intro

为什么要记录一下OGNL,因为打算调试Struts2漏洞了,作为基础储备知识,简单搜集和记录一下,言归正传。

OGNL是Object Graphic Navigation Language(对象图导航语言)的缩写。

* 所谓对象图,即以任意一个对象为根,通过OGNL可以访问与这个对象关联的其它对象
* 通过它简单一致的表达式语法,可以存取对象的任意属性,调用对象的方法,遍历整个对象的结构图,实现字段类型转化等功能。它使用相同的表达式去存取对象的属性

features

OGNL提供五大类功能

* 支持对象方法调用
* 支持类静态的方法调用和值访问
* 访问OGNL上下文(OGNL context)和ActionContext
* 支持赋值操作和表达式串联
* 操作集合对象

elements

表达式(Expression)

  表达式是整个OGNL的核心,所有的OGNL操作都是针对表达式的解析后进行的。表达式会规定此次OGNL操作到底要干什么,OGNL支持很多类型的表达式,之后我们会看到更多。
  

根对象(Root Object)

根对象可以理解为OGNL的操作对象。在表达式规定了“干什么”以后,你还需要指定到底“对谁干”。

上下文环境(Context)

有了表达式和根对象,我们实际上已经可以使用OGNL的基本功能。例如,根据表达式对根对象进行取值或者设值工作。不过实际上,在OGNL的内部,所有的操作都会在一个特定的环境中运行,这个环境就是OGNL的上下文环境(Context)。说得再明白一些,就是这个上下文环境(Context),将规定OGNL的操作“在哪里干”。

 OGNL的上下文环境是一个Map结构,称之为OgnlContext。上面我们提到的根对象(Root Object),事实上也会被加入到上下文环境中去,并且这将作为一个特殊的变量进行处理,具体就表现为针对根对象(Root Object)的存取操作的表达式是不需要增加#符号进行区分的。

OgnlContext不仅提供了OGNL的运行环境。在这其中,我们还能设置一些自定义的parameter到Context中,以便我们在进行OGNL操作的时候能够方便的使用这些parameter。不过正如我们上面反复强调的,我们在访问这些parameter时,需要使用#作为前缀才能进行。

refernce

什么是OGNL表达式

ognl概念和原理详解

OGNL表达式语言详解

607 对 “Less About OGNL”的想法;

  114. Втормаш – это компания, которая предлагает широкий выбор пищевого и емкостного оборудования для разных отраслей промышленности. У нас вы можете купить емкости и цистерны из нержавеющей стали, молочное, мясоперерабатывающее, фасовочное, холодильное и другое оборудование по выгодным ценам. Мы также оказываем услуги по лизингу, монтажу, наладке и ремонту оборудования. Свяжитесь с нами по телефону +7 (915) 290-77-55 и получите профессиональную консультацию и индивидуальное предложение.

    回复

  227. Оборудование в лизинг – это возможность приобрести современную технику для вашего бизнеса без затрат на покупку и обслуживание. Вы платите только за пользование оборудованием, а по окончании срока лизинга можете выкупить его по остаточной стоимости или вернуть лизингодателю. Компания ВторМаш предлагает лизинговые условия для различных видов оборудования: вакуумно-выпарные установки, маслообразователи, реакторы, сепараторы и многое другое. Заказывайте оборудование в лизинг на сайте или по телефону +7 (915) 290-77-55. Для связи с нашими специалистами вы можете также написать нам на почту info@vtormash.ru.

    回复

  382. Slightly off topic 🙂
    Hello, guys.
    (Moderator, I immediately ask you only no comments !!!)
    I’m Olesya, 29 years old.
    On quiet spring evenings, studying interesting porn video
    and relax here: https://sex-tube365.com/blonde/
    You can with me to talk personally.
    Love to watch videos from guys without panties 🙂
    ___
    Added
    Especially I trudge when I watch these videos:
    – Redhead : https://sex-tube365.com/redhead/
    – Solo : https://sex-tube365.com/solo/
    – BBW : https://sex-tube365.com/bbw/
    – Shemale : https://sex-tube365.com/shemale/

    I’m waiting for your rollers in a personal message.
    Kisses to all the tasty places !

    TT7J35707
    Молоденькие
    Любительское
    Соло
    В чулках
    Соло
    Азиатки
    Соло
    Негритянки
    Любительское
    Соло
    7139190

    回复

  388. Hmm it looks like your site ate my first comment (it was extremely
    long) so I guess I’ll just sum it up what I had written and say, I’m
    thoroughly enjoying your blog. I too am an aspiring blog blogger
    but I’m still new to everything. Do you have any helpful hints
    for rookie blog writers? I’d certainly appreciate it.

    回复

  511. Howdy, i read your blog occasionally and i own a similar one and i was just curious if you get a lot of spam comments?
    If so how do you protect against it, any plugin or anything you can suggest?
    I get so much lately it’s driving me insane so any support is very much appreciated.

    Multimedia Engineering
    Informatics Engineering

    Internet Engineering
    Language Center
    International Studies
    Electronics Engineering
    telecoms
    electrical engineering
    computer engineering

    回复

  513. Разрешение на строительство — это официальный удостоверение, предоставленный полномочными инстанциями государственной власти или территориального самоуправления, который предоставляет начать возведение или осуществление строительного процесса.
    Разрешение на строительство недвижимого имущества предписывает законодательные основы и стандарты к возведению, включая приемлемые категории работ, предусмотренные материалы и подходы, а также включает строительные регламенты и комплексы охраны. Получение разрешения на строительство является необходимым документов для строительной сферы.

    回复

  523. It can be hard to write about yourself. You want to show off your personality, but you also don’t want to seem too self-centered or egotistical. It’s a tricky balance that takes some practice, but it is possible. The key is to make sure you’re focusing on your audience as much as you focus on yourself. They need a little bit of information about who you are and what makes up your personality. As long as they get that, they’ll have the context to understand the rest of what you write! Individuals who opt for a career as acrobats create and direct original routines for themselves, in addition to developing interpretations of existing routines. The work of circus acrobats can be seen in a variety of performance settings, including circus, reality shows, sports events like the Olympics, movies and commercials. Individuals who opt for a career as acrobats must be prepared to face rejections and intermittent periods of work. The creativity of acrobats may extend to other aspects of the performance. For example, acrobats in the circus may work with gym trainers, celebrities or collaborate with other professionals to enhance such performance elements as costume and or maybe at the teaching end of the career.
    http://www.dadamoa.net/bbs/board.php?bo_table=free&wr_id=65391
    Some 9 billion animals are killed and used for food each year in the United States. The animal waste produced by factory farms causes water and air pollution. Yet the demand for meat grows stronger. In an attempt to curb the use of factory farms while satisfying the population’s demand for meat, food scientists have begun producing in vitro meat—muscle tissue that’s cultured from animal cells and grown in a laboratory. How comfortable would you be eating test-tube meat? Write an essay that argues for or against in vitro meat. Use your words to sway the reader. In this article, we are going to take a look at persuasive writing for kids and how we, as parents, carers, and tutors, can help them develop the essential skill of persuasive writing. These worksheets are an excellent way to develop children’s understanding and use of persuasive writing in KS2. There are a number of activities that demonstrate different types of persuasive writing, along with a model text, examples of adverts, and writing challenges.

    回复

  575. First off I would like to say wonderful blog! I had a quick question which I’d like to ask if you do not mind.

    I was curious to find out how you center yourself and clear your head prior to writing.
    I have had a difficult time clearing my mind in getting my thoughts out there.
    I do take pleasure in writing but it just seems like the first 10 to 15 minutes are usually wasted simply just trying to figure out how to begin. Any recommendations or hints?
    Cheers!

    回复

  576. Hello there! I know this is kinda off topic but I’d figured I’d ask.
    Would you be interested in exchanging links or maybe guest authoring a blog post or vice-versa?
    My blog goes over a lot of the same subjects as yours and I feel we could greatly benefit from each other.
    If you might be interested feel free to shoot me an email.
    I look forward to hearing from you! Excellent blog by the way!

    回复

  580. Hello are using WordPress for your blog platform?
    I’m new to the blog world but I’m trying to get started and set up
    my own. Do you require any coding knowledge to make your own blog?

    Any help would be greatly appreciated!

    回复

  582. I like the valuable information you provide in your
    articles. I will bookmark your blog and check again here regularly.
    I am quite sure I will learn a lot of new stuff right here!
    Best of luck for the next!

    回复

  593. I’m amazed, I have to admit. Seldom do I encounter
    a blog that’s both educative and engaging, and let me
    tell you, you’ve hit the nail on the head. The problem is something which too few people are speaking intelligently about.
    I’m very happy I stumbled across this in my hunt for something regarding
    this.

    回复

发表回复

您的电子邮箱地址不会被公开。