JSONWriter breaks on non-public fields

[bsouther]

Hi Frank
I just noticed that JSONWriter has been filling up my logs with IllegalAccessExceptions. It looks like this happens because, after serializing all of the properties, it tries to serialize the fields but without checking to see if they have public access.

Here is a small test case:

package com;
import org.stringtree.json.*;

public class Bean{
    private String name = "myName";

    public String getName(){ return this.name; }
    public void setName(String name){ this.name = name; }

    public static void main(String ... args)throws Exception{
        String json = new JSONWriter().write(new Bean());
        System.out.println(json);
    }
}

Have you considered adding checks to prevent it from attempting to access non-public fields?

-Ben

[efficacy]

Thanks for reporting that. I get so few problems with the JSON stuff that
when one comes in it's quite exciting!

I'll have a look and see what I can do.

Frank.

On 14 March 2013 13:33, Ben Souther notifications@github.com wrote:

Hi Frank
I just noticed that JSONWriter has been filling up my logs with
IllegalAccessExceptions. It looks like this happens because, after
serializing all of the properties, it tries to serialize the fields but
without checking to see if they have public access.

Here is a small test case:

package com;
import org.stringtree.json.*;

public class Bean{
private String name = "myName";

public String getName(){ return this.name; }
public void setName(String name){ this.name = name; }

public static void main(String ... args)throws Exception{
    String json = new JSONWriter().write(new Bean());
    System.out.println(json);
}

}

Have you considered adding checks to prevent it from attempting to access
non-private fields?

-Ben

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/1
.

[efficacy]

Hi Ben. I just tried this on my dev system and it works fine, giving:

{"class":"class com.Bean","name":"myName"}

I guess there must be something different about how we are running the code. Can you tell me a bit more about your application. Java version? Standalone or in a container? (if so, which container?) Do you have any custom security stuff in place? etc.

Thanks,
Frank.

[bsouther]

Frank,

This happens within Tomcat running on a Fedora 16 box and from the command line.
No custom security.

I'm using Oracle's JVM:

[bpsouther@bsouther com]$ java -version
java version "1.7.0_07"
Java(TM) SE Runtime Environment (build 1.7.0_07-b10)
Java HotSpot(TM) Server VM (build 23.3-b01, mixed mode)

I also tried with the OpenJDK runtime that ships with Fedora:

[bpsouther@bsouther test]$ java -version
java version "1.7.0_09-icedtea"
OpenJDK Runtime Environment (fedora-2.3.8.0.fc17-x86_64)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)

Here is a console dump with the stack trace:

[bpsouther@bsouther com]$ java com.Bean
java.lang.IllegalAccessException: Class org.stringtree.json.JSONWriter can not access a member of class com.Bean with modifiers "private"
    at sun.reflect.Reflection.ensureMemberAccess(Reflection.java:95)
    at java.lang.reflect.AccessibleObject.slowCheckMemberAccess(AccessibleObject.java:261)
    at java.lang.reflect.AccessibleObject.checkAccess(AccessibleObject.java:253)
    at java.lang.reflect.Field.doSecurityCheck(Field.java:983)
    at java.lang.reflect.Field.getFieldAccessor(Field.java:927)
    at java.lang.reflect.Field.get(Field.java:372)
    at org.stringtree.json.JSONWriter.bean(JSONWriter.java:73)
    at org.stringtree.json.JSONWriter.value(JSONWriter.java:50)
    at org.stringtree.json.JSONWriter.write(JSONWriter.java:20)
    at com.Bean.main(Bean.java:11)
{"class":"class com.Bean","name":"myName",}
[bpsouther@bsouther com]$ 

Maybe it's a Java7 thing.

BTW: I've been using JSONReader for years in a very large payroll system and it's been great.

-Ben

[efficacy]

OK. Leave it with me and I'll get set up to test it in something like that. If it is something that's changed in later Java versions then I need to move the code forward. I don't think Java 6 is even supported any more.

Thanks.

[bsouther]

FYI, It's the same on Windows:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

E:\test>java com.Bean
java.lang.IllegalAccessException: Class org.stringtree.json.JSONWriter can not a
ccess a member of class com.Bean with modifiers "private"
        at sun.reflect.Reflection.ensureMemberAccess(Unknown Source)
        at java.lang.reflect.AccessibleObject.slowCheckMemberAccess(Unknown Source)
        at java.lang.reflect.AccessibleObject.checkAccess(Unknown Source)
        at java.lang.reflect.Field.doSecurityCheck(Unknown Source)
        at java.lang.reflect.Field.getFieldAccessor(Unknown Source)
        at java.lang.reflect.Field.get(Unknown Source)
        at org.stringtree.json.JSONWriter.bean(JSONWriter.java:73)
        at org.stringtree.json.JSONWriter.value(JSONWriter.java:50)
        at org.stringtree.json.JSONWriter.write(JSONWriter.java:20)
        at com.Bean.main(Bean.java:11)
{"class":"class com.Bean","name":"myName",}

E:\test>