[
https://issues.apache.org/jira/browse/WW-4645?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15356344#comment-15356344
]
Raintung Li commented on WW-4645:
---------------------------------
Yes, you can't define the java.lang.Object, but my question is how can
enumerate all son's classes?
For example:
You add the Runtime,java to black list. Many third part source extend Runtime,
how to disable this? I need scan all third part source codes.
Could add one flag to control this one? If it is true, exclude the son classes,
otherwise exclude parent. To keep the compatibility, the default value is
false.
> SecurityMemberAccess exclude class design issue
> ------------------------------------------------
>
> Key: WW-4645
> URL: https://issues.apache.org/jira/browse/WW-4645
> Project: Struts 2
> Issue Type: Bug
> Components: Core Actions
> Affects Versions: 2.3.20
> Reporter: Raintung Li
> Fix For: 2.3.30, 2.5.2
>
>
> In the isClassExcluded method invoke
> targetClass.isAssignableFrom(excludedClass), that mean targetClass must be
> parent class of excludedClass or same as excludedClass.
> How can enumerate all son classes in the excluded classes?
> Why not opposite? I only prevent the parent class, all son classes also be
> prevented.
> The EX: excludedClass.isAssignableFrom(targetClass)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
