struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (WW-4374) access enum values via ognl blocked by SecurityMemberAccess
Date Tue, 29 Jul 2014 07:24:38 GMT

    [ https://issues.apache.org/jira/browse/WW-4374?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14077471#comment-14077471
] 

ASF subversion and git services commented on WW-4374:
-----------------------------------------------------

Commit bf6b37f2e31214ca9bbdac784bb864c421b7dc29 in struts's branch refs/heads/develop from
[~lukaszlenart]
[ https://git-wip-us.apache.org/repos/asf?p=struts.git;h=bf6b37f ]

WW-4374 Fixes problem with accessing Enum's values() method


> access enum values via ognl blocked by SecurityMemberAccess
> -----------------------------------------------------------
>
>                 Key: WW-4374
>                 URL: https://issues.apache.org/jira/browse/WW-4374
>             Project: Struts 2
>          Issue Type: Bug
>    Affects Versions: 2.3.18
>            Reporter: zhouyanming
>            Priority: Blocker
>             Fix For: 2.3.18
>
>
> {code:html}
> <@s.select list="@test.EnumType@values()">
> {code}
> doesn't works anymore,it breaked compatibility.
> SecurityMemberAccess.isAccessible(Map context, Object target, Member member, String propertyName)
> solution is check enum access first then check others.
> {code:java}
>  int modifiers = member.getModifiers();
>         if (Modifier.isStatic(modifiers)) {
>             if (member instanceof Method && !getAllowStaticMethodAccess()) {
>                 if (target instanceof Class) {
>                     Class clazz = (Class) target;
>                     Method method = (Method) member;
>                     if (Enum.class.isAssignableFrom(clazz) && method.getName().equals("values"))
>                         return true;
>                 }
>             }
>         }
>     	
>         if (isPackageExcluded(target.getClass().getPackage(), member.getDeclaringClass().getPackage()))
{
>             if (LOG.isWarnEnabled()) {
>                 LOG.warn("Package of target [#0] or package of member [#1] are excluded!",
target, member);
>             }
>             return false;
>         }
>         if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
>             if (LOG.isWarnEnabled()) {
>                 LOG.warn("Target class [#0] or declaring class of member type [#1] are
excluded!", target, member);
>             }
>             return false;
>         }
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message