Bug 1009248

Summary: Cannot access public methods of private inner classes via reflection
Product: Red Hat Enterprise Linux 6 Reporter: James Livingston <jlivings>
Component: java-1.6.0-openjdkAssignee: Andrew Haley <aph>
Status: CLOSED CANTFIX QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.6CC: aph, joallen
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-09-29 11:30:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description James Livingston 2013-09-18 04:49:39 UTC
This is an existing bug reported in the Sun/Oracle bug tracker http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4071957, opened over 16 years ago.

If a method on a class returns an instance of a private inner class, public methods on it cannot be accessed via reflection. This can impact the evaluation of JSPs if a servlet/filter adds a parameter which is returned from HashMap.values() or similar.

To reproduce the error, run:
  public static void main(String argv[]) throws Exception {
    Set keys = new HashMap().keySet();
    Method method = keys.getClass().getMethod("iterator");
    System.out.println(method.invoke(keys));
}


An update on the bug in 2005 suggests it is now possible to implement a fix using data available since JDK 5.

Comment 2 Deepak Bhole 2013-09-18 19:38:57 UTC
Assigning to Andrew Haley to take an initial look with regards to feasibility (since there may be security concerns).

Andrew, any issues with us fixing this issue? If not, I can assign it to one of the engineers.

Comment 3 RHEL Program Management 2013-10-13 23:09:38 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.