search

efficacy / stringtree

Stringtree Java utilities
5 stars 3 forks source link

JSONWriter breaks on non-public fields #1

Open bsouther opened 11 years ago

bsouther commented 11 years ago

Hi Frank I just noticed that JSONWriter has been filling up my logs with IllegalAccessExceptions. It looks like this happens because, after serializing all of the properties, it tries to serialize the fields but without checking to see if they have public access.

Here is a small test case:

package com;
import org.stringtree.json.*;

public class Bean{
    private String name = "myName";

    public String getName(){ return this.name; }
    public void setName(String name){ this.name = name; }

    public static void main(String ... args)throws Exception{
        String json = new JSONWriter().write(new Bean());
        System.out.println(json);
    }
}

Have you considered adding checks to prevent it from attempting to access non-public fields?

-Ben

efficacy commented 11 years ago

Thanks for reporting that. I get so few problems with the JSON stuff that when one comes in it's quite exciting!

I'll have a look and see what I can do.

Frank.

On 14 March 2013 13:33, Ben Souther notifications@github.com wrote:

Hi Frank I just noticed that JSONWriter has been filling up my logs with IllegalAccessExceptions. It looks like this happens because, after serializing all of the properties, it tries to serialize the fields but without checking to see if they have public access.

Here is a small test case:

package com; import org.stringtree.json.*;

public class Bean{ private String name = "myName";

public String getName(){ return this.name; }
public void setName(String name){ this.name = name; }

public static void main(String ... args)throws Exception{
    String json = new JSONWriter().write(new Bean());
    System.out.println(json);
}

}

Have you considered adding checks to prevent it from attempting to access non-private fields?

-Ben

— Reply to this email directly or view it on GitHubhttps://github.com/efficacy/stringtree/issues/1 .

efficacy commented 11 years ago

Hi Ben. I just tried this on my dev system and it works fine, giving:

{"class":"class com.Bean","name":"myName"}

I guess there must be something different about how we are running the code. Can you tell me a bit more about your application. Java version? Standalone or in a container? (if so, which container?) Do you have any custom security stuff in place? etc.

Thanks, Frank.

bsouther commented 11 years ago

Frank,

This happens within Tomcat running on a Fedora 16 box and from the command line. No custom security.

I'm using Oracle's JVM:

[bpsouther@bsouther com]$ java -version
java version "1.7.0_07"
Java(TM) SE Runtime Environment (build 1.7.0_07-b10)
Java HotSpot(TM) Server VM (build 23.3-b01, mixed mode)

I also tried with the OpenJDK runtime that ships with Fedora:

[bpsouther@bsouther test]$ java -version
java version "1.7.0_09-icedtea"
OpenJDK Runtime Environment (fedora-2.3.8.0.fc17-x86_64)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)

Here is a console dump with the stack trace:

[bpsouther@bsouther com]$ java com.Bean
java.lang.IllegalAccessException: Class org.stringtree.json.JSONWriter can not access a member of class com.Bean with modifiers "private"
    at sun.reflect.Reflection.ensureMemberAccess(Reflection.java:95)
    at java.lang.reflect.AccessibleObject.slowCheckMemberAccess(AccessibleObject.java:261)
    at java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:253)
    at java.lang.reflect.Field.doSecurityCheck(Field.java:983)
    at java.lang.reflect.Field.getFieldAccessor(Field.java:927)
    at java.lang.reflect.Field.get(Field.java:372)
    at org.stringtree.json.JSONWriter.bean(JSONWriter.java:73)
    at org.stringtree.json.JSONWriter.value(JSONWriter.java:50)
    at org.stringtree.json.JSONWriter.write(JSONWriter.java:20)
    at com.Bean.main(Bean.java:11)
{"class":"class com.Bean","name":"myName",}
[bpsouther@bsouther com]$

Maybe it's a Java7 thing.

BTW: I've been using JSONReader for years in a very large payroll system and it's been great.

-Ben

efficacy commented 11 years ago

OK. Leave it with me and I'll get set up to test it in something like that. If it is something that's changed in later Java versions then I need to move the code forward. I don't think Java 6 is even supported any more.

Thanks.

bsouther commented 11 years ago

FYI, It's the same on Windows:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

E:\test>java com.Bean
java.lang.IllegalAccessException: Class org.stringtree.json.JSONWriter can not a
ccess a member of class com.Bean with modifiers "private"
        at sun.reflect.Reflection.ensureMemberAccess(Unknown Source)
        at java.lang.reflect.AccessibleObject.slowCheckMemberAccess(Unknown Source)
        at java.lang.reflect.AccessibleObject.checkAccess(Unknown Source)
        at java.lang.reflect.Field.doSecurityCheck(Unknown Source)
        at java.lang.reflect.Field.getFieldAccessor(Unknown Source)
        at java.lang.reflect.Field.get(Unknown Source)
        at org.stringtree.json.JSONWriter.bean(JSONWriter.java:73)
        at org.stringtree.json.JSONWriter.value(JSONWriter.java:50)
        at org.stringtree.json.JSONWriter.write(JSONWriter.java:20)
        at com.Bean.main(Bean.java:11)
{"class":"class com.Bean","name":"myName",}

E:\test>