[WW-4374] access enum values via ognl blocked by SecurityMemberAccess - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 2.3.20
Fix Version/s: 2.3.20
Component/s: None
Labels:
None

Description

<@s.select list="@test.EnumType@values()">

doesn't works anymore,it breaked compatibility.

SecurityMemberAccess.isAccessible(Map context, Object target, Member member, String propertyName)

solution is check enum access first then check others.

 int modifiers = member.getModifiers();
        if (Modifier.isStatic(modifiers)) {
            if (member instanceof Method && !getAllowStaticMethodAccess()) {
                if (target instanceof Class) {
                    Class clazz = (Class) target;
                    Method method = (Method) member;
                    if (Enum.class.isAssignableFrom(clazz) && method.getName().equals("values"))
                        return true;
                }
            }
        }
    	
        if (isPackageExcluded(target.getClass().getPackage(), member.getDeclaringClass().getPackage())) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("Package of target [#0] or package of member [#1] are excluded!", target, member);
            }
            return false;
        }

        if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("Target class [#0] or declaring class of member type [#1] are excluded!", target, member);
            }
            return false;
        }

Attachments

Activity

People

Assignee:: Lukasz Lenart

Reporter:: Yanming Zhou

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 14/Jul/14 01:24

Updated:: 13/Jan/15 11:58

Resolved:: 29/Jul/14 07:24