Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 002546b

Browse filesBrowse files
bclozelbclozel
committed
Refine PropertyDescriptor filtering
Restrict property paths under `Class` and properties of types `ClassLoader` or `ProtectionDomain`.
1 parent 1627f57 commit 002546b
Copy full SHA for 002546b

File tree

1 file changed

+14
-4
lines changed
Filter options

1 file changed

+14
-4
lines changed

‎spring-beans/src/main/java/org/springframework/beans/CachedIntrospectionResults.java

Copy file name to clipboardExpand all lines: spring-beans/src/main/java/org/springframework/beans/CachedIntrospectionResults.java
+14-4Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
/*
2-
* Copyright 2002-2020 the original author or authors.
2+
* Copyright 2002-2022 the original author or authors.
33
*
44
* Licensed under the Apache License, Version 2.0 (the "License");
55
* you may not use this file except in compliance with the License.
@@ -22,6 +22,7 @@
2222
import java.beans.PropertyDescriptor;
2323
import java.lang.reflect.Method;
2424
import java.lang.reflect.Modifier;
25+
import java.security.ProtectionDomain;
2526
import java.util.Collections;
2627
import java.util.HashSet;
2728
import java.util.LinkedHashMap;
@@ -286,9 +287,13 @@ private CachedIntrospectionResults(Class<?> beanClass) throws BeansException {
286287
// This call is slow so we do it once.
287288
PropertyDescriptor[] pds = this.beanInfo.getPropertyDescriptors();
288289
for (PropertyDescriptor pd : pds) {
289-
if (Class.class == beanClass &&
290-
("classLoader".equals(pd.getName()) || "protectionDomain".equals(pd.getName()))) {
291-
// Ignore Class.getClassLoader() and getProtectionDomain() methods - nobody needs to bind to those
290+
if (Class.class == beanClass && (!"name".equals(pd.getName()) && !pd.getName().endsWith("Name"))) {
291+
// Only allow all name variants of Class properties
292+
continue;
293+
}
294+
if (pd.getPropertyType() != null && (ClassLoader.class.isAssignableFrom(pd.getPropertyType())
295+
|| ProtectionDomain.class.isAssignableFrom(pd.getPropertyType()))) {
296+
// Ignore ClassLoader and ProtectionDomain types - nobody needs to bind to those
292297
continue;
293298
}
294299
if (logger.isTraceEnabled()) {
@@ -337,6 +342,11 @@ private void introspectInterfaces(Class<?> beanClass, Class<?> currClass, Set<St
337342
// GenericTypeAwarePropertyDescriptor leniently resolves a set* write method
338343
// against a declared read method, so we prefer read method descriptors here.
339344
pd = buildGenericTypeAwarePropertyDescriptor(beanClass, pd);
345+
if (pd.getPropertyType() != null && (ClassLoader.class.isAssignableFrom(pd.getPropertyType())
346+
|| ProtectionDomain.class.isAssignableFrom(pd.getPropertyType()))) {
347+
// Ignore ClassLoader and ProtectionDomain types - nobody needs to bind to those
348+
continue;
349+
}
340350
this.propertyDescriptors.put(pd.getName(), pd);
341351
Method readMethod = pd.getReadMethod();
342352
if (readMethod != null) {

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.