Hi group!


I have a 10 year old struts2 web application that uses validation with rules 
defined in XML files.

One of these instantiates a java.util.Date to compare the the value of a bean 
with the current date:


            ( employee.birthday == null || employee.birthday.before(new 


When it comes to instantiate the Date object the call fails in 
SecurityMemberAccess. isAccessible. Form me it seems that a constructor call is 
not handled here properly.


    public boolean isAccessible(Map context, Object target, Member member, 
String propertyName) {

        LOG.debug("Checking access for [target: {}, member: {}, property: {}]", 
target, member, propertyName);


        final int memberModifiers = member.getModifiers();

        final Class<?> memberClass = member.getDeclaringClass();

        // target can be null in case of accessing static fields, since OGNL 

        final Class<?> targetClass = Modifier.isStatic(memberModifiers) ? 
memberClass : target.getClass();

        if (!memberClass.isAssignableFrom(targetClass)) {

            throw new IllegalArgumentException("Target does not match member!");



When the method is called target is the class object for java.util.Date, member 
is a representation of public java.util.Date() and propertyName is null.

memberModifiers evaluates to 1 and memberClass to the class object for 


This causes the if to resolve to false and throwing the exception. I cannot see 
how anyone could call any constructor at all.

Is this a known issue or am I overseeing something?


Kind regards 


Reply via email to