[
https://issues.apache.org/jira/browse/WW-5604?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=18051460#comment-18051460
]
[email protected] edited comment on WW-5604 at 1/13/26 11:48 AM:
--------------------------------------------------------------------------------
You only have to use use the cdi-plugin - so the actions will be CDI-proxies
and org.apache.struts2.ognl.SecurityMemberAccess.checkAllowlist(Object, Member)
will return false because the target class doesn't pass isClassAllowlisted
(returns false).
was (Author: [email protected]):
You only have to use use the cdi-plugin - so the actions will be CDI-proxies
and org.apache.struts2.ognl.SecurityMemberAccess.checkAllowlist(Object, Member)
will return false because the target class don't pass isClassAllowlisted
(returns false).
> CDI proxies won't be recognized as proxy in SecurityMemberAccess
> ----------------------------------------------------------------
>
> Key: WW-5604
> URL: https://issues.apache.org/jira/browse/WW-5604
> Project: Struts 2
> Issue Type: Bug
> Components: Plugin - CDI
> Affects Versions: 7.1.1
> Reporter: [email protected]
> Priority: Major
> Fix For: 7.2.0
>
>
> ProxyUtil should also handle CDI proxies or the cdi-plugin provides an
> extended SecurityMemberAccess which handles the proxies.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
