Fix failing to serialize Collection or Map with inaccessible constructor #1902
Conversation
Revert google#1218 Usage of sun.misc.Unsafe to change internal AccessibleObject.override field to suppress JPMS warnings goes against the intentions of the JPMS and does not work anymore in newer versions, see google#1540. Therefore remove it and instead create a descriptive exception when making a member accessible fails. If necessary users can also still use `java` command line flags to open external modules.
Also remove tests which rely on Java implementation details.
This also avoids a confusing stack trace, since the previously caught exception might have had a complete unrelated stack trace.
| // New exception is created every time to avoid keeping reference | ||
| // to exception with potentially long stack trace, causing a | ||
| // memory leak | ||
| throw new JsonIOException(exceptionMessage); |
There was a problem hiding this comment.
JsonIOException thrown here and in ReflectionHelper is not fitting very well, but Gson has currently no better fitting exception type.
(maybe the whole Gson exception hierarchy should be refactored in the future)
|
@eamonnmcmanus could you please have a look at this pull request? The fixed issue (#1875) causes problems for some legit usages of certain JDK types. If you want I can also split off the removal of |
| import com.google.gson.annotations.SerializedName; | ||
|
|
||
| @SuppressWarnings("serial") | ||
| public final class ThrowableFunctionalTest extends TestCase { |
There was a problem hiding this comment.
Has been removed because it relies on JDK internals.
| @@ -53,21 +53,6 @@ public void testRecursiveResolveSimple() { | |||
| assertNotNull(adapter); | |||
| } | |||
|
|
|||
| /** | |||
There was a problem hiding this comment.
Have been removed because they rely on JDK internals.
gson/src/main/java/com/google/gson/internal/ConstructorConstructor.java
Outdated
Show resolved
Hide resolved
gson/src/main/java/com/google/gson/internal/reflect/ReflectionHelper.java
Outdated
Show resolved
Hide resolved
gson/src/main/java/com/google/gson/internal/reflect/ReflectionHelper.java
Show resolved
Hide resolved
gson/src/main/java/com/google/gson/internal/reflect/ReflectionHelper.java
Outdated
Show resolved
Hide resolved
gson/src/test/java/com/google/gson/functional/ReflectionAccessTest.java
Outdated
Show resolved
Hide resolved
gson/src/test/java/com/google/gson/functional/ReflectionAccessTest.java
Outdated
Show resolved
Hide resolved
gson/src/main/java/com/google/gson/internal/reflect/ReflectionHelper.java
Outdated
Show resolved
Hide resolved
| // should be acceptable because this only retrieves enum constants, but does not expose anything else | ||
| Field[] constantFields = AccessController.doPrivileged(new PrivilegedAction<Field[]>() { | ||
| @Override public Field[] run() { | ||
| Field[] fields = classOfT.getDeclaredFields(); |
There was a problem hiding this comment.
Have changed this to also run getDeclaredFields() in privileged context because it can throw a SecurityException as well.
Not directly related to the other changes of this pull request, but I was having a look at other cases where a SecurityManager could be an issue.
Sorry for this delayed change after the pull request approval. If you want I can also put that in a separate pull request.
Marcono1234
force-pushed
the
marcono1234/inaccessible-object-exception
branch
from
eafcffc
to
9140460
Compare
|
Sorry for these changes after your approval; I tried adding back the Maven toolchain usage, but unfortunately even with version range it apparently requires to explicitly configure toolchains. Therefore I have removed that commit again and force-pushed; you can see the changes by clicking on the "force-pushed" text here: Also just to be sure there is no misunderstanding; these changes might cause backward compability issues for Gson users running < JDK 12 who rely on Gson's |
|
This looks fine now. |
…tor (google#1902) * Remove UnsafeReflectionAccessor Revert google#1218 Usage of sun.misc.Unsafe to change internal AccessibleObject.override field to suppress JPMS warnings goes against the intentions of the JPMS and does not work anymore in newer versions, see google#1540. Therefore remove it and instead create a descriptive exception when making a member accessible fails. If necessary users can also still use `java` command line flags to open external modules. * Fix failing to serialize Collection or Map with inaccessible constructor Also remove tests which rely on Java implementation details. * Don't keep reference to access exception of ConstructorConstructor This also avoids a confusing stack trace, since the previously caught exception might have had a complete unrelated stack trace. * Remove Maven toolchain requirement * Address review feedback * Add back test for Security Manager
Fixes #1875
Note that this introduces an incompatibility:
Projects which previously relied on
UnsafeReflectionAccessormaking internal members accessible will now encounter warnings or exceptions when the Java Platform Module System does not allow access. These projects should write their ownTypeAdapters, or temporarily usejava --add-opens ....This "resolves" #1540, in the sense that that issue is not a problem with Gson, and that this pull request further strengthens this standpoint.
(In theory this change could be omitted from this pull request while still solving #1875, but it would render the added unit test ineffective.)