Make max length of SpEL expressions in an ApplicationContext configurable

This commit introduces support for a Spring property named
`spring.context.expression.maxLength`. When set, the value of that
property is used internally in StandardBeanExpressionResolver to
configure the SpelParserConfiguration used when evaluating String
values in bean definitions, @⁠Value, etc.

Closes gh-31952
This commit is contained in:
Sam Brannen
2024-01-09 11:09:44 +01:00
parent 3452354a11
commit 785598629a
5 changed files with 126 additions and 6 deletions

View File

@@ -1,5 +1,5 @@
/*
* Copyright 2002-2021 the original author or authors.
* Copyright 2002-2024 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -23,6 +23,7 @@ import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanExpressionException;
import org.springframework.beans.factory.config.BeanExpressionContext;
import org.springframework.beans.factory.config.BeanExpressionResolver;
import org.springframework.core.SpringProperties;
import org.springframework.core.convert.ConversionService;
import org.springframework.core.convert.support.DefaultConversionService;
import org.springframework.expression.Expression;
@@ -47,6 +48,7 @@ import org.springframework.util.StringUtils;
* beans such as "environment", "systemProperties" and "systemEnvironment".
*
* @author Juergen Hoeller
* @author Sam Brannen
* @since 3.0
* @see BeanExpressionContext#getBeanFactory()
* @see org.springframework.expression.ExpressionParser
@@ -55,6 +57,14 @@ import org.springframework.util.StringUtils;
*/
public class StandardBeanExpressionResolver implements BeanExpressionResolver {
/**
* System property to configure the maximum length for SpEL expressions: {@value}.
* <p>Can also be configured via the {@link SpringProperties} mechanism.
* @since 6.1.3
* @see SpelParserConfiguration#getMaximumExpressionLength()
*/
public static final String MAX_SPEL_EXPRESSION_LENGTH_PROPERTY_NAME = "spring.context.expression.maxLength";
/** Default expression prefix: "#{". */
public static final String DEFAULT_EXPRESSION_PREFIX = "#{";
@@ -90,18 +100,24 @@ public class StandardBeanExpressionResolver implements BeanExpressionResolver {
/**
* Create a new {@code StandardBeanExpressionResolver} with default settings.
* <p>As of Spring Framework 6.1.3, the maximum SpEL expression length can be
* configured via the {@link #MAX_SPEL_EXPRESSION_LENGTH_PROPERTY_NAME} property.
*/
public StandardBeanExpressionResolver() {
this.expressionParser = new SpelExpressionParser();
this(null);
}
/**
* Create a new {@code StandardBeanExpressionResolver} with the given bean class loader,
* using it as the basis for expression compilation.
* <p>As of Spring Framework 6.1.3, the maximum SpEL expression length can be
* configured via the {@link #MAX_SPEL_EXPRESSION_LENGTH_PROPERTY_NAME} property.
* @param beanClassLoader the factory's bean class loader
*/
public StandardBeanExpressionResolver(@Nullable ClassLoader beanClassLoader) {
this.expressionParser = new SpelExpressionParser(new SpelParserConfiguration(null, beanClassLoader));
SpelParserConfiguration parserConfig = new SpelParserConfiguration(
null, beanClassLoader, false, false, Integer.MAX_VALUE, retrieveMaxExpressionLength());
this.expressionParser = new SpelExpressionParser(parserConfig);
}
@@ -178,4 +194,22 @@ public class StandardBeanExpressionResolver implements BeanExpressionResolver {
protected void customizeEvaluationContext(StandardEvaluationContext evalContext) {
}
private static int retrieveMaxExpressionLength() {
String value = SpringProperties.getProperty(MAX_SPEL_EXPRESSION_LENGTH_PROPERTY_NAME);
if (!StringUtils.hasText(value)) {
return SpelParserConfiguration.DEFAULT_MAX_EXPRESSION_LENGTH;
}
try {
int maxLength = Integer.parseInt(value.trim());
Assert.isTrue(maxLength > 0, () -> "Value [" + maxLength + "] for system property ["
+ MAX_SPEL_EXPRESSION_LENGTH_PROPERTY_NAME + "] must be positive");
return maxLength;
}
catch (NumberFormatException ex) {
throw new IllegalArgumentException("Failed to parse value for system property [" +
MAX_SPEL_EXPRESSION_LENGTH_PROPERTY_NAME + "]: " + ex.getMessage(), ex);
}
}
}