From fd220124926ff0c6e760d5331eb62e09b20b46a9 Mon Sep 17 00:00:00 2001

From: Marian Koncek <mkoncek@redhat.com>

Date: Wed, 18 Dec 2019 16:01:16 +0100

Subject: [PATCH] CVE-2014-0114

---

 .../beanutils/BeanIntrospectionData.java      | 154 +++++++++++++

 .../commons/beanutils/BeanIntrospector.java   |  53 +++++

 .../beanutils/DefaultBeanIntrospector.java    | 181 +++++++++++++++

 .../DefaultIntrospectionContext.java          | 108 +++++++++

 .../beanutils/IntrospectionContext.java       |  99 ++++++++

 .../commons/beanutils/PropertyUtils.java      |  15 ++

 .../commons/beanutils/PropertyUtilsBean.java  | 213 +++++++++---------

 .../SuppressPropertiesBeanIntrospector.java   |  75 ++++++

 ...essPropertiesBeanIntrospectorTestCase.java | 127 +++++++++++

 .../beanutils/bugs/Jira463TestCase.java       |  48 ++++

 .../beanutils/bugs/Jira520TestCase.java       |  39 ++++

 11 files changed, 1000 insertions(+), 112 deletions(-)

 create mode 100644 src/main/java/org/apache/commons/beanutils/BeanIntrospectionData.java

 create mode 100644 src/main/java/org/apache/commons/beanutils/BeanIntrospector.java

 create mode 100644 src/main/java/org/apache/commons/beanutils/DefaultBeanIntrospector.java

 create mode 100644 src/main/java/org/apache/commons/beanutils/DefaultIntrospectionContext.java

 create mode 100644 src/main/java/org/apache/commons/beanutils/IntrospectionContext.java

 create mode 100644 src/main/java/org/apache/commons/beanutils/SuppressPropertiesBeanIntrospector.java

 create mode 100644 src/test/java/org/apache/commons/beanutils/SuppressPropertiesBeanIntrospectorTestCase.java

 create mode 100644 src/test/java/org/apache/commons/beanutils/bugs/Jira463TestCase.java

 create mode 100644 src/test/java/org/apache/commons/beanutils/bugs/Jira520TestCase.java

diff --git a/src/main/java/org/apache/commons/beanutils/BeanIntrospectionData.java b/src/main/java/org/apache/commons/beanutils/BeanIntrospectionData.java

new file mode 100644

index 0000000..1ab1d1e

--- /dev/null

+++ b/src/main/java/org/apache/commons/beanutils/BeanIntrospectionData.java

@@ -0,0 +1,154 @@

+/*

+ * Licensed to the Apache Software Foundation (ASF) under one or more

+ * contributor license agreements.  See the NOTICE file distributed with

+ * this work for additional information regarding copyright ownership.

+ * The ASF licenses this file to You under the Apache License, Version 2.0

+ * (the "License"); you may not use this file except in compliance with

+ * the License.  You may obtain a copy of the License at

+ *

+ *      http://www.apache.org/licenses/LICENSE-2.0

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the License is distributed on an "AS IS" BASIS,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the License for the specific language governing permissions and

+ * limitations under the License.

+ */

+package org.apache.commons.beanutils;

+

+import java.beans.IntrospectionException;

+import java.beans.PropertyDescriptor;

+import java.lang.reflect.Method;

+import java.util.HashMap;

+import java.util.Map;

+

+/**

+ * 

+ * An internally used helper class for storing introspection information about a bean

+ * class.

+ * 

+ * 

+ * This class is used by {@link PropertyUtilsBean}. When accessing bean properties via

+ * reflection information about the properties available and their types and access

+ * methods must be present. {@code PropertyUtilsBean} stores this information in a cache

+ * so that it can be accessed quickly. The cache stores instances of this class.

+ * 

+ * 

+ * This class mainly stores information about the properties of a bean class. Per default,

+ * this is contained in {@code PropertyDescriptor} objects. Some additional information

+ * required by the {@code BeanUtils} library is also stored here.

+ * 

+ *

+ * @version $Id$

+ * @since 1.9.1

+ */

+class BeanIntrospectionData {

+    /** An array with property descriptors for the managed bean class. */

+    private final PropertyDescriptor[] descriptors;

+

+    /** A map for remembering the write method names for properties. */

+    private final Map writeMethodNames;

+

+    /**

+     * Creates a new instance of {@code BeanIntrospectionData} and initializes its

+     * completely.

+     *

+     * @param descs the array with the descriptors of the available properties

+     */

+    public BeanIntrospectionData(final PropertyDescriptor[] descs) {

+        this(descs, setUpWriteMethodNames(descs));

+    }

+

+    /**

+     * Creates a new instance of {@code BeanIntrospectionData} and allows setting the map

+     * with write method names. This constructor is mainly used for testing purposes.

+     *

+     * @param descs the array with the descriptors of the available properties

+     * @param writeMethNames the map with the names of write methods

+     */

+    BeanIntrospectionData(final PropertyDescriptor[] descs, final Map writeMethNames) {

+        descriptors = descs;

+        writeMethodNames = writeMethNames;

+    }

+

+    /**

+     * Returns the array with property descriptors.

+     *

+     * @return the property descriptors for the associated bean class

+     */

+    public PropertyDescriptor[] getDescriptors() {

+        return descriptors;

+    }

+

+    /**

+     * Returns the {@code PropertyDescriptor} for the property with the specified name. If

+     * this property is unknown, result is null.

+     *

+     * @param name the name of the property in question

+     * @return the {@code PropertyDescriptor} for this property or null

+     */

+    public PropertyDescriptor getDescriptor(final String name) {

+    	PropertyDescriptor[] descriptors = getDescriptors();

+        for (int i = 0; i < descriptors.length; ++i) {

+        	PropertyDescriptor pd = descriptors[i];

+            if (name.equals(pd.getName())) {

+                return pd;

+            }

+        }

+        return null;

+    }

+

+    /**

+     * Returns the write method for the property determined by the given

+     * {@code PropertyDescriptor}. This information is normally available in the

+     * descriptor object itself. However, at least by the ORACLE implementation, the

+     * method is stored as a {@code SoftReference}. If this reference has been freed by

+     * the GC, it may be the case that the method cannot be obtained again. Then,

+     * additional information stored in this object is necessary to obtain the method

+     * again.

+     *

+     * @param beanCls the class of the affected bean

+     * @param desc the {@code PropertyDescriptor} of the desired property

+     * @return the write method for this property or null if there is none

+     */

+    public Method getWriteMethod(final Class beanCls, final PropertyDescriptor desc) {

+        Method method = desc.getWriteMethod();

+        if (method == null) {

+            final String methodName = (String) writeMethodNames.get(desc.getName());

+            if (methodName != null) {

+                method = MethodUtils.getAccessibleMethod(beanCls, methodName,

+                        desc.getPropertyType());

+                if (method != null) {

+                    try {

+                        desc.setWriteMethod(method);

+                    } catch (final IntrospectionException e) {

+                        // ignore, in this case the method is not cached

+                    }

+                }

+            }

+        }

+

+        return method;

+    }

+

+    /**

+     * Initializes the map with the names of the write methods for the supported

+     * properties. The method names - if defined - need to be stored separately because

+     * they may get lost when the GC claims soft references used by the

+     * {@code PropertyDescriptor} objects.

+     *

+     * @param descs the array with the descriptors of the available properties

+     * @return the map with the names of write methods for properties

+     */

+    private static Map setUpWriteMethodNames(final PropertyDescriptor[] descs) {

+        final Map methods = new HashMap();

+        for (int i = 0; i < descs.length; ++i) {

+        	PropertyDescriptor pd = descs[i];

+            final Method method = pd.getWriteMethod();

+            if (method != null) {

+                methods.put(pd.getName(), method.getName());

+            }

+        }

+        return methods;

+    }

+}

diff --git a/src/main/java/org/apache/commons/beanutils/BeanIntrospector.java b/src/main/java/org/apache/commons/beanutils/BeanIntrospector.java

new file mode 100644

index 0000000..3f5545e

--- /dev/null

+++ b/src/main/java/org/apache/commons/beanutils/BeanIntrospector.java

@@ -0,0 +1,53 @@

+/*

+ * Licensed to the Apache Software Foundation (ASF) under one or more

+ * contributor license agreements.  See the NOTICE file distributed with

+ * this work for additional information regarding copyright ownership.

+ * The ASF licenses this file to You under the Apache License, Version 2.0

+ * (the "License"); you may not use this file except in compliance with

+ * the License.  You may obtain a copy of the License at

+ *

+ *      http://www.apache.org/licenses/LICENSE-2.0

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the License is distributed on an "AS IS" BASIS,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the License for the specific language governing permissions and

+ * limitations under the License.

+ */

+package org.apache.commons.beanutils;

+

+import java.beans.IntrospectionException;

+

+/**

+ * 

+ * Definition of an interface for components that can perform introspection on

+ * bean classes.

+ * 

+ * 

+ * Before {@link PropertyUtils} can be used for interaction with a specific Java

+ * class, the class's properties have to be determined. This is called

+ * introspection and is initiated automatically on demand.

+ * PropertyUtils does not perform introspection on its own, but

+ * delegates this task to one or more objects implementing this interface. This

+ * makes it possible to customize introspection which may be useful for certain

+ * code bases using non-standard conventions for accessing properties.

+ * 

+ *

+ * @version $Id: BeanIntrospector.java 1540359 2013-11-09 18:10:52Z oheger $

+ * @since 1.9

+ */

+public interface BeanIntrospector {

+    /**

+     * Performs introspection on a Java class. The current class to be inspected

+     * can be queried from the passed in IntrospectionContext

+     * object. A typical implementation has to obtain this class, determine its

+     * properties according to the rules it implements, and add them to the

+     * passed in context object.

+     *

+     * @param icontext the context object for interaction with the initiator of

+     *        the introspection request

+     * @throws IntrospectionException if an error occurs during introspection

+     */

+    void introspect(IntrospectionContext icontext)

+            throws IntrospectionException;

+}

diff --git a/src/main/java/org/apache/commons/beanutils/DefaultBeanIntrospector.java b/src/main/java/org/apache/commons/beanutils/DefaultBeanIntrospector.java

new file mode 100644

index 0000000..60657d0

--- /dev/null

+++ b/src/main/java/org/apache/commons/beanutils/DefaultBeanIntrospector.java

@@ -0,0 +1,181 @@

+/*

+ * Licensed to the Apache Software Foundation (ASF) under one or more

+ * contributor license agreements.  See the NOTICE file distributed with

+ * this work for additional information regarding copyright ownership.

+ * The ASF licenses this file to You under the Apache License, Version 2.0

+ * (the "License"); you may not use this file except in compliance with

+ * the License.  You may obtain a copy of the License at

+ *

+ *      http://www.apache.org/licenses/LICENSE-2.0

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the License is distributed on an "AS IS" BASIS,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the License for the specific language governing permissions and

+ * limitations under the License.

+ */

+package org.apache.commons.beanutils;

+

+import java.beans.BeanInfo;

+import java.beans.IndexedPropertyDescriptor;

+import java.beans.IntrospectionException;

+import java.beans.Introspector;

+import java.beans.PropertyDescriptor;

+import java.lang.reflect.Method;

+import java.util.List;

+

+import org.apache.commons.logging.Log;

+import org.apache.commons.logging.LogFactory;

+

+/**

+ * 

+ * The default {@link BeanIntrospector} implementation.

+ * 

+ * 

+ * This class implements a default bean introspection algorithm based on the JDK

+ * classes in the java.beans package. It discovers properties

+ * conforming to the Java Beans specification.

+ * 

+ * 

+ * This class is a singleton. The single instance can be obtained using the

+ * {@code INSTANCE} field. It does not define any state and thus can be

+ * shared by arbitrary clients. {@link PropertyUtils} per default uses this

+ * instance as its only {@code BeanIntrospector} object.

+ * 

+ *

+ * @version $Id$

+ * @since 1.9

+ */

+public class DefaultBeanIntrospector implements BeanIntrospector {

+    /** The singleton instance of this class. */

+    public static final BeanIntrospector INSTANCE = new DefaultBeanIntrospector();

+

+    /** Constant for argument types of a method that expects no arguments. */

+    private static final Class[] EMPTY_CLASS_PARAMETERS = new Class[0];

+

+    /** Constant for arguments types of a method that expects a list argument. */

+    private static final Class[] LIST_CLASS_PARAMETER = new Class[] { java.util.List.class };

+

+    /** Log instance */

+    private final Log log = LogFactory.getLog(getClass());

+

+    /**

+     * Private constructor so that no instances can be created.

+     */

+    private DefaultBeanIntrospector() {

+    }

+

+    /**

+     * Performs introspection of a specific Java class. This implementation uses

+     * the {@code java.beans.Introspector.getBeanInfo()} method to obtain

+     * all property descriptors for the current class and adds them to the

+     * passed in introspection context.

+     *

+     * @param icontext the introspection context

+     */

+    public void introspect(final IntrospectionContext icontext) {

+        BeanInfo beanInfo = null;

+        try {

+            beanInfo = Introspector.getBeanInfo(icontext.getTargetClass());

+        } catch (final IntrospectionException e) {

+            // no descriptors are added to the context

+            log.error(

+                    "Error when inspecting class " + icontext.getTargetClass(),

+                    e);

+            return;

+        }

+

+        PropertyDescriptor[] descriptors = beanInfo.getPropertyDescriptors();

+        if (descriptors == null) {

+            descriptors = new PropertyDescriptor[0];

+        }

+

+        handleIndexedPropertyDescriptors(icontext.getTargetClass(),

+                descriptors);

+        icontext.addPropertyDescriptors(descriptors);

+    }

+

+    /**

+     * This method fixes an issue where IndexedPropertyDescriptor behaves

+     * differently in different versions of the JDK for 'indexed' properties

+     * which use java.util.List (rather than an array). It implements a

+     * workaround for Bug 28358. If you have a Bean with the following

+     * getters/setters for an indexed property:

+     *

+     * 

+     * public List getFoo()

+     * public Object getFoo(int index)

+     * public void setFoo(List foo)

+     * public void setFoo(int index, Object foo)

+     * 

+     *

+     * then the IndexedPropertyDescriptor's getReadMethod() and getWriteMethod()

+     * behave as follows:

+     * 

+     * 
JDK 1.3.1_04: returns valid Method objects from these methods.

+     * 
JDK 1.4.2_05: returns null from these methods.

+     * 

+     *

+     * @param beanClass the current class to be inspected

+     * @param descriptors the array with property descriptors

+     */

+    private void handleIndexedPropertyDescriptors(final Class beanClass,

+            final PropertyDescriptor[] descriptors) {

+        for (final PropertyDescriptor pd : descriptors) {

+            if (pd instanceof IndexedPropertyDescriptor) {

+                final IndexedPropertyDescriptor descriptor = (IndexedPropertyDescriptor) pd;

+                final String propName = descriptor.getName().substring(0, 1)

+                        .toUpperCase()

+                        + descriptor.getName().substring(1);

+

+                if (descriptor.getReadMethod() == null) {

+                    final String methodName = descriptor.getIndexedReadMethod() != null ? descriptor

+                            .getIndexedReadMethod().getName() : "get"

+                            + propName;

+                    final Method readMethod = MethodUtils

+                            .getMatchingAccessibleMethod(beanClass, methodName,

+                                    EMPTY_CLASS_PARAMETERS);

+                    if (readMethod != null) {

+                        try {

+                            descriptor.setReadMethod(readMethod);

+                        } catch (final Exception e) {

+                            log.error(

+                                    "Error setting indexed property read method",

+                                    e);

+                        }

+                    }

+                }

+                if (descriptor.getWriteMethod() == null) {

+                    final String methodName = descriptor.getIndexedWriteMethod() != null ? descriptor

+                            .getIndexedWriteMethod().getName() : "set"

+                            + propName;

+                    Method writeMethod = MethodUtils

+                            .getMatchingAccessibleMethod(beanClass, methodName,

+                                    LIST_CLASS_PARAMETER);

+                    if (writeMethod == null) {

+                        for (final Method m : beanClass.getMethods()) {

+                            if (m.getName().equals(methodName)) {

+                                final Class[] parameterTypes = m.getParameterTypes();

+                                if (parameterTypes.length == 1

+                                        && List.class

+                                                .isAssignableFrom(parameterTypes[0])) {

+                                    writeMethod = m;

+                                    break;

+                                }

+                            }

+                        }

+                    }

+                    if (writeMethod != null) {

+                        try {

+                            descriptor.setWriteMethod(writeMethod);

+                        } catch (final Exception e) {

+                            log.error(

+                                    "Error setting indexed property write method",

+                                    e);

+                        }

+                    }

+                }

+            }

+        }

+    }

+}

diff --git a/src/main/java/org/apache/commons/beanutils/DefaultIntrospectionContext.java b/src/main/java/org/apache/commons/beanutils/DefaultIntrospectionContext.java

new file mode 100644

index 0000000..9171198

--- /dev/null

+++ b/src/main/java/org/apache/commons/beanutils/DefaultIntrospectionContext.java

@@ -0,0 +1,108 @@

+/*

+ * Licensed to the Apache Software Foundation (ASF) under one or more

+ * contributor license agreements.  See the NOTICE file distributed with

+ * this work for additional information regarding copyright ownership.

+ * The ASF licenses this file to You under the Apache License, Version 2.0

+ * (the "License"); you may not use this file except in compliance with

+ * the License.  You may obtain a copy of the License at

+ *

+ *      http://www.apache.org/licenses/LICENSE-2.0

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the License is distributed on an "AS IS" BASIS,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the License for the specific language governing permissions and

+ * limitations under the License.

+ */

+package org.apache.commons.beanutils;

+

+import java.beans.PropertyDescriptor;

+import java.util.HashMap;

+import java.util.Map;

+import java.util.Set;

+

+/**

+ * 

+ * An implementation of the {@code IntrospectionContext} interface used by

+ * {@link PropertyUtilsBean} when doing introspection of a bean class.

+ * 

+ * 

+ * This class implements the methods required by the

+ * {@code IntrospectionContext} interface in a straight-forward manner

+ * based on a map. It is used internally only. It is not thread-safe.

+ * 

+ *

+ * @version $Id$

+ * @since 1.9

+ */

+class DefaultIntrospectionContext implements IntrospectionContext {

+    /** Constant for an empty array of property descriptors. */

+    private static final PropertyDescriptor[] EMPTY_DESCRIPTORS = new PropertyDescriptor[0];

+

+    /** The current class for introspection. */

+    private final Class currentClass;

+

+    /** A map for storing the already added property descriptors. */

+    private final Map descriptors;

+

+    /**

+     *

+     * Creates a new instance of DefaultIntrospectionContext and sets

+     * the current class for introspection.

+     *

+     * @param cls the current class

+     */

+    public DefaultIntrospectionContext(final Class cls) {

+        currentClass = cls;

+        descriptors = new HashMap();

+    }

+

+    public Class getTargetClass() {

+        return currentClass;

+    }

+

+    public void addPropertyDescriptor(final PropertyDescriptor desc) {

+        if (desc == null) {

+            throw new IllegalArgumentException(

+                    "Property descriptor must not be null!");

+        }

+        descriptors.put(desc.getName(), desc);

+    }

+

+    public void addPropertyDescriptors(final PropertyDescriptor[] descs) {

+        if (descs == null) {

+            throw new IllegalArgumentException(

+                    "Array with descriptors must not be null!");

+        }

+

+        for (int i = 0; i < descs.length; ++i) {

+            addPropertyDescriptor(descs[i]);

+        }

+    }

+

+    public boolean hasProperty(final String name) {

+        return descriptors.containsKey(name);

+    }

+

+    public PropertyDescriptor getPropertyDescriptor(final String name) {

+        return (PropertyDescriptor) descriptors.get(name);

+    }

+

+    public void removePropertyDescriptor(final String name) {

+        descriptors.remove(name);

+    }

+

+    public Set propertyNames() {

+        return descriptors.keySet();

+    }

+

+    /**

+     * Returns an array with all descriptors added to this context. This method

+     * is used to obtain the results of introspection.

+     *

+     * @return an array with all known property descriptors

+     */

+    public PropertyDescriptor[] getPropertyDescriptors() {

+        return (PropertyDescriptor[]) descriptors.values().toArray(EMPTY_DESCRIPTORS);

+    }

+}

diff --git a/src/main/java/org/apache/commons/beanutils/IntrospectionContext.java b/src/main/java/org/apache/commons/beanutils/IntrospectionContext.java

new file mode 100644

index 0000000..c48f186

--- /dev/null

+++ b/src/main/java/org/apache/commons/beanutils/IntrospectionContext.java

@@ -0,0 +1,99 @@

+/*

+ * Licensed to the Apache Software Foundation (ASF) under one or more

+ * contributor license agreements.  See the NOTICE file distributed with

+ * this work for additional information regarding copyright ownership.

+ * The ASF licenses this file to You under the Apache License, Version 2.0

+ * (the "License"); you may not use this file except in compliance with

+ * the License.  You may obtain a copy of the License at

+ *

+ *      http://www.apache.org/licenses/LICENSE-2.0

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the License is distributed on an "AS IS" BASIS,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the License for the specific language governing permissions and

+ * limitations under the License.

+ */

+package org.apache.commons.beanutils;

+

+import java.beans.PropertyDescriptor;

+import java.util.Set;

+

+/**

+ * 

+ * A context interface used during introspection for querying and setting

+ * property descriptors.

+ * 

+ * 

+ * An implementation of this interface is passed to {@link BeanIntrospector}

+ * objects during processing of a bean class. It allows the

+ * {@code BeanIntrospector} to deliver descriptors for properties it has

+ * detected. It is also possible to find out which properties have already been

+ * found by another {@code BeanIntrospector}; this allows multiple

+ * {@code BeanIntrospector} instances to collaborate.

+ * 

+ *

+ * @version $Id: IntrospectionContext.java 1540359 2013-11-09 18:10:52Z oheger $

+ * @since 1.9

+ */

+public interface IntrospectionContext {

+    /**

+     * Returns the class that is subject of introspection.

+     *

+     * @return the current class

+     */

+    Class getTargetClass();

+

+    /**

+     * Adds the given property descriptor to this context. This method is called

+     * by a {@code BeanIntrospector} during introspection for each detected

+     * property. If this context already contains a descriptor for the affected

+     * property, it is overridden.

+     *

+     * @param desc the property descriptor

+     */

+    void addPropertyDescriptor(PropertyDescriptor desc);

+

+    /**

+     * Adds an array of property descriptors to this context. Using this method

+     * multiple descriptors can be added at once.

+     *

+     * @param descriptors the array of descriptors to be added

+     */

+    void addPropertyDescriptors(PropertyDescriptor[] descriptors);

+

+    /**

+     * Tests whether a descriptor for the property with the given name is

+     * already contained in this context. This method can be used for instance

+     * to prevent that an already existing property descriptor is overridden.

+     *

+     * @param name the name of the property in question

+     * @return true if a descriptor for this property has already been

+     *         added, false otherwise

+     */

+    boolean hasProperty(String name);

+

+    /**

+     * Returns the descriptor for the property with the given name or

+     * null if this property is unknown.

+     *

+     * @param name the name of the property in question

+     * @return the descriptor for this property or null if this property

+     *         is unknown

+     */

+    PropertyDescriptor getPropertyDescriptor(String name);

+

+    /**

+     * Removes the descriptor for the property with the given name.

+     *

+     * @param name the name of the affected property

+     */

+    void removePropertyDescriptor(String name);

+

+    /**

+     * Returns a set with the names of all properties known to this context.

+     *

+     * @return a set with the known property names

+     */

+    Set propertyNames();

+}

diff --git a/src/main/java/org/apache/commons/beanutils/PropertyUtils.java b/src/main/java/org/apache/commons/beanutils/PropertyUtils.java

index 6344b4f..b3ce0e6 100644

--- a/src/main/java/org/apache/commons/beanutils/PropertyUtils.java

+++ b/src/main/java/org/apache/commons/beanutils/PropertyUtils.java

@@ -890,5 +890,20 @@ public class PropertyUtils {

         PropertyUtilsBean.getInstance().setSimpleProperty(bean, name, value);

     }

+    public static void addBeanIntrospector(final BeanIntrospector introspector) {

+        PropertyUtilsBean.getInstance().addBeanIntrospector(introspector);

+    }

+    /**

+     * Removes the specified BeanIntrospector.

+     *

+     * @param introspector the BeanIntrospector to be removed

+     * @return true if the BeanIntrospector existed and

+     *         could be removed, false otherwise

+     * @since 1.9

+     */

+    public static boolean removeBeanIntrospector(final BeanIntrospector introspector) {

+        return PropertyUtilsBean.getInstance().removeBeanIntrospector(

+                introspector);

+    }

 }

diff --git a/src/main/java/org/apache/commons/beanutils/PropertyUtilsBean.java b/src/main/java/org/apache/commons/beanutils/PropertyUtilsBean.java

index 1894f21..c7817cd 100644

--- a/src/main/java/org/apache/commons/beanutils/PropertyUtilsBean.java

+++ b/src/main/java/org/apache/commons/beanutils/PropertyUtilsBean.java

@@ -37,6 +37,7 @@ import org.apache.commons.collections.FastHashMap;

 import org.apache.commons.logging.Log;

 import org.apache.commons.logging.LogFactory;

+import java.util.concurrent.CopyOnWriteArrayList;

 /**

  * Utility methods for using Java Reflection APIs to facilitate generic

@@ -130,7 +131,9 @@ public class PropertyUtilsBean {

     /** Log instance */

     private Log log = LogFactory.getLog(PropertyUtils.class);

-    

+

+    /** The list with BeanIntrospector objects. */

+    private final List introspectors;

     // ---------------------------------------------------------- Constructors

     /** Base constructor */

@@ -139,6 +142,8 @@ public class PropertyUtilsBean {

         descriptorsCache.setFast(true);

         mappedDescriptorsCache = new WeakFastHashMap();

         mappedDescriptorsCache.setFast(true);

+        introspectors = new CopyOnWriteArrayList();

+        resetBeanIntrospectors();

     }

@@ -183,6 +188,47 @@ public class PropertyUtilsBean {

         }

     }

+    /**