Hi group!
I have a 10 year old struts2 web application that uses validation with rules
defined in XML files.
One of these instantiates a java.util.Date to compare the the value of a bean
with the current date:
( employee.birthday == null || employee.birthday.before(new
java.util.Date()))
When it comes to instantiate the Date object the call fails in
SecurityMemberAccess. isAccessible. Form me it seems that a constructor call is
not handled here properly.
public boolean isAccessible(Map context, Object target, Member member,
String propertyName) {
LOG.debug("Checking access for [target: {}, member: {}, property: {}]",
target, member, propertyName);
final int memberModifiers = member.getModifiers();
final Class<?> memberClass = member.getDeclaringClass();
// target can be null in case of accessing static fields, since OGNL
3.2.8
final Class<?> targetClass = Modifier.isStatic(memberModifiers) ?
memberClass : target.getClass();
if (!memberClass.isAssignableFrom(targetClass)) {
throw new IllegalArgumentException("Target does not match member!");
}
When the method is called target is the class object for java.util.Date, member
is a representation of public java.util.Date() and propertyName is null.
memberModifiers evaluates to 1 and memberClass to the class object for
java.util.Date.
This causes the if to resolve to false and throwing the exception. I cannot see
how anyone could call any constructor at all.
Is this a known issue or am I overseeing something?
Kind regards
Sebastian
