Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Illegal reflective access by SpEL ReflectivePropertyAccessor #22242

Closed
ahagerup opened this issue Jan 11, 2019 · 1 comment
Closed

Illegal reflective access by SpEL ReflectivePropertyAccessor #22242

ahagerup opened this issue Jan 11, 2019 · 1 comment
Assignees
@jhoeller
Labels
in: core Issues in core modules (aop, beans, core, context, expression) type: enhancement A general enhancement
Milestone
5.1.8

Comments

@ahagerup
Copy link

ahagerup commented Jan 11, 2019
edited by sbrannen
Loading

This is technically a request to re-open SPR-17480 (JDK 11: Illegal reflective access by org.springframework.util.ReflectionUtils), since the problem has nothing to do with Thymeleaf.

Problem can be reproduced using Java 11.0.1 and Spring Expression 5.1.3.RELEASE with the following code:

	public class Test {
		public static void main(String[] args) {
			String expr = "entry.key";
			new SpelExpressionParser().parseExpression(expr).getValue(new Test());
		}
		public Map.Entry<String, String> getEntry() {
			return Map.of("foo", "bar").entrySet().iterator().next();
		}
	}

Running with --illegal-access=debug produces the following output:

	WARNING: Illegal reflective access by org.springframework.util.ReflectionUtils (file:/C:/Users/Andreas/.gradle/caches/modules-2/files-2.1/org.springframework/spring-core/5.1.3.RELEASE/b1e5325d35bfb27e42d57e9295510cad54ed8fdf/spring-core-5.1.3.RELEASE.jar) to method java.util.KeyValueHolder.getKey()
		at org.springframework.util.ReflectionUtils.makeAccessible(ReflectionUtils.java:499)
		at org.springframework.expression.spel.support.ReflectivePropertyAccessor$OptimalPropertyAccessor.read(ReflectivePropertyAccessor.java:691)
		at org.springframework.expression.spel.ast.PropertyOrFieldReference.readProperty(PropertyOrFieldReference.java:204)
		at org.springframework.expression.spel.ast.PropertyOrFieldReference.getValueInternal(PropertyOrFieldReference.java:104)
		at org.springframework.expression.spel.ast.PropertyOrFieldReference.access$000(PropertyOrFieldReference.java:51)
		at org.springframework.expression.spel.ast.PropertyOrFieldReference$AccessorLValue.getValue(PropertyOrFieldReference.java:406)
		at org.springframework.expression.spel.ast.CompoundExpression.getValueInternal(CompoundExpression.java:90)
		at org.springframework.expression.spel.ast.SpelNodeImpl.getValue(SpelNodeImpl.java:111)
		at org.springframework.expression.spel.standard.SpelExpression.getValue(SpelExpression.java:201)
		at test.Test.main(Test.java:10)

The code in SPR-17480 tries to access java.util.HashMap$Node.getKey(), while the code above tries to access java.util.KeyValueHolder.getKey(), simply because a different Map implementation is used. The issue is the same.

The problem is that although the value returned by getEntry() is an interface with public methods (Map.Entry), the real object returned is a non-public class implementing the interface. Since the ReflectivePropertyAccessor logic resolves to the method of the non-public class, not to the method of the interface, ReflectionUtils.makeAccessible(Method method) ends up calling method.setAccessible(true).

Possible solution: Enhance ReflectivePropertyAccessor to search for the accessor method in public interfaces and public (super-)classes. Default to current logic if method cannot be located in a public type.
@rstoyanchev rstoyanchev added the status: waiting-for-triage An issue we've not yet triaged or decided on label Jan 12, 2019
@jhoeller jhoeller self-assigned this Jan 21, 2019
@rstoyanchev rstoyanchev added the in: core Issues in core modules (aop, beans, core, context, expression) label Jan 21, 2019
@Clank84 Clank84 mentioned this issue May 9, 2019
Closed
@jhoeller jhoeller added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels May 10, 2019
@jhoeller jhoeller added this to the 5.2 M3 milestone May 10, 2019
@jhoeller
Copy link
Contributor

jhoeller commented Jun 11, 2019
edited by sbrannen
Loading

This is closely related to gh-21385 (SPR-16845), so the same algorithm (ClassUtils.getInterfaceMethodIfPossible) should be applicable here.

@jhoeller jhoeller modified the milestones: 5.2 M3, 5.1.8 Jun 11, 2019
@sbrannen sbrannen changed the title Illegal reflective access by org.springframework.expression.spel.support.ReflectivePropertyAccessor Illegal reflective access by SpEL ReflectivePropertyAccessor Jun 11, 2019
@laoseth laoseth mentioned this issue Jun 28, 2019
Closed
@leccelecce leccelecce mentioned this issue Oct 24, 2019
Closed
@Smahlatz Smahlatz mentioned this issue Jan 14, 2020
Closed
@iay iay mentioned this issue Feb 2, 2022
Closed
@anandkarandikar anandkarandikar mentioned this issue Dec 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jhoeller jhoeller

Labels
in: core Issues in core modules (aop, beans, core, context, expression) type: enhancement A general enhancement
Projects
None yet
Milestone
5.1.8
Development

No branches or pull requests
3 participants
@rstoyanchev @jhoeller @ahagerup