstractFlowInterceptor { /** * Spring Expression Language */ + private final SpelParserConfiguration spelConfig = new SpelParserConfiguration(SpelCompilerMode.IMMEDIATE, this.getClass().getClassLoader()); private Expression spelExpr; private final InterceptorFlowController interceptorFlowController = new InterceptorFlowController(); @@ -82,7 +85,7 @@ public void init(Router router) throws Exception { switch (language) { case GROOVY -> condition = new GroovyLanguageSupport().compileExpression(router.getBackgroundInitializator(), null, test); - case SPEL -> spelExpr = new SpelExpressionParser().parseExpression(test); + case SPEL -> spelExpr = new SpelExpressionParser(spelConfig).parseExpression(test); } } diff --git a/core/src/main/java/com/predic8/membrane/core/interceptor/log/AdditionalVariable.java b/core/src/main/java/com/predic8/membrane/core/interceptor/log/AdditionalVariable.java index 05994fadf..0110f4f8b 100644 --- a/core/src/main/java/com/predic8/membrane/core/interceptor/log/AdditionalVariable.java +++ b/core/src/main/java/com/predic8/membrane/core/interceptor/log/AdditionalVariable.java @@ -19,11 +19,14 @@ import com.predic8.membrane.annot.MCElement; import com.predic8.membrane.annot.Required; import org.springframework.expression.Expression; +import org.springframework.expression.spel.SpelCompilerMode; +import org.springframework.expression.spel.SpelParserConfiguration; import org.springframework.expression.spel.standard.SpelExpressionParser; @MCElement(name = "additionalVariable", topLevel = false, id = "accessLog-scope") public class AdditionalVariable { + private final SpelParserConfiguration spelConfig = new SpelParserConfiguration(SpelCompilerMode.IMMEDIATE, this.getClass().getClassLoader()); private String name; private Expression expression; private String defaultValue = "-"; @@ -39,7 +42,7 @@ public Expression getExpression() { @Required @MCAttribute public void setExpression(String expression) { - this.expression = new SpelExpressionParser() + this.expression = new SpelExpressionParser(spelConfig) .parseExpression(expression); } diff --git a/core/src/main/java/com/predic8/membrane/core/interceptor/misc/AbstractSetterInterceptor.java b/core/src/main/java/com/predic8/membrane/core/interceptor/misc/AbstractSetterInterceptor.java index 99985168b..742ee1fba 100644 --- a/core/src/main/java/com/predic8/membrane/core/interceptor/misc/AbstractSetterInterceptor.java +++ b/core/src/main/java/com/predic8/membrane/core/interceptor/misc/AbstractSetterInterceptor.java @@ -23,6 +23,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.expression.ExpressionParser; +import org.springframework.expression.spel.SpelCompilerMode; +import org.springframework.expression.spel.SpelParserConfiguration; import org.springframework.expression.spel.standard.SpelExpressionParser; import org.springframework.expression.spel.support.StandardEvaluationContext; @@ -35,7 +37,8 @@ public abstract class AbstractSetterInterceptor extends AbstractInterceptor { private static final Logger log = LoggerFactory.getLogger(AbstractSetterInterceptor.class); - private static final ExpressionParser parser = new SpelExpressionParser(); + private final SpelParserConfiguration spelConfig = new SpelParserConfiguration(SpelCompilerMode.IMMEDIATE, this.getClass().getClassLoader()); + private final ExpressionParser parser = new SpelExpressionParser(spelConfig); private final Pattern expressionPattern = Pattern.compile("\\$\\{(.*?)}"); protected String name; diff --git a/core/src/main/java/com/predic8/membrane/core/interceptor/oauth2client/OAuth2PermissionCheckerInterceptor.java b/core/src/main/java/com/predic8/membrane/core/interceptor/oauth2client/OAuth2PermissionCheckerInterceptor.java index ce75d3a86..d41e208c3 100644 --- a/core/src/main/java/com/predic8/membrane/core/interceptor/oauth2client/OAuth2PermissionCheckerInterceptor.java +++ b/core/src/main/java/com/predic8/membrane/core/interceptor/oauth2client/OAuth2PermissionCheckerInterceptor.java @@ -26,6 +26,8 @@ import com.predic8.membrane.annot.Required; import org.springframework.expression.Expression; import org.springframework.expression.ExpressionParser; +import org.springframework.expression.spel.SpelCompilerMode; +import org.springframework.expression.spel.SpelParserConfiguration; import org.springframework.expression.spel.standard.SpelExpressionParser; import org.springframework.expression.spel.support.StandardEvaluationContext; @@ -39,6 +41,7 @@ public class OAuth2PermissionCheckerInterceptor extends AbstractInterceptor { private static final Logger log = LoggerFactory.getLogger(OAuth2PermissionCheckerInterceptor.class); + private final SpelParserConfiguration spelConfig = new SpelParserConfiguration(SpelCompilerMode.IMMEDIATE, this.getClass().getClassLoader()); String expression; ValueSource valueSource; Function valueChecker; @@ -105,7 +108,7 @@ public Object evaluate(Exchange exc) { } private Function createChecker(String expr) { - ExpressionParser parser = new SpelExpressionParser(); + ExpressionParser parser = new SpelExpressionParser(spelConfig); Expression exp = parser.parseExpression(expr); return param -> { diff --git a/core/src/main/java/com/predic8/membrane/core/interceptor/ratelimit/RateLimitInterceptor.java b/core/src/main/java/com/predic8/membrane/core/interceptor/ratelimit/RateLimitInterceptor.java index 6b5cd8d32..fb8da37ee 100644 --- a/core/src/main/java/com/predic8/membrane/core/interceptor/ratelimit/RateLimitInterceptor.java +++ b/core/src/main/java/com/predic8/membrane/core/interceptor/ratelimit/RateLimitInterceptor.java @@ -69,6 +69,7 @@ public class RateLimitInterceptor extends AbstractInterceptor { private final RateLimitStrategy strategy; + private final SpelParserConfiguration spelConfig = new SpelParserConfiguration(SpelCompilerMode.IMMEDIATE, this.getClass().getClassLoader()); private String keyExpression; private Expression expression; @@ -125,7 +126,7 @@ public void init() throws Exception { super.init(); if (keyExpression == null || keyExpression.isBlank()) return; - expression = new SpelExpressionParser().parseExpression(keyExpression); + expression = new SpelExpressionParser(spelConfig).parseExpression(keyExpression); } private String getKey(Exchange exc) { diff --git a/core/src/main/java/com/predic8/membrane/core/openapi/serviceproxy/APIProxyKey.java b/core/src/main/java/com/predic8/membrane/core/openapi/serviceproxy/APIProxyKey.java index fc9945c11..5e29f2973 100644 --- a/core/src/main/java/com/predic8/membrane/core/openapi/serviceproxy/APIProxyKey.java +++ b/core/src/main/java/com/predic8/membrane/core/openapi/serviceproxy/APIProxyKey.java @@ -21,6 +21,8 @@ import com.predic8.membrane.core.rules.*; import org.slf4j.*; import org.springframework.expression.*; +import org.springframework.expression.spel.SpelCompilerMode; +import org.springframework.expression.spel.SpelParserConfiguration; import org.springframework.expression.spel.standard.*; import java.util.*; @@ -33,6 +35,7 @@ public class APIProxyKey extends ServiceProxyKey { private final ArrayList basePaths = new ArrayList<>(); + private final SpelParserConfiguration spelConfig = new SpelParserConfiguration(SpelCompilerMode.IMMEDIATE, this.getClass().getClassLoader()); private Expression testExpr; public APIProxyKey(RuleKey key, String test, boolean openAPI) { @@ -49,7 +52,7 @@ public APIProxyKey(String ip, String host, int port, String path, String method, protected void init(String test, boolean openAPI) { if (test != null) - testExpr = new SpelExpressionParser().parseExpression(test); + testExpr = new SpelExpressionParser(spelConfig).parseExpression(test); if (!openAPI) return; diff --git a/core/src/test/java/com/predic8/membrane/core/interceptor/ratelimit/RateLimitInterceptorTest.java b/core/src/test/java/com/predic8/membrane/core/interceptor/ratelimit/RateLimitInterceptorTest.java index c24b734d7..580adf3f0 100644 --- a/core/src/test/java/com/predic8/membrane/core/interceptor/ratelimit/RateLimitInterceptorTest.java +++ b/core/src/test/java/com/predic8/membrane/core/interceptor/ratelimit/RateLimitInterceptorTest.java @@ -351,9 +351,9 @@ void rateLimitInitWithoutKeyExpression() throws Exception { */ @NotNull - private static Exchange getExchange() { + private static Exchange getExchange() throws URISyntaxException { final Exchange exc = new Exchange(null); - exc.setRequest(new Request.Builder().header("accept","*/*").build()); + exc.setRequest(new Request.Builder().get("/").header("accept","*/*").build()); exc.setResponse(Response.ok().build()); exc.setRemoteAddrIp("192.168.1.100"); return exc;