You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Lukasz Lenart (JIRA)" <ji...@apache.org> on 2015/11/02 07:12:27 UTC
[jira] [Commented] (OGNL-252) OgnlRuntime.invokeMethod can throw
IllegalAccessException because of hash collisions
[ https://issues.apache.org/jira/browse/OGNL-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14984787#comment-14984787 ]
Lukasz Lenart commented on OGNL-252:
------------------------------------
Ok, so switching to
{code:java}
static final Map<Method, Boolean> _methodAccessCache = new ConcurrentHashMap<Method, Boolean>();
static final Map<Method, Boolean> _methodPermCache = new ConcurrentHashMap<Method, Boolean>();
{code}
should solve the problem, right?
> OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash collisions
> ------------------------------------------------------------------------------------
>
> Key: OGNL-252
> URL: https://issues.apache.org/jira/browse/OGNL-252
> Project: Commons OGNL
> Issue Type: Bug
> Affects Versions: 3.0
> Reporter: Carlos Saona
> Priority: Critical
> Fix For: 3.0.12
>
>
> Using Struts 2.3.24 and OGNL 3.0.6, one of our production servers was not rendering one attribute of a specific page. It was weird because the other servers were rendering that same page OK, and all had the same software version.
> Using the debugger, I found out that the problem was that OgnlRuntime.invoke method was throwing IllegalAccessException when invoking a given method by reflection. The difference between the working and non-working servers was that _methodAccessCache had different boolean values for that method. The non-working server failed to force the accessibility of the method because syncInvoke was set to false.
> Inspecting the code of OgnlRuntime.invokeMethod, I saw the cache is using the hash of the method as a key, instead of the method itself. Therefore if two different methods that have different accessibility have a hash collision in the cache, OgnlRuntime.invokeMethod will throw an IllegalAccessException if the one that is accessible is cached before the one that is not.
> I think this could be fixed by using the method itself as the map key, instead of its hash value. Browsing the changelog, I saw that at least since 3.0.9 IntHashMap has been replaced with ConcurrentHashMap, so the change would be quite straightforward.
> If you agree with the diagnostic, I volunteer to fork and submit a pull request.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)