commons-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Libbrecht <>
Subject Re: [BeanUtils] MethodUtils caching
Date Tue, 17 Dec 2002 23:23:37 GMT
Sorry, I was indeed quite unprecise...

The story starts with JellySwing: an irreversibly attractive way of 
building User-interfaces. And of course, as a good UI, you try to run 
this as an applet (we really intend it).

However Jelly Swing uses BeanUtils and which in turn uses MethodUtils. 
And here we break: MethodUtils was using Class.getDeclaredMethods() 
which, for some reasons, is considered dangerous. We readily replaced 
this with Class.getMethods() (at the possible expense of something I 
presume) and it worked...

Similar security exceptions arise when commons-lang (I think) allows 
itself to use a plain "System.getProperties()".

I think the issue is simply related to the fact that much (too much?) 
of the jakarta development is interested to the server things and too 
few to the user-interfaces...
I think, however, that such small utility classes like the commons 
should really think twice before going happily into security-breaking 
and should document their inability to run as an applet.



On Mardi, déce 17, 2002, at 19:39 Europe/Brussels, robert burrell 
donkin wrote:

> i'm a bit confused by this. care to expand?
> - robert
> On Tuesday, December 17, 2002, at 11:05 AM, Paul Libbrecht wrote:
>> Possibly opposed to this requirement, I would insist that BeanUtils 
>> may sometimes be used with Applets. Maybe a switch is useful, maybe 
>> there is a fast method towards everything...
>> Paul
>> On Mardi, déce 17, 2002, at 09:43 Europe/Brussels, Stephen Colebourne 
>> wrote:
>>> MethodUtils is currently being reworked in [lang]. Hopefully the new 
>>> version
>>> there can include some level of caching.
>>> Stephen
>> --
>> To unsubscribe, e-mail:   
>> <mailto:commons-user-unsubscribe@jakarta.apache.
>> org>
>> For additional commands, e-mail: 
>> <mailto:commons-user-help@jakarta.apache.
>> org>
> --
> To unsubscribe, e-mail:   
> <>
> For additional commands, e-mail: 
> <>

View raw message