Sebastian Götz created WW-5415: ---------------------------------- Summary: Struts2 Validator is failing in OGNL with constructor call Key: WW-5415 URL: https://issues.apache.org/jira/browse/WW-5415 Project: Struts 2 Issue Type: Bug Components: Core Affects Versions: 6.3.0, 6.2.0 Reporter: Sebastian Götz Fix For: 6.5.0
An FieldExpression validator using a constructor call in its OGNL expression fails. {code:java|title=Example validation configuration} Unable to find source-code formatter for language: code panel. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE validators PUBLIC "-//Apache Struts//XWork Validator 1.0.2//EN" "http://struts.apache.org/dtds/xwork-validator-1.0.2.dtd"> <validators> <field name="employee.birthday"> <field-validator type="fieldexpression"> <param name="expression"><![CDATA[ ( employee.birthday == null || employee.birthday.before(new java.util.Date())) ]]></param> <message key="errors_birthday" /> </field-validator> </field> </validators> {code} When it comes to instantiate the Date object in the above example, the call fails in com.opensymphony.xwork2.ognl.SecurityMemberAccess.isAccessible(Map, Object, Member, String). It seems that a constructor call is not handled here properly. {code:java} public boolean isAccessible(Map context, Object target, Member member, String propertyName) { LOG.debug("Checking access for [target: {}, member: {}, property: {}]", target, member, propertyName); final int memberModifiers = member.getModifiers(); final Class<?> memberClass = member.getDeclaringClass(); // target can be null in case of accessing static fields, since OGNL 3.2.8 final Class<?> targetClass = Modifier.isStatic(memberModifiers) ? memberClass : target.getClass(); if (!memberClass.isAssignableFrom(targetClass)) { throw new IllegalArgumentException("Target does not match member!"); } {code} When the method is called, * {{*target*}} is the class object for {{{}java.util.Date{}}} * {{*member*}} is a representation of the constructor {{public java.util.Date()}} * {{*propertyName*}} is null * {{*memberModifiers*}} evaluates to 1 * {{*memberClass*}} to the class object for {{{}java.util.Date{}}} This causes the if to resolve to {{false}} and throwing the exception. I cannot see how anyone could call any constructor at all. -- This message was sent by Atlassian Jira (v8.20.10#820010)