[jira] [Commented] (OGNL-47) Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13196803#comment-13196803 ] Philippe Eymann commented on OGNL-47: - I think the problem comes from the getPermission(Method method) method in the OGNLRuntime class. See comments in the code extract below : {code:title=getPermission() method|borderStyle=solid} public static Permission getPermission(Method method) { // #1 : result setup as null Permission result = null; Class mc = method.getDeclaringClass(); Map permissions = (Map) _invokePermissionCache.get(mc); // #2 If permissions object is not null, then result is always null, see #3 below if (permissions == null) { // start-if permissions == null synchronized (_invokePermissionCache) { permissions = (Map) _invokePermissionCache.get(mc); if (permissions == null) { _invokePermissionCache.put(mc, permissions = new HashMap(101)); } // #3 This bloc is never called if permissions is not null if ((result = (Permission) permissions.get(method.getName())) == null) { result = new OgnlInvokePermission(invoke. + mc.getName() + . + method.getName()); permissions.put(method.getName(), result); } } } // end-if permissions = null return result; } {code} One way to solve this would be to code the following : {code} public static Permission getPermission(Method method) { Permission result = null; Class mc = method.getDeclaringClass(); Map permissions = (Map) _invokePermissionCache.get(mc); if (permissions == null) { synchronized (_invokePermissionCache) { permissions = (Map) _invokePermissionCache.get(mc); if (permissions == null) { _invokePermissionCache.put(mc, permissions = new HashMap(101)); } } } synchronized (permissions) { if ((result = (Permission) permissions.get(method.getName())) == null) { result = new OgnlInvokePermission(invoke. + mc.getName() + . + method.getName()); permissions.put(method.getName(), result); } } return result; } {code} Hope it helps. Philippe Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager -- Key: OGNL-47 URL: https://issues.apache.org/jira/browse/OGNL-47 Project: Commons OGNL Issue Type: Bug Reporter: kesava Priority: Blocker Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager Steps to reproduce 1.Enable security manager 2.Load the app {noformat} Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor File: ObjectPropertyAccessor.java Method: getPossibleProperty Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1 at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142) at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303) at ognl.ASTProperty.getValueBody(ASTProperty.java:114) at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) at ognl.SimpleNode.getValue(SimpleNode.java:258) at ognl.Ognl.getValue(Ognl.java:494) at ognl.Ognl.getValue(Ognl.java:458) at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213) at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277) at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260) at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242) at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222) at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284) at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91) at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193) at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286) at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843) at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222) at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507) at
[jira] [Commented] (OGNL-47) Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager
[ https://issues.apache.org/jira/browse/OGNL-47?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13196872#comment-13196872 ] Philippe Eymann commented on OGNL-47: - Hi Maurizio, I think that this issue is mainly related to a problem with Struts 2.3.1, and the official OGNL release which is bundled with this version of Struts is the 3.0.4, see [this link on the Stuts official page|http://newverhost.com/pub//struts/library/struts-2.3.1.2-lib.zip]. Is there any more recent released version of the OGNL jar which contains the current (SVN trunk) OgnlRuntime class ? I didn't find any download link on the Apache site. Regards, Philippe Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager -- Key: OGNL-47 URL: https://issues.apache.org/jira/browse/OGNL-47 Project: Commons OGNL Issue Type: Bug Reporter: kesava Priority: Blocker Unable to use Struts 2.3.1.2 application with OGNL 3.0.4 by enabling security manager Steps to reproduce 1.Enable security manager 2.Load the app {noformat} Caught an Ognl exception while getting property serviceProviders - Class: ognl.ObjectPropertyAccessor File: ObjectPropertyAccessor.java Method: getPossibleProperty Line: 69 - ognl/ObjectPropertyAccessor.java:69:-1 at com.opensymphony.xwork2.ognl.accessor.CompoundRootAccessor.getProperty(CompoundRootAccessor.java:142) at ognl.OgnlRuntime.getProperty(OgnlRuntime.java:2303) at ognl.ASTProperty.getValueBody(ASTProperty.java:114) at ognl.SimpleNode.evaluateGetValueBody(SimpleNode.java:212) at ognl.SimpleNode.getValue(SimpleNode.java:258) at ognl.Ognl.getValue(Ognl.java:494) at ognl.Ognl.getValue(Ognl.java:458) at com.opensymphony.xwork2.ognl.OgnlUtil.getValue(OgnlUtil.java:213) at com.opensymphony.xwork2.ognl.OgnlValueStack.getValueUsingOgnl(OgnlValueStack.java:277) at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValue(OgnlValueStack.java:260) at com.opensymphony.xwork2.ognl.OgnlValueStack.tryFindValueWhenExpressionIsNotNull(OgnlValueStack.java:242) at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:222) at com.opensymphony.xwork2.ognl.OgnlValueStack.findValue(OgnlValueStack.java:284) at org.apache.struts2.views.velocity.StrutsVelocityContext.internalGet(StrutsVelocityContext.java:91) at org.apache.velocity.context.AbstractContext.get(AbstractContext.java:193) at org.apache.velocity.context.InternalContextAdapterImpl.get(InternalContextAdapterImpl.java:286) at org.apache.velocity.runtime.parser.node.ASTReference.getVariableValue(ASTReference.java:843) at org.apache.velocity.runtime.parser.node.ASTReference.execute(ASTReference.java:222) at org.apache.velocity.runtime.parser.node.ASTReference.value(ASTReference.java:507) at org.apache.velocity.runtime.parser.node.ASTExpression.value(ASTExpression.java:71) at org.apache.velocity.runtime.parser.node.ASTSetDirective.render(ASTSetDirective.java:142) at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336) at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263) at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175) at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336) at org.apache.velocity.runtime.directive.Parse.render(Parse.java:263) at org.apache.velocity.runtime.parser.node.ASTDirective.render(ASTDirective.java:175) at org.apache.velocity.runtime.parser.node.SimpleNode.render(SimpleNode.java:336) at org.apache.velocity.Template.merge(Template.java:328) at org.apache.velocity.Template.merge(Template.java:235) at org.apache.struts2.dispatcher.VelocityResult.doExecute(VelocityResult.java:156) at org.apache.struts2.dispatcher.StrutsResultSupport.execute(StrutsResultSupport.java:186) at com.opensymphony.xwork2.DefaultActionInvocation.executeResult(DefaultActionInvocation.java:374) at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:278) at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:69) at com.sony.sce.producttool.web.CacheFlushFilterInterceptor$2.call(CacheFlushFilterInterceptor.java:1) at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.callWithHandling(CacheFlushFilterInterceptor.java:79) at com.sony.sce.producttool.web.CacheFlushFilterInterceptor.intercept(CacheFlushFilterInterceptor.java:67) at