search

fyhack / google-gson

Automatically exported from code.google.com/p/google-gson
0 stars 0 forks source link

Fields excluded in ExclusionStrategy should not be made accessible #191

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
We faced this problem on Google App Engine since there are security 
restrictions in place.

1. We have a class with field on which access via reflection is not 
allowed. e.g

class ClassWithNonAccessibleField {
  //Security manager doesn't allow access to this
  private static final int version;
  //This field is accessible
  private int accessible;
}

2. Try to serialize the class as follows using the following exclusion 
strategy:
private Gson gson= new GsonBuilder().excludeFieldsWithModifiers
(Modifier.STATIC, Modifier.TRANSIENT,
                    Modifier.VOLATILE).create();

What is the expected output? What do you see instead?
The excluded fields should be skipped and only fields that are to be 
serialized should be made accessible. 
But in this case, trying to serialize ClassWithNonAccessibleField will 
result in a SecurityException in the ObjectNavigator class.

We could overcome this problem by trying to exclude such fields from 
serialization. But the setAccessible() method is called for all fields of 
the class in a single shot, hence causing a AccessControlException.

What version of the product are you using? On what operating system?
Gson version 1.4 on Google app engine 1.3.0

Please provide any additional information below.
The above example is a simplification of the scenario in which we faced 
the problem. I can provide more details if required.

Also find attached a patch that is working fine on app engine. :)

Original issue reported on code.google.com by akhilra...@gmail.com on 27 Jan 2010 at 7:25

GoogleCodeExporter commented 9 years ago 
Ah!! Forgot to attach the patch.

Original comment by akhilra...@gmail.com on 27 Jan 2010 at 7:43

Attachments:

GoogleCodeExporter commented 9 years ago 
akhilraina's patch works well for me on AppEngine as well. I'm attaching the 
rebuilt binary jar for those without a build environment.

Original comment by gareth.c...@gmail.com on 19 Jun 2010 at 4:06

Attachments:

GoogleCodeExporter commented 9 years ago 
Is this still a problem with the latest Gson 1.7.1 release and the new App 
Engine pushes?

Original comment by joel.leitch@gmail.com on 26 Apr 2011 at 11:22

GoogleCodeExporter commented 9 years ago 
This issue was closed by revision r1095.

Original comment by limpbizkit on 29 Dec 2011 at 7:11