Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4374

access enum values via ognl blocked by SecurityMemberAccess

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Blocker
    • Resolution: Fixed
    • 2.3.20
    • 2.3.20
    • None
    • None

    Description

      <@s.select list="@test.EnumType@values()">
      

      doesn't works anymore,it breaked compatibility.

      SecurityMemberAccess.isAccessible(Map context, Object target, Member member, String propertyName)

      solution is check enum access first then check others.

       int modifiers = member.getModifiers();
              if (Modifier.isStatic(modifiers)) {
                  if (member instanceof Method && !getAllowStaticMethodAccess()) {
                      if (target instanceof Class) {
                          Class clazz = (Class) target;
                          Method method = (Method) member;
                          if (Enum.class.isAssignableFrom(clazz) && method.getName().equals("values"))
                              return true;
                      }
                  }
              }
          	
              if (isPackageExcluded(target.getClass().getPackage(), member.getDeclaringClass().getPackage())) {
                  if (LOG.isWarnEnabled()) {
                      LOG.warn("Package of target [#0] or package of member [#1] are excluded!", target, member);
                  }
                  return false;
              }
      
              if (isClassExcluded(target.getClass(), member.getDeclaringClass())) {
                  if (LOG.isWarnEnabled()) {
                      LOG.warn("Target class [#0] or declaring class of member type [#1] are excluded!", target, member);
                  }
                  return false;
              }
      
      

      Attachments

        Activity

          People

            lukaszlenart Lukasz Lenart
            quaff Yanming Zhou
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: