You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@lucene.apache.org by "Uwe Schindler (Jira)" <ji...@apache.org> on 2021/09/13 08:03:00 UTC

[jira] [Created] (LUCENE-10101) getField vs getDeclaredField in analysis SPI

Uwe Schindler created LUCENE-10101:
--------------------------------------

             Summary: getField vs getDeclaredField in analysis SPI
                 Key: LUCENE-10101
                 URL: https://issues.apache.org/jira/browse/LUCENE-10101
             Project: Lucene - Core
          Issue Type: Bug
          Components: core/other, modules/analysis
    Affects Versions: main (9.0)
            Reporter: Uwe Schindler
            Assignee: Uwe Schindler


Discussion between [~uschindler] and [~romseygeek]:

{quote}
> LUCENE-9281 moved the `lookupSPIName` method from
> AbstractAnalysisFactory to AnalysisSPILoader; the method is mostly the same,
> but one line has been changed from Class.getField() to Class.getDeclaredField().
> This can fall foul of the Security Manager, which wants a higher level of
> permission for getDeclaredField.  Was this an intentional change? As I

This was intentional because the previous code wasn't fully correct, because I had some safety check in mind: The main reason for the getDeclaredField() is to lookup the field only in this class; while getField() also looks into superclasses. E.g. if the superclass has a NAME field because of a programming error it would pick that up, which would be wrong. When investigating other implementations using "named" lookups out there (even in JDK), they used getDeclaredField() when accessing a static member.

There are 2 solutions:
- Change to getField(), but in the if statement below check the actual class: (field.getDeclaringClass()==service) (see https://github.com/apache/lucene-solr/pull/1360/files#diff-6a65d91199a18bc4ee2d00a1e9dc283aedc4134846e0d7aafdc484f8263e250bR159-R162)
- Wrap with doPrivileged in Lucene code. As far as I remember Lucene needs the permission anyways. With doPrivileged you would delegate responsibility.

Maybe also post your opinion about think fix #1 or fix #2 is better. I tend to go for fix #1. getDeclaredField() should theoretically be faster, but that won't matter here: If it goes the slow path (going up to superclass) it will fail anyways and that's the exceptional case. A correct factory should have a NAME field and its lookup is fast and the additional check introduced for the class is cheap.
{quote}

This is the issue to implement one of the solutions, preferably #1



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org