[
https://issues.apache.org/jira/browse/JEXL-451?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Henri Biestro resolved JEXL-451.
--------------------------------
Resolution: Fixed
Commit
[6e6886|https://github.com/apache/commons-jexl/commit/6e6886f429acd38a94b9fd9b6a7cd330ab69cf42].
> Permission of "Object" not working.
> -----------------------------------
>
> Key: JEXL-451
> URL: https://issues.apache.org/jira/browse/JEXL-451
> Project: Commons JEXL
> Issue Type: Bug
> Affects Versions: 3.6.0
> Reporter: Xu Pengcheng
> Assignee: Henri Biestro
> Priority: Major
> Fix For: 3.6.1
>
>
> I updated to 3.6.0 and found the permission setting of Object.class is not
> working any more.
> Here is my setting, I want to all classes are readable, which doesn't work as
> before.
>
> {code:java}
> JexlSandbox sandbox = new JexlSandbox(false, true);
> sandbox.permissions(Object.class.getName(), true, true, false, false); {code}
>
>
> I checked the code in master branch:
> https://github.com/apache/commons-jexl/blob/master/src/main/java/org/apache/commons/jexl3/introspection/JexlSandbox.java#L305
>
> {code:java}
> final Class<?> superClazz = clazz.getSuperclass();
> if (Object.class != superClazz) {
> permissions = inheritable(compute(superClazz, false));
> } {code}
>
> The reason is because the recurse finding end before checking permission of
> "Object" class, change to "if (superClazz != null)" should fix it.
>
> Thanks!
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
