changelog.xml

markt Tue, 09 Dec 2014 02:37:36 -0800

Author: markt
Date: Tue Dec  9 10:37:18 2014
New Revision: 1644018

URL: http://svn.apache.org/r1644018
Log:
Fix potential issue with BeanELresolver when running under a security manager.
Some classes may not be accessible but may have accessible interfaces.


Modified:
    tomcat/tc8.0.x/trunk/   (props changed)
    tomcat/tc8.0.x/trunk/java/javax/el/BeanELResolver.java
    tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml

Propchange: tomcat/tc8.0.x/trunk/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Tue Dec  9 10:37:18 2014
@@ -1 +1 @@
-/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1643002,1643045,1643054-1643055,1643066,1643121,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963
+/tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1638720-1638725,1639653,1640010,1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1643002,1643045,1643054-1643055,1643066,1643121,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017

Modified: tomcat/tc8.0.x/trunk/java/javax/el/BeanELResolver.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/java/javax/el/BeanELResolver.java?rev=1644018&r1=1644017&r2=1644018&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/java/javax/el/BeanELResolver.java (original)
+++ tomcat/tc8.0.x/trunk/java/javax/el/BeanELResolver.java Tue Dec  9 10:37:18 
2014
@@ -229,15 +229,39 @@ public class BeanELResolver extends ELRe
             try {
                 BeanInfo info = Introspector.getBeanInfo(this.type);
                 PropertyDescriptor[] pds = info.getPropertyDescriptors();
-                for (int i = 0; i < pds.length; i++) {
-                    this.properties.put(pds[i].getName(), new BeanProperty(
-                            type, pds[i]));
+                for (PropertyDescriptor pd: pds) {
+                    this.properties.put(pd.getName(), new BeanProperty(type, 
pd));
+                }
+                if (System.getSecurityManager() != null) {
+                    // When running with SecurityManager, some classes may be
+                    // not accessible, but have accessible interfaces.
+                    populateFromInterfaces(type);
                 }
             } catch (IntrospectionException ie) {
                 throw new ELException(ie);
             }
         }
 
+        private void populateFromInterfaces(Class<?> aClass) throws 
IntrospectionException {
+            Class<?> interfaces[] = aClass.getInterfaces();
+            if (interfaces.length > 0) {
+                for (Class<?> ifs : interfaces) {
+                    BeanInfo info = Introspector.getBeanInfo(ifs);
+                    PropertyDescriptor[] pds = info.getPropertyDescriptors();
+                    for (PropertyDescriptor pd : pds) {
+                        if (!this.properties.containsKey(pd.getName())) {
+                            this.properties.put(pd.getName(), new BeanProperty(
+                                    this.type, pd));
+                        }
+                    }
+                }
+            }
+            Class<?> superclass = aClass.getSuperclass();
+            if (superclass != null) {
+                populateFromInterfaces(superclass);
+            }
+        }
+
         private BeanProperty get(ELContext ctx, String name) {
             BeanProperty property = this.properties.get(name);
             if (property == null) {

Modified: tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml?rev=1644018&r1=1644017&r2=1644018&view=diff
==============================================================================
--- tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Tue Dec  9 10:37:18 2014
@@ -183,6 +183,11 @@
         JspCompilationContext, in a way to support URLs with protocol different
         than <code>jar:file</code>. (violetagg)
       </fix>
+      <fix>
+        Fix potential issue with BeanELresolver when running under a security
+        manager. Some classes may not be accessible but may have accessible
+        interfaces. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="WebSocket">



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

svn commit: r1644018 - in /tomcat/tc8.0.x/trunk: ./ java/javax/el/BeanELResolver.java webapps/docs/changelog.xml

Reply via email to