The story starts with JellySwing: an irreversibly attractive way of building User-interfaces. And of course, as a good UI, you try to run this as an applet (we really intend it).
However Jelly Swing uses BeanUtils and which in turn uses MethodUtils. And here we break: MethodUtils was using Class.getDeclaredMethods() which, for some reasons, is considered dangerous. We readily replaced this with Class.getMethods() (at the possible expense of something I presume) and it worked...
Similar security exceptions arise when commons-lang (I think) allows itself to use a plain "System.getProperties()".
I think the issue is simply related to the fact that much (too much?) of the jakarta development is interested to the server things and too few to the user-interfaces...
I think, however, that such small utility classes like the commons should really think twice before going happily into security-breaking and should document their inability to run as an applet.
Thanks.
Paul
On Mardi, d�ce 17, 2002, at 19:39 Europe/Brussels, robert burrell donkin wrote:
i'm a bit confused by this. care to expand? - robertOn Tuesday, December 17, 2002, at 11:05 AM, Paul Libbrecht wrote:Possibly opposed to this requirement, I would insist that BeanUtils may sometimes be used with Applets. Maybe a switch is useful, maybe there is a fast method towards everything...
Paul
On Mardi, d�ce 17, 2002, at 09:43 Europe/Brussels, Stephen Colebourne wrote:
MethodUtils is currently being reworked in [lang]. Hopefully the new version
there can include some level of caching.
Stephen
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED].
org>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED].
org>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
-- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
