[
https://issues.apache.org/struts/browse/TILES-328?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=44908#action_44908
]
Eddy Chan commented on TILES-328:
---------------------------------
Although I have not tested it, looking at the patch, it appears that a
SecurityException would occur first and the call to setAccessible is not
useful, because the method would have already thrown a TilesException. Also,
setAccessible(true) requires a permission itself, so it appears that without a
grant, this type of solution would not work.
It seems, the only way to support two types of interfaces without a grant in
this case is to check the type using "instanceof" and perform selected casting,
which is fairly ugly, but this can be hidden with a wrapper class that takes
the generic context.
> Cast to ServletContext instead of using reflection
> --------------------------------------------------
>
> Key: TILES-328
> URL: https://issues.apache.org/struts/browse/TILES-328
> Project: Tiles
> Issue Type: Improvement
> Components: tiles-core
> Affects Versions: 2.0.4
> Reporter: Eddy Chan
> Priority: Minor
>
> In org.apache.tiles.access.TilesAccess.get/set/removeAttribute, instead of
> using reflection to call the methods, cast the context object to a
> ServletContext and then call the methods directly. This reduces the chance
> of having a SecurityException occur, since the ServletContext interface for
> these methods are public, but the specific context may not be reflectable.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
