OGNL improve getter/setter detection algorithm: #75
Conversation
- Add detail to isDefaultMethod() method comment. - Add a new isNonDefaultPublicInterfaceMethod() method. - Modify collectAccessors() method to consider public interface methods in addition to default methods. - Modify _getGetMethod() to prefer the first valid public getter over other getters, then the first valid public non-Default interface getter and lastly the first getter of any kind. - Modify _getSetMethod() to prefer the first valid public setter over other setters, then the first valid public non-Default interface setter and lastly the first setter of any kind.
|
Hello OGNL Team. This PR attempts to address a behaviour that @yasserzamani identified when reviewing PR#74 and illegal reflective access warnings running Struts 2.5.x under JDK 11. Currently OGNL 3.1.x picks the first getter/setter that it can find, even if the method is non-public or the declaring class is non-public. The updated logic in this PR attempts to find the first publicly accessible getter/setter method (both method and declaring class public) if possible, considering methods from the class and interfaces implemented by the class. After a few failed attempts, this implementation seems to work. It passes the regression tests for OGNL as well as the regression build for Struts 2.5.21-SNAPSHOT when used as part of the build. Running the 2.5.21. Showcase application under JDK 11 with this PR's implementation also seems to avoid the illegal reflective access warnings on the console too. 😄 Since the logic for choosing the getter/setter has changed, this change presents some risk - since it could choose differently than previous OGNL 3.1.x versions. However, choosing a publicly accessible getter/setter seems like better practice if possible to do so. Please advise what you think about the proposed change, and whether the logic seems sound or not. |
|
osm 😮 LGTM 👍 |
|
And consequently it seems #74 isn't essential anymore (?) |
|
Thanks for taking a look. 😄 |
…calOGNL_3_1_GetSetFixEnhance_1 Update local branch to the latest version to deal with any conflicts and then update the @SInCE tags to a new level.
|
This PR will be updated (hopefully soon) after merging with 3.1.24, making any necessary changes and confirming functionality. |
- Updated @SInCE and related comments to refer to 3.1.25 (post-merge of 3.1.24 changes).
|
Hello. I'm wondering if this PR also needs a control flag to decide whether to use the old or new lookup logic.. Although the new logic should choose a "better" match it's possible that existing applications could encounter unexpected behaviour as a result (due to a different getter or setter chosen with new vs. old logic). An environment flag (or static library method) allowing users to control whether to use the new or old lookup logic would limit that particular risk. The PR can be adjusted to add such a control mechanism (or any other changes that people think should be made). |
| // Unavailable (SecurityException, etc.) | ||
| } | ||
| if (optionDefinedInEnvironment) { | ||
| System.out.println("System property " + OgnlRuntime.USE_FIRSTMATCH_GETSET_LOOKUP + " value: " + flagValueFromEnvironment); |
There was a problem hiding this comment.
IMO it would be better to use logging instead of sysout even for testing.
There was a problem hiding this comment.
Hi.
Given the nature of this library, having tests output to sysout seems sufficient for now (AFAIK it's the only mechanism that has been available up until now, and the results are clearly visible in the Maven test run output).
Maybe someone will introduce a testing-only logging replacement for the sysouts in the tests in a future PR. 😄
|
@JCgH4164838Gh792C124B5 conflicts :( |
…calOGNL_3_1_GetSetFixEnhance_1 # Conflicts: # src/java/ognl/OgnlRuntime.java # src/test/java/ognl/OgnlRuntimeTest.java - Manually resolved merge conflicts for OgnlRuntime.java and OgnlRuntimeTest.java.
|
Fixed the merge conflicts but now Travis CI complains about usage of source level 1.5. 😕 |
|
Hello @lukaszlenart . Manual resolution of merge conflicts appears to have worked. 😄 |
|
LGTM 👍 |
Resolved merge conflicts manually (only pom.xml, decided to include modified comment from 3.1.x). ---------- Merge pull request orphan-oss#75 from JCgH4164838Gh792C124B5/localOGNL_3_1_GetSetFixEnhance_1 OGNL improve getter/setter detection algorithm: (cherry picked from commit c2a6cb5) # Conflicts: # pom.xml
OGNL improve getter/setter detection algorithm: