[jira] [Commented] (OGNL-252) OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash collisions
[ https://issues.apache.org/jira/browse/OGNL-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14991746#comment-14991746 ] Lukasz Lenart commented on OGNL-252: OGNL 3.0.13/3.1.1 are out, you can replace the version you are using right now (it supposed to be a drop-in replacement) or wait for Struts 2.3.25 or 2.5 > OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash > collisions > > > Key: OGNL-252 > URL: https://issues.apache.org/jira/browse/OGNL-252 > Project: Commons OGNL > Issue Type: Bug >Affects Versions: 3.0 >Reporter: Carlos Saona >Priority: Critical > Fix For: 3.0.13 > > > Using Struts 2.3.24 and OGNL 3.0.6, one of our production servers was not > rendering one attribute of a specific page. It was weird because the other > servers were rendering that same page OK, and all had the same software > version. > Using the debugger, I found out that the problem was that OgnlRuntime.invoke > method was throwing IllegalAccessException when invoking a given method by > reflection. The difference between the working and non-working servers was > that _methodAccessCache had different boolean values for that method. The > non-working server failed to force the accessibility of the method because > syncInvoke was set to false. > Inspecting the code of OgnlRuntime.invokeMethod, I saw the cache is using the > hash of the method as a key, instead of the method itself. Therefore if two > different methods that have different accessibility have a hash collision in > the cache, OgnlRuntime.invokeMethod will throw an IllegalAccessException if > the one that is accessible is cached before the one that is not. > I think this could be fixed by using the method itself as the map key, > instead of its hash value. Browsing the changelog, I saw that at least since > 3.0.9 IntHashMap has been replaced with ConcurrentHashMap, so the change > would be quite straightforward. > If you agree with the diagnostic, I volunteer to fork and submit a pull > request. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OGNL-252) OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash collisions
[ https://issues.apache.org/jira/browse/OGNL-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14991302#comment-14991302 ] Carlos Saona commented on OGNL-252: --- Splendid, thanks! > OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash > collisions > > > Key: OGNL-252 > URL: https://issues.apache.org/jira/browse/OGNL-252 > Project: Commons OGNL > Issue Type: Bug >Affects Versions: 3.0 >Reporter: Carlos Saona >Priority: Critical > Fix For: 3.0.13 > > > Using Struts 2.3.24 and OGNL 3.0.6, one of our production servers was not > rendering one attribute of a specific page. It was weird because the other > servers were rendering that same page OK, and all had the same software > version. > Using the debugger, I found out that the problem was that OgnlRuntime.invoke > method was throwing IllegalAccessException when invoking a given method by > reflection. The difference between the working and non-working servers was > that _methodAccessCache had different boolean values for that method. The > non-working server failed to force the accessibility of the method because > syncInvoke was set to false. > Inspecting the code of OgnlRuntime.invokeMethod, I saw the cache is using the > hash of the method as a key, instead of the method itself. Therefore if two > different methods that have different accessibility have a hash collision in > the cache, OgnlRuntime.invokeMethod will throw an IllegalAccessException if > the one that is accessible is cached before the one that is not. > I think this could be fixed by using the method itself as the map key, > instead of its hash value. Browsing the changelog, I saw that at least since > 3.0.9 IntHashMap has been replaced with ConcurrentHashMap, so the change > would be quite straightforward. > If you agree with the diagnostic, I volunteer to fork and submit a pull > request. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OGNL-252) OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash collisions
[ https://issues.apache.org/jira/browse/OGNL-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14985820#comment-14985820 ] Carlos Saona commented on OGNL-252: --- Yes, that's what I think > OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash > collisions > > > Key: OGNL-252 > URL: https://issues.apache.org/jira/browse/OGNL-252 > Project: Commons OGNL > Issue Type: Bug >Affects Versions: 3.0 >Reporter: Carlos Saona >Priority: Critical > Fix For: 3.0.12 > > > Using Struts 2.3.24 and OGNL 3.0.6, one of our production servers was not > rendering one attribute of a specific page. It was weird because the other > servers were rendering that same page OK, and all had the same software > version. > Using the debugger, I found out that the problem was that OgnlRuntime.invoke > method was throwing IllegalAccessException when invoking a given method by > reflection. The difference between the working and non-working servers was > that _methodAccessCache had different boolean values for that method. The > non-working server failed to force the accessibility of the method because > syncInvoke was set to false. > Inspecting the code of OgnlRuntime.invokeMethod, I saw the cache is using the > hash of the method as a key, instead of the method itself. Therefore if two > different methods that have different accessibility have a hash collision in > the cache, OgnlRuntime.invokeMethod will throw an IllegalAccessException if > the one that is accessible is cached before the one that is not. > I think this could be fixed by using the method itself as the map key, > instead of its hash value. Browsing the changelog, I saw that at least since > 3.0.9 IntHashMap has been replaced with ConcurrentHashMap, so the change > would be quite straightforward. > If you agree with the diagnostic, I volunteer to fork and submit a pull > request. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OGNL-252) OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash collisions
[ https://issues.apache.org/jira/browse/OGNL-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14984787#comment-14984787 ] Lukasz Lenart commented on OGNL-252: Ok, so switching to {code:java} static final Map _methodAccessCache = new ConcurrentHashMap(); static final Map _methodPermCache = new ConcurrentHashMap(); {code} should solve the problem, right? > OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash > collisions > > > Key: OGNL-252 > URL: https://issues.apache.org/jira/browse/OGNL-252 > Project: Commons OGNL > Issue Type: Bug >Affects Versions: 3.0 >Reporter: Carlos Saona >Priority: Critical > Fix For: 3.0.12 > > > Using Struts 2.3.24 and OGNL 3.0.6, one of our production servers was not > rendering one attribute of a specific page. It was weird because the other > servers were rendering that same page OK, and all had the same software > version. > Using the debugger, I found out that the problem was that OgnlRuntime.invoke > method was throwing IllegalAccessException when invoking a given method by > reflection. The difference between the working and non-working servers was > that _methodAccessCache had different boolean values for that method. The > non-working server failed to force the accessibility of the method because > syncInvoke was set to false. > Inspecting the code of OgnlRuntime.invokeMethod, I saw the cache is using the > hash of the method as a key, instead of the method itself. Therefore if two > different methods that have different accessibility have a hash collision in > the cache, OgnlRuntime.invokeMethod will throw an IllegalAccessException if > the one that is accessible is cached before the one that is not. > I think this could be fixed by using the method itself as the map key, > instead of its hash value. Browsing the changelog, I saw that at least since > 3.0.9 IntHashMap has been replaced with ConcurrentHashMap, so the change > would be quite straightforward. > If you agree with the diagnostic, I volunteer to fork and submit a pull > request. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OGNL-252) OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash collisions
[ https://issues.apache.org/jira/browse/OGNL-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14984042#comment-14984042 ] Carlos Saona commented on OGNL-252: --- Hi, Lukasz. Thanks for the quick reply! No, I don't think it is related to WW-4113. Reading the description, and looking at the code, WW-4113 is about the cache for getters/setters that allows you to get an instance of {{Method}} from an instance of {{Class}} and a property name (a String). What I described happens afterwards, in the cache for the accessibility of that method. I am afraid that 3.0.12 has the same problem, as does 3.1: {{OgnlRuntime.invokeMethod}} uses {{method.hashCode()}} instead of {{method}} as the key in {{_methodAccessCache}} and {{_methodPermCache}} :-( I have also looked at the code in commons-ognl: there the key in the hash is the method instance, not its hash. So the problem only impacts 3.x > OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash > collisions > > > Key: OGNL-252 > URL: https://issues.apache.org/jira/browse/OGNL-252 > Project: Commons OGNL > Issue Type: Bug >Affects Versions: 3.0 >Reporter: Carlos Saona >Priority: Critical > Fix For: 3.0.12 > > > Using Struts 2.3.24 and OGNL 3.0.6, one of our production servers was not > rendering one attribute of a specific page. It was weird because the other > servers were rendering that same page OK, and all had the same software > version. > Using the debugger, I found out that the problem was that OgnlRuntime.invoke > method was throwing IllegalAccessException when invoking a given method by > reflection. The difference between the working and non-working servers was > that _methodAccessCache had different boolean values for that method. The > non-working server failed to force the accessibility of the method because > syncInvoke was set to false. > Inspecting the code of OgnlRuntime.invokeMethod, I saw the cache is using the > hash of the method as a key, instead of the method itself. Therefore if two > different methods that have different accessibility have a hash collision in > the cache, OgnlRuntime.invokeMethod will throw an IllegalAccessException if > the one that is accessible is cached before the one that is not. > I think this could be fixed by using the method itself as the map key, > instead of its hash value. Browsing the changelog, I saw that at least since > 3.0.9 IntHashMap has been replaced with ConcurrentHashMap, so the change > would be quite straightforward. > If you agree with the diagnostic, I volunteer to fork and submit a pull > request. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OGNL-252) OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash collisions
[ https://issues.apache.org/jira/browse/OGNL-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14984037#comment-14984037 ] Lukasz Lenart commented on OGNL-252: Also you can try drop-in a new version of OGNL -> https://github.com/jkuhnert/ognl#release-notes---version-3012 > OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash > collisions > > > Key: OGNL-252 > URL: https://issues.apache.org/jira/browse/OGNL-252 > Project: Commons OGNL > Issue Type: Bug >Affects Versions: 3.0 >Reporter: Carlos Saona >Priority: Critical > Fix For: 3.0.12 > > > Using Struts 2.3.24 and OGNL 3.0.6, one of our production servers was not > rendering one attribute of a specific page. It was weird because the other > servers were rendering that same page OK, and all had the same software > version. > Using the debugger, I found out that the problem was that OgnlRuntime.invoke > method was throwing IllegalAccessException when invoking a given method by > reflection. The difference between the working and non-working servers was > that _methodAccessCache had different boolean values for that method. The > non-working server failed to force the accessibility of the method because > syncInvoke was set to false. > Inspecting the code of OgnlRuntime.invokeMethod, I saw the cache is using the > hash of the method as a key, instead of the method itself. Therefore if two > different methods that have different accessibility have a hash collision in > the cache, OgnlRuntime.invokeMethod will throw an IllegalAccessException if > the one that is accessible is cached before the one that is not. > I think this could be fixed by using the method itself as the map key, > instead of its hash value. Browsing the changelog, I saw that at least since > 3.0.9 IntHashMap has been replaced with ConcurrentHashMap, so the change > would be quite straightforward. > If you agree with the diagnostic, I volunteer to fork and submit a pull > request. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (OGNL-252) OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash collisions
[ https://issues.apache.org/jira/browse/OGNL-252?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14984036#comment-14984036 ] Lukasz Lenart commented on OGNL-252: Is it related to WW-4113 ? > OgnlRuntime.invokeMethod can throw IllegalAccessException because of hash > collisions > > > Key: OGNL-252 > URL: https://issues.apache.org/jira/browse/OGNL-252 > Project: Commons OGNL > Issue Type: Bug >Affects Versions: 3.0 >Reporter: Carlos Saona >Priority: Critical > > Using Struts 2.3.24 and OGNL 3.0.6, one of our production servers was not > rendering one attribute of a specific page. It was weird because the other > servers were rendering that same page OK, and all had the same software > version. > Using the debugger, I found out that the problem was that OgnlRuntime.invoke > method was throwing IllegalAccessException when invoking a given method by > reflection. The difference between the working and non-working servers was > that _methodAccessCache had different boolean values for that method. The > non-working server failed to force the accessibility of the method because > syncInvoke was set to false. > Inspecting the code of OgnlRuntime.invokeMethod, I saw the cache is using the > hash of the method as a key, instead of the method itself. Therefore if two > different methods that have different accessibility have a hash collision in > the cache, OgnlRuntime.invokeMethod will throw an IllegalAccessException if > the one that is accessible is cached before the one that is not. > I think this could be fixed by using the method itself as the map key, > instead of its hash value. Browsing the changelog, I saw that at least since > 3.0.9 IntHashMap has been replaced with ConcurrentHashMap, so the change > would be quite straightforward. > If you agree with the diagnostic, I volunteer to fork and submit a pull > request. -- This message was sent by Atlassian JIRA (v6.3.4#6332)