https://bz.apache.org/bugzilla/show_bug.cgi?id=63781
Bug ID: 63781
Summary: Prevent illegal reflective access warnings / errors
from BeanELResolver
Product: Tomcat 9
Version: 9.0.26
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: EL
Assignee: dev@tomcat.apache.org
Reporter: stefan.o...@googlemail.com
Target Milestone: -----
With Java module system, there might be cases, where interfaces are exported by
a module, but not their implementations.
In such cases BeanELResolver will currently cause warnings / errors like this:
[ERROR] java.lang.IllegalAccessException: class javax.el.BeanELResolver cannot
access class C (in module M) because module M does not export <packagfe of C>
to unnamed module ...
This could, and should be prevented, since in later Java versions those
warnings will become errors by default.
There already seems to be the right spot in code to achieve this. In
javax.el.Util (which seems to be tomcat-EL-sepcific, despite its package name)
there is the following code in getMethod:
if (m == null || Modifier.isPublic(type.getModifiers())) {
return m;
}
Class<?>[] inf = type.getInterfaces();
Method mp = null;
for (int i = 0; i < inf.length; i++) {
try {
mp = inf[i].getMethod(m.getName(), m.getParameterTypes());
mp = getMethod(mp.getDeclaringClass(), mp);
...
AFAIU, that code checks, if the type that declares the method, is public.
If not, it looks for the same method in interfaces and superclasses.
The check for "is public" could be extended to "and is exported by the module".
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
