You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@struts.apache.org by "Lukasz Lenart (JIRA)" <ji...@apache.org> on 2014/07/14 07:12:05 UTC
[jira] [Updated] (WW-4374) access enum values via ognl blocked by
SecurityMemberAccess
[ https://issues.apache.org/jira/browse/WW-4374?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lukasz Lenart updated WW-4374:
------------------------------
Fix Version/s: 2.3.18
> access enum values via ognl blocked by SecurityMemberAccess
> -----------------------------------------------------------
>
> Key: WW-4374
> URL: https://issues.apache.org/jira/browse/WW-4374
> Project: Struts 2
> Issue Type: Bug
> Affects Versions: 2.3.18
> Reporter: zhouyanming
> Priority: Blocker
> Fix For: 2.3.18
>
>
> {code:html}
> <@s.select list="@test.EnumType@values()">
> {code}
> doesn't works anymore,it breaked compatibility.
> SecurityMemberAccess.isAccessible(Map context, Object target, Member member, String propertyName)
> solution is check enum access first then check others.
> {code:java}
> int modifiers = member.getModifiers();
> if (Modifier.isStatic(modifiers)) {
> if (member instanceof Method && !getAllowStaticMethodAccess()) {
> if (target instanceof Class) {
> Class clazz = (Class) target;
> Method method = (Method) member;
> if (Enum.class.isAssignableFrom(clazz) && method.getName().equals("values"))
> return true;
> }
> }
> }
>
> if (isPackageExcluded(target.getClass().getPackage(), member.getDeclaringClass().getPackage())) {
> if (LOG.isWarnEnabled()) {
> LOG.warn("Package of target [#0] or package of member [#1] are excluded!", target, member);
> }
> return false;
> }
> if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
> if (LOG.isWarnEnabled()) {
> LOG.warn("Target class [#0] or declaring class of member type [#1] are excluded!", target, member);
> }
> return false;
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)