You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2019/10/04 15:01:27 UTC
[tomcat] branch 8.5.x updated: Catch module export
issues at compile time if configured to do so
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new e8b7ec6 Catch <jsp:useBean> module export issues at compile time if configured to do so
e8b7ec6 is described below
commit e8b7ec6840f3c3b5a8926012bc8f7a40fdff86d6
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Oct 4 00:15:26 2019 +0100
Catch <jsp:useBean> module export issues at compile time if configured
to do so
---
java/org/apache/el/util/JreCompat.java | 2 +-
java/org/apache/jasper/compiler/Generator.java | 19 +++++++++++++------
res/checkstyle/org-import-control.xml | 1 +
3 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/java/org/apache/el/util/JreCompat.java b/java/org/apache/el/util/JreCompat.java
index 7ef8b87..8f226f2 100644
--- a/java/org/apache/el/util/JreCompat.java
+++ b/java/org/apache/el/util/JreCompat.java
@@ -25,7 +25,7 @@ import java.lang.reflect.AccessibleObject;
* This class is duplicated in javax.el
* When making changes keep the two in sync.
*/
-class JreCompat {
+public class JreCompat {
private static final JreCompat instance;
diff --git a/java/org/apache/jasper/compiler/Generator.java b/java/org/apache/jasper/compiler/Generator.java
index 1f10305..17bc381 100644
--- a/java/org/apache/jasper/compiler/Generator.java
+++ b/java/org/apache/jasper/compiler/Generator.java
@@ -21,6 +21,7 @@ import java.beans.BeanInfo;
import java.beans.IntrospectionException;
import java.beans.Introspector;
import java.beans.PropertyDescriptor;
+import java.lang.reflect.Constructor;
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.text.DateFormat;
@@ -47,6 +48,7 @@ import javax.servlet.jsp.tagext.TagInfo;
import javax.servlet.jsp.tagext.TagVariableInfo;
import javax.servlet.jsp.tagext.VariableInfo;
+import org.apache.el.util.JreCompat;
import org.apache.jasper.Constants;
import org.apache.jasper.JasperException;
import org.apache.jasper.JspCompilationContext;
@@ -1354,14 +1356,19 @@ class Generator {
} else {
canonicalName = klass;
}
+ // Check that there is a 0 arg constructor
+ Constructor<?> constructor = bean.getConstructor(new Class[] {});
+ // Check the bean is public, not an interface, not abstract
+ // and (for Java 9+) in an exported module
int modifiers = bean.getModifiers();
- if (!Modifier.isPublic(modifiers)
- || Modifier.isInterface(modifiers)
- || Modifier.isAbstract(modifiers)) {
- throw new Exception("Invalid bean class modifier");
+ JreCompat jreCompat = JreCompat.getInstance();
+ if (!Modifier.isPublic(modifiers) ||
+ Modifier.isInterface(modifiers) ||
+ Modifier.isAbstract(modifiers) ||
+ !jreCompat.canAcccess(null, constructor) ) {
+ throw new Exception(Localizer.getMessage("jsp.error.invalid.bean",
+ Integer.valueOf(modifiers)));
}
- // Check that there is a 0 arg constructor
- bean.getConstructor(new Class[] {});
// At compile time, we have determined that the bean class
// exists, with a public zero constructor, new() can be
// used for bean instantiation.
diff --git a/res/checkstyle/org-import-control.xml b/res/checkstyle/org-import-control.xml
index 09bf473..3a3dde0 100644
--- a/res/checkstyle/org-import-control.xml
+++ b/res/checkstyle/org-import-control.xml
@@ -98,6 +98,7 @@
<subpackage name="jasper">
<allow pkg="javax.el"/>
<allow pkg="javax.servlet"/>
+ <allow pkg="org.apache.el"/>
<allow pkg="org.apache.jasper"/>
<allow pkg="org.apache.juli"/>
<allow pkg="org.apache.tomcat" exact-match="true"/>
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org