Invalid java operation resets to general

Question

Invalid java operation resets to general

I am wondering why the following problems warn of an unsafe / unverified operation:

Map<String, ProxySession> sessionMap = (Map<String, ProxySession>) se.getSession().getServletContext().getAttribute("myattribute");

Is the attacker wrong? I can’t understand what is missing here.

PS I do not want to get rid of the warning, I want to understand an unsafe operation.

Thanks!

+4

java generics unsafe unchecked

gpol Oct 18 '11 at 10:48

source share

3 answers

Jon skeet · Answer 1 · 2011-10-18T10:51:07+0000

This means that the cast will verify that the returned object is a Map some type, but it will not be able to check anything about its contents due to the erasure of the type. At run time, the map is the map - this is the map ... so if someone put Map<Integer, String> in your session, this line of code will still succeed. You would get an error only when trying to use one of the entries, for example. by repeating the entries and selecting the key and value.

Welcome to the crazy world of Java generics :(

Alex Florescu · Answer 2 · 2011-10-18T10:52:31+0000

This is an untested cast. You, as a programmer, can know that se.getSession () is expected to be of such an exact type with the parameters <String, ProxySession> , so you are cast, but maybe not of the exact type (the compiler suggests). Since you are not testing this programmatically, the compiler warns you.

See also: How to remove unverified role warnings?

Pavel Ryzhov · Answer 3 · 2011-10-18T10:58:50+0000

The JVM does not validate such roles. For example, (Map<String, ProxySession>) se.getSession().getServletContext().getAttribute("myattribute"); will be equal to (Map) se.getSession().getServletContext().getAttribute("myattribute");

Invalid java operation resets to general

More articles: