For help with installation, bugs reports or feature requests, please head over to our new forums.
Genuitec Community on GitHub
- This topic has 1 reply, 2 voices, and was last updated 20 years, 5 months ago by
.
-
Posts
-
When I did a rebuild of my workspace, I was very suprised to see that this process actually executes code that exists in my workspace.
It appears one of our developpers uses a javabean on a JSP page that has field initialisors which call into static functions.
JSP page:
// stuff
<jsp:useBean id=”pagebean” class=”com.mbuyu.m4n.datafeeds.PageBean” scope=”session”/>
// use of beanBean:
public class PageBean {
private List userFeedStatusses = UserFeedLogic.getUserFeedStatusAll();
// rest of class
}I believe this may have some security issues, as few users would expect code to be executed when they just build a project. Here’s the stack trace that showed what happened:
java.io.FileNotFoundException: null[SomeFile] (No such fi le or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:106)
at com.mbuyu.m4n.XPQLParser.load(XPQLParser.java:99)
at com.mbuyu.m4n.Statsengine.loadQuery(Statsengine.java:553)
at com.mbuyu.m4n.datafeeds.logic.OneOneLogic.getOneOnesen(OneOneLogic.java: 74)
at com.mbuyu.m4n.datafeeds.logic.UserFeedLogic.getUserFeedStatusAll(UserFee dLogic.java:174)
at com.mbuyu.m4n.datafeeds.PageBean.<init>(PageBean.java:97)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorA ccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingCons tructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
at java.lang.Class.newInstance0(Class.java:350)
at java.lang.Class.newInstance(Class.java:303)
at com.genuitec.eclipse.wdt.jsp.jasper.compiler.Generator$A.visit(Unknown S ource)
at com.genuitec.eclipse.wdt.jsp.jasper.compiler.Node$UseBean.accept(Unknown Source)
at com.genuitec.eclipse.wdt.jsp.jasper.compiler.Node$Nodes.visit(Unknown So urce)
at com.genuitec.eclipse.wdt.jsp.jasper.compiler.Node$Visitor.visitBody(Unkn own Source)
at com.genuitec.eclipse.wdt.jsp.jasper.compiler.Node$Visitor.visit(Unknown Source)
at com.genuitec.eclipse.wdt.jsp.jasper.compiler.Node$Root.accept(Unknown So urce)
at com.genuitec.eclipse.wdt.jsp.jasper.compiler.Node$Nodes.visit(Unknown So urce)
at com.genuitec.eclipse.wdt.jsp.jasper.compiler.Generator.generate(Unknown Source)
at com.genuitec.eclipse.wdt.jsp.jasper.compiler.Compiler.?(Unknown Source)
at com.genuitec.eclipse.wdt.jsp.jasper.compiler.Compiler.compile(Unknown So urce)
at com.genuitec.eclipse.wdt.jsp.jasper.compiler.Compiler.compile(Unknown So urce)
at com.genuitec.eclipse.wdt.jsp.jasper.driver.MyEclipseJspC.?(Unknown Sourc e)
at com.genuitec.eclipse.wdt.jsp.jasper.driver.MyEclipseJspC.parse(Unknown S ource)
at com.genuitec.eclipse.wdt.jsp.validation.JSPValidator.validate(Unknown So urce)
at com.genuitec.eclipse.wdt.jsp.validation.ValidateAction$1.run(Unknown Sou rce)
at org.eclipse.core.internal.resources.Workspace.run(Workspace.java:1719)
at org.eclipse.core.internal.resources.Workspace.run(Workspace.java:1739)
at com.genuitec.eclipse.wdt.jsp.validation.ValidateAction.validate(Unknown Source)
at com.genuitec.eclipse.wdt.jsp.validation.ValidateAction.run(Unknown Sourc e)
at com.genuitec.eclipse.wdt.jsp.validation.Validator.validate(Unknown Sourc e)
at com.genuitec.eclipse.wdt.jsp.validation.Validator.validateIfNeeded(Unkno wn Source)
at com.genuitec.eclipse.wdt.jsp.validation.Validator.validate(Unknown Sourc e)
at com.ibm.etools.validation.ValidatorLauncher.start(ValidatorLauncher.java :58)
at com.ibm.etools.validate.ValidationOperation.launchValidator(ValidationOp eration.java:1275)
at com.ibm.etools.validate.ValidationOperation.internalValidate(ValidationO peration.java:1099)
at com.ibm.etools.validate.ValidationOperation.validate(ValidationOperation .java:1014)
at com.ibm.etools.validate.ValidationOperation.run(ValidationOperation.java :731)
at com.ibm.etools.validate.ValidationBuilder.performFullBuild(ValidationBui lder.java:204)
at com.ibm.etools.validate.ValidationBuilder.performFullBuild(ValidationBui lder.java:197)
at com.ibm.etools.validate.ValidationBuilder.build(ValidationBuilder.java:1 41)
at org.eclipse.core.internal.events.BuildManager$2.run(BuildManager.java:59 3)
at org.eclipse.core.internal.runtime.InternalPlatform.run(InternalPlatform. java:1044)
at org.eclipse.core.runtime.Platform.run(Platform.java:783)
at org.eclipse.core.internal.events.BuildManager.basicBuild(BuildManager.ja va:168)
at org.eclipse.core.internal.events.BuildManager.basicBuild(BuildManager.ja va:202)
at org.eclipse.core.internal.events.BuildManager$1.run(BuildManager.java:23 1)
at org.eclipse.core.internal.runtime.InternalPlatform.run(InternalPlatform. java:1044)
at org.eclipse.core.runtime.Platform.run(Platform.java:783)
at org.eclipse.core.internal.events.BuildManager.basicBuild(BuildManager.ja va:234)
at org.eclipse.core.internal.events.BuildManager.basicBuildLoop(BuildManage r.java:253)
at org.eclipse.core.internal.events.BuildManager.build(BuildManager.java:28 2)
at org.eclipse.core.internal.events.AutoBuildJob.doBuild(AutoBuildJob.java: 139)
at org.eclipse.core.internal.events.AutoBuildJob.run(AutoBuildJob.java:200)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:76)Arjan,
JSP pages can only be fully validated generating the Java for them and then compiling them, just like with plain Java files. Part of the compilation process necessitates the loading of classes referenced from the JSP page because the only way that the compiler can generate compilation errors for methods that don’t exist / mismatched method signatures, etc. As part of loading a class, the JVM will always run all static initializers. If you have a Java class whose static initializers automatically perform some complex dynamic action, then the JVM will attempt to do that whenever the class is loaded. That is what is basically causing what you’re experiencing and honestly, it’s by design of the JVM.
I’ll also point out that ExceptionInInitializerError’s, which code like this can generate is often exceedingly difficult to debug in a large application at runtime. Internally, we’re not allowed to use anything in a static initializer that *can* fail for this reason and are encouraged to move dynamic initilization code like this into a private init() method that we lazily initialize when an instance is created. I’m not suggesting that you change the way your code works, only explaining why internally we’re not allowed to write code like this within MyEclipse. In case you’re interested, there’s an article on static vs lazy initialization here.
