IllegalAccessException doing Thymeleaf/OGNL method access

Question

I'm new to web dev and I'm trying Thymeleaf template engine on App Engine. It has worked fine so far, except I always get java IllegalAccessException's when I attempt method (as opposed to simple attribute) access.

For example, with this line of HTML:

<div class="panel" th:id="${item.getWebId()}">

I get:

java.lang.IllegalAccessException:
Method [public java.lang.String myapp.ItemInfo.getWebId()] cannot be accessed.
at ognl.OgnlRuntime.invokeMethod(OgnlRuntime.java:851) 

This happens both on dev server (Win Vista) and in production with GAE SDK's 1.9.0 and 1.8.9. I've tried the current TL (2.1.2) and the previous version (2.0.20). I'm not using Spring.

I've found others having reflection problems (here and here) on the TL forum, but nothing that helps.

Some people using Struts or Spring encountered similar problems a long time ago, and resolved them by setting OgnlRuntime.setSecurityManager(null). I haven't pursued this because I can't see how to access the OgnlRuntime object in TL, and it doesn't make much sense to me that I would be the only TL user to need this.

Looking at OgnlRuntime v3.0.6 (here) it looks like the easiest solution would be to disable 'checkPermission', but again, as someone new to TL, I'm hesitant to make a change that TL doesn't expose, and that no one else using TL seems to need to do. There must be something else wrong?

Answer 1

In the end I proceeded with the OgnlRuntime.setSecurityManager(null) option. It seems like a bad idea but it allows me to proceed for now.

Here's the code I used:

public class MyContextListener implements ServletContextListener {
    @Override
    public void contextDestroyed(ServletContextEvent arg0) {
    }
    @Override
    public void contextInitialized(ServletContextEvent arg0) {
        OgnlRuntime.setSecurityManager(null);
    }
}

And in my web.xml I added:

<listener>
    <listener-class>com.myapp.MyContextListener</listener-class>
</listener>