From f4716366c0e90d43762eb166e1178cc89a52b78d Mon Sep 17 00:00:00 2001
From: divsgaur <26884362+divyanshshekhar@users.noreply.github.com>
Date: Mon, 5 Feb 2024 02:30:48 +0530
Subject: [PATCH 1/3] Check field accessibility before accessing bean param
 field value Signed-off-by: Divyansh Shekhar Gaur
 <divyanshshekhar@users.noreply.github.com>

---
 .../client/proxy/RequestParameters.java       |  2 +-
 .../proxy/MyBeanParamWithPrivateField.java    | 38 +++++++++++++++++++
 .../client/proxy/MyResourceWithBeanParam.java |  5 +++
 .../proxy/MyResourceWithBeanParamIfc.java     |  6 +++
 .../WebResourceFactoryBeanParamTest.java      | 10 +++++
 5 files changed, 60 insertions(+), 1 deletion(-)
 create mode 100644 ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyBeanParamWithPrivateField.java

diff --git a/ext/proxy-client/src/main/java/org/glassfish/jersey/client/proxy/RequestParameters.java b/ext/proxy-client/src/main/java/org/glassfish/jersey/client/proxy/RequestParameters.java
index 6bca3150b4..9461ad5d62 100644
--- a/ext/proxy-client/src/main/java/org/glassfish/jersey/client/proxy/RequestParameters.java
+++ b/ext/proxy-client/src/main/java/org/glassfish/jersey/client/proxy/RequestParameters.java
@@ -156,7 +156,7 @@ private void addBeanParameter(final Object beanParam)
                 anns.put(ann.annotationType(), ann);
             }
 
-            if (hasAnyParamAnnotation(anns)) {
+            if (field.canAccess(beanParam) && hasAnyParamAnnotation(anns)) {
                 value = field.get(beanParam);
             } else {
                 // get getter annotations if there are no field annotations
diff --git a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyBeanParamWithPrivateField.java b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyBeanParamWithPrivateField.java
new file mode 100644
index 0000000000..134c8b36f6
--- /dev/null
+++ b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyBeanParamWithPrivateField.java
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Public License v. 2.0, which is available at
+ * http://www.eclipse.org/legal/epl-2.0.
+ *
+ * This Source Code may also be made available under the following Secondary
+ * Licenses when the conditions for such availability set forth in the
+ * Eclipse Public License v. 2.0 are satisfied: GNU General Public License,
+ * version 2 with the GNU Classpath Exception, which is available at
+ * https://www.gnu.org/software/classpath/license.html.
+ *
+ * SPDX-License-Identifier: EPL-2.0 OR GPL-2.0 WITH Classpath-exception-2.0
+ */
+
+package org.glassfish.jersey.client.proxy;
+
+import jakarta.ws.rs.*;
+
+/**
+ * @author Divyansh Shekhar Gaur
+ */
+public class MyBeanParamWithPrivateField {
+
+    @QueryParam("privateFieldParam")
+    private String privateFieldParam;
+
+    public MyBeanParamWithPrivateField() {}
+
+    public String getPrivateFieldParam() {
+        return privateFieldParam;
+    }
+
+    public void setPrivateFieldParam(String privateFieldParam) {
+        this.privateFieldParam = privateFieldParam;
+    }
+}
diff --git a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParam.java b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParam.java
index 1b49f50026..dedf2ab84d 100644
--- a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParam.java
+++ b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParam.java
@@ -53,6 +53,11 @@ public String echoSubBean(@BeanParam MyGetBeanParam bean) {
         return bean.getSubBeanParam().getSubQueryParam().toString();
     }
 
+    @Override
+    public String echoPrivateField(@BeanParam MyBeanParamWithPrivateField bean) {
+        return bean.getPrivateFieldParam();
+    }
+
     @Override
     public String echo(MyBeanParam bean) {
         return ("HEADER=" + bean.getHeaderParam() + ",PATH=" + bean.getPathParam() + ",FORM="
diff --git a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParamIfc.java b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParamIfc.java
index 5e73615407..eab447e0c2 100644
--- a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParamIfc.java
+++ b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParamIfc.java
@@ -59,6 +59,12 @@ public interface MyResourceWithBeanParamIfc {
     @Produces("text/plain")
     public String echoSubBean(@BeanParam MyGetBeanParam bean);
 
+    @POST
+    @Consumes("application/x-www-form-urlencoded")
+    @Path("getPrivateField")
+    @Produces("text/plain")
+    public String echoPrivateField(@BeanParam MyBeanParamWithPrivateField bean);
+
     @POST
     @Consumes("application/x-www-form-urlencoded")
     @Path("all/{pathParam}")
diff --git a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/WebResourceFactoryBeanParamTest.java b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/WebResourceFactoryBeanParamTest.java
index d9b361a27e..f39be438a2 100644
--- a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/WebResourceFactoryBeanParamTest.java
+++ b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/WebResourceFactoryBeanParamTest.java
@@ -138,4 +138,14 @@ public void testSubResource() {
 
         assertEquals("query", response);
     }
+
+    @Test
+    public void testBeanParamPrivateFieldQuery() {
+        MyBeanParamWithPrivateField myGetBeanParam = new MyBeanParamWithPrivateField();
+        myGetBeanParam.setPrivateFieldParam("query");
+
+        String response = resourceWithBeanParam.echoPrivateField(myGetBeanParam);
+
+        assertEquals("query", response);
+    }
 }
\ No newline at end of file

From 16e287226897d32a71345cf2b07a6d51a13e383b Mon Sep 17 00:00:00 2001
From: divsgaur <26884362+divyanshshekhar@users.noreply.github.com>
Date: Sat, 10 Feb 2024 15:08:52 +0530
Subject: [PATCH 2/3] Fixed check style Signed-off-by: Divyansh Shekhar Gaur
 <divyanshshekhar@users.noreply.github.com>

---
 .../jersey/client/proxy/MyBeanParamWithPrivateField.java       | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyBeanParamWithPrivateField.java b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyBeanParamWithPrivateField.java
index 134c8b36f6..7a359ddcaa 100644
--- a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyBeanParamWithPrivateField.java
+++ b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyBeanParamWithPrivateField.java
@@ -16,7 +16,8 @@
 
 package org.glassfish.jersey.client.proxy;
 
-import jakarta.ws.rs.*;
+
+import jakarta.ws.rs.QueryParam;
 
 /**
  * @author Divyansh Shekhar Gaur

From b3750d46b373365d06fb3503af672fc511f756b7 Mon Sep 17 00:00:00 2001
From: divsgaur <26884362+divyanshshekhar@users.noreply.github.com>
Date: Sat, 10 Feb 2024 17:13:38 +0530
Subject: [PATCH 3/3] Fixed copyright year Signed-off-by: Divyansh Shekhar Gaur
 <divyanshshekhar@users.noreply.github.com>

---
 .../org/glassfish/jersey/client/proxy/RequestParameters.java    | 2 +-
 .../jersey/client/proxy/MyBeanParamWithPrivateField.java        | 2 +-
 .../glassfish/jersey/client/proxy/MyResourceWithBeanParam.java  | 2 +-
 .../jersey/client/proxy/MyResourceWithBeanParamIfc.java         | 2 +-
 .../jersey/client/proxy/WebResourceFactoryBeanParamTest.java    | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/ext/proxy-client/src/main/java/org/glassfish/jersey/client/proxy/RequestParameters.java b/ext/proxy-client/src/main/java/org/glassfish/jersey/client/proxy/RequestParameters.java
index 9461ad5d62..cd9d92a8f0 100644
--- a/ext/proxy-client/src/main/java/org/glassfish/jersey/client/proxy/RequestParameters.java
+++ b/ext/proxy-client/src/main/java/org/glassfish/jersey/client/proxy/RequestParameters.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2012, 2023 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2012, 2024 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
diff --git a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyBeanParamWithPrivateField.java b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyBeanParamWithPrivateField.java
index 7a359ddcaa..beb98f6461 100644
--- a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyBeanParamWithPrivateField.java
+++ b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyBeanParamWithPrivateField.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2024 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
diff --git a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParam.java b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParam.java
index dedf2ab84d..81fd9b47ea 100644
--- a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParam.java
+++ b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParam.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2024 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
diff --git a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParamIfc.java b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParamIfc.java
index eab447e0c2..f4b7f5c025 100644
--- a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParamIfc.java
+++ b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/MyResourceWithBeanParamIfc.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2023 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2024 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at
diff --git a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/WebResourceFactoryBeanParamTest.java b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/WebResourceFactoryBeanParamTest.java
index f39be438a2..6819e0cde8 100644
--- a/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/WebResourceFactoryBeanParamTest.java
+++ b/ext/proxy-client/src/test/java/org/glassfish/jersey/client/proxy/WebResourceFactoryBeanParamTest.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2021, 2023 Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2021, 2024 Oracle and/or its affiliates. All rights reserved.
  *
  * This program and the accompanying materials are made available under the
  * terms of the Eclipse Public License v. 2.0, which is available at