Hi group!
I have a 10 year old struts2 web application that uses validation with rules defined in XML files. One of these instantiates a java.util.Date to compare the the value of a bean with the current date: ( employee.birthday == null || employee.birthday.before(new java.util.Date())) When it comes to instantiate the Date object the call fails in SecurityMemberAccess. isAccessible. Form me it seems that a constructor call is not handled here properly. public boolean isAccessible(Map context, Object target, Member member, String propertyName) { LOG.debug("Checking access for [target: {}, member: {}, property: {}]", target, member, propertyName); final int memberModifiers = member.getModifiers(); final Class<?> memberClass = member.getDeclaringClass(); // target can be null in case of accessing static fields, since OGNL 3.2.8 final Class<?> targetClass = Modifier.isStatic(memberModifiers) ? memberClass : target.getClass(); if (!memberClass.isAssignableFrom(targetClass)) { throw new IllegalArgumentException("Target does not match member!"); } When the method is called target is the class object for java.util.Date, member is a representation of public java.util.Date() and propertyName is null. memberModifiers evaluates to 1 and memberClass to the class object for java.util.Date. This causes the if to resolve to false and throwing the exception. I cannot see how anyone could call any constructor at all. Is this a known issue or am I overseeing something? Kind regards Sebastian