OGNL Technology
   HOME

TheInfoList



Click Here for Items Related To - OGNL Technology
OR:
OGNL Technology on:   [Wikipedia]   [Google]   [Amazon]

Object-Graph Navigation Language (OGNL) is an open-source Expression Language (EL) for
Java Java (; id, Jawa, ; jv, ꦗꦮ; su, ) is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea to the north. With a population of 151.6 million people, Java is the world's List ...
, which, while using simpler expressions than the full range of those supported by the Java language, allows getting and setting properties (through defined setProperty and getProperty methods, found in
JavaBean In computing based on the Java Platform, JavaBeans is a technology developed by Sun Microsystems and released in 1996, as part of JDK 1.1. The 'beans' of JavaBeans are classes that encapsulate one or more objects into a single standardized objec ...
s), and execution of methods of Java classes. It also allows for simpler array manipulation. It is aimed to be used in Java EE applications with taglibs as expression language. OGNL was created by Luke Blanshard and Drew Davidson of
OGNL Technology Object-Graph Navigation Language (OGNL) is an open-source Unified Expression Language, Expression Language (EL) for Java (programming language), Java, which, while using simpler expressions than the full range of those supported by the Java languag ...
. OGNL development was continued by OpenSymphony, which closed in 2011. OGNL is developed now as a part of the
Apache Commons The Apache Commons is a project of the Apache Software Foundation, formerly under the Jakarta Project. The purpose of the Commons is to provide reusable, open source Java software. The Commons is composed of three parts: proper, sandbox, and dorm ...
.


OGNL Technology

OGNL began as a way to map associations between front-end components and back-end objects using property names. As these associations gathered more features, Drew Davidson created Key-Value Coding language (KVCL). Luke Blanshard then reimplemented KVCL using ANTLR and started using the name OGNL. The technology was again reimplemented using the Java Compiler Compiler ( JavaCC). OGNL uses Java reflection and introspection to address the
Object Graph In computer science, in an object-oriented program, groups of objects form a network through their relationships with each other, either through a direct reference to another object or through a chain of intermediate references. These groups of ...
of the runtime application. This allows the program to change behavior based on the state of the object graph instead of relying on compile time settings. It also allows changes to the object graph.


Projects using OGNL

* WebWork and its successor Struts2 *
Tapestry Tapestry is a form of textile art, traditionally woven by hand on a loom. Tapestry is weft-faced weaving, in which all the warp threads are hidden in the completed work, unlike most woven textiles, where both the warp and the weft threads may ...
(4 and earlier) *
Spring Web Flow Spring Web Flow (SWF) is the sub-project of the Spring Framework that focuses on providing the infrastructure for building and running Rich Internet application, rich web applications. The project tries to solve 3 core problems facing web applicati ...
* Apache Click * MyBatis - SQL mapper framework * The Thymeleaf - A Java XML/XHTML/HTML5 template engine * FreeMarker - A Java template engine


OGNL security issues

Due to its ability to create or change executable code, OGNL is capable of introducing critical security flaws to any framework that uses it. Multiple Apache Struts 2 versions have been vulnerable to OGNL security flaws. As of October 2017, the recommended version of Struts 2 is 2.5.13. Users are urged to upgrade to the latest version, as older revisions have documented security vulnerabilities — for example, Struts 2 versions 2.3.5 through 2.3.31, and 2.5 through 2.5.10, allow remote attackers to execute arbitrary code. Atlassian Confluence has repeatedly been affected by OGNL security issues that allowed arbitrary remote code execution, and required all users to update.


See also

*
MVEL MVFLEX Expression Language (MVEL) is a hybrid dynamic/statically typed, embeddable Expression Language and runtime for the Java Platform. Originally started as a utility language for an application framework, the project is now developed compl ...


External links


OGNL 3.x maintenance branch

OGNL 4.x Homepage (Apache)

Apache Struts CVE-2013-2134 OGNL Expression Injection Vulnerability


References

Scripting languages Free software programmed in Java (programming language) Java platform Software using the BSD license {{compu-lang-stub