[
https://issues.apache.org/struts/browse/TILES-328?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=44920#action_44920
]
Eddy Chan commented on TILES-328:
---------------------------------
I would say that it is good to fix this problem for those that are running in a
container that has a SecurityManager enabled and desire not to grant additional
permissions to a webapp. Why would one want to enable a SecurityManager is a
whole different discussion, but there are applications for this.
> Cast to ServletContext instead of using reflection
> --------------------------------------------------
>
> Key: TILES-328
> URL: https://issues.apache.org/struts/browse/TILES-328
> Project: Tiles
> Issue Type: Improvement
> Components: tiles-core
> Affects Versions: 2.0.4
> Reporter: Eddy Chan
> Priority: Minor
>
> In org.apache.tiles.access.TilesAccess.get/set/removeAttribute, instead of
> using reflection to call the methods, cast the context object to a
> ServletContext and then call the methods directly. This reduces the chance
> of having a SecurityException occur, since the ServletContext interface for
> these methods are public, but the specific context may not be reflectable.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
