From 53fee74eb46fc46cd30031e57c44e1f7bad71f90 Mon Sep 17 00:00:00 2001
From: Bartosz Spyrko-Smietanko <bspyrkos@redhat.com>
Date: Fri, 12 Mar 2021 15:08:42 +0000
Subject: [PATCH 1/2] [BEANUTIL-547] MethodUtils java version check fix Java 11

---
 src/main/java/org/apache/commons/beanutils2/MethodUtils.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/org/apache/commons/beanutils2/MethodUtils.java b/src/main/java/org/apache/commons/beanutils2/MethodUtils.java
index 748245913..62530735c 100644
--- a/src/main/java/org/apache/commons/beanutils2/MethodUtils.java
+++ b/src/main/java/org/apache/commons/beanutils2/MethodUtils.java
@@ -1276,7 +1276,7 @@ private static void setMethodAccessible(final Method method) {
                 boolean vulnerableJVM = false;
                 try {
                     final String specVersion = System.getProperty("java.specification.version");
-                    if (specVersion.charAt(0) == '1' &&
+                    if (specVersion.charAt(0) == '1' && specVersion.charAt(1) == '.' &&
                             (specVersion.charAt(2) == '0' ||
                              specVersion.charAt(2) == '1' ||
                              specVersion.charAt(2) == '2' ||

From 6d4797d3ec5174f30c59fdb0461c4fe4e36078ec Mon Sep 17 00:00:00 2001
From: Bartosz Spyrko-Smietanko <bspyrkos@redhat.com>
Date: Sat, 13 Mar 2021 09:12:27 +0000
Subject: [PATCH 2/2] [BEANUTIL-547] Test case for reading java version in
 MethodUtils

---
 pom.xml                                       |  2 +-
 .../secmgr/MethodUtilsTestCase.java           | 46 +++++++++++++++++++
 src/test/resources/java.policy                | 20 ++++++++
 3 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 src/test/java/org/apache/commons/beanutils2/secmgr/MethodUtilsTestCase.java
 create mode 100644 src/test/resources/java.policy

diff --git a/pom.xml b/pom.xml
index 119bb446a..2f33eba87 100644
--- a/pom.xml
+++ b/pom.xml
@@ -375,7 +375,7 @@
           <!-- limit memory size see BEANUTILS-291
                      ..also include ${argLine} from jacoco-maven-plugin
           -->
-          <argLine>${surefire.argLine} ${argLine}</argLine>
+          <argLine>${surefire.argLine} ${argLine} -Djava.security.policy=${basedir}/src/test/resources/java.policy</argLine>
           <includes>
             <include>**/*TestCase.java</include>
           </includes>
diff --git a/src/test/java/org/apache/commons/beanutils2/secmgr/MethodUtilsTestCase.java b/src/test/java/org/apache/commons/beanutils2/secmgr/MethodUtilsTestCase.java
new file mode 100644
index 000000000..6ad739ea3
--- /dev/null
+++ b/src/test/java/org/apache/commons/beanutils2/secmgr/MethodUtilsTestCase.java
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.commons.beanutils2.secmgr;
+
+import org.apache.commons.beanutils2.MethodUtils;
+import org.junit.After;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Test;
+
+public class MethodUtilsTestCase {
+
+    @Before
+    public void setUp() {
+        System.setSecurityManager(new SecurityManager());
+    }
+
+    @After
+    public void tearDown() {
+        System.setSecurityManager(null);
+    }
+
+    @Test
+    public void testGetMatchingMethodsWithSecurityManager() {
+        Assert.assertNotNull(MethodUtils.getMatchingAccessibleMethod(MethodUtilsTestCase.class, "noopMethod", new Class[]{}));
+    }
+
+    public void noopMethod() {
+        // used in test for MethodUtils to read
+    }
+}
diff --git a/src/test/resources/java.policy b/src/test/resources/java.policy
new file mode 100644
index 000000000..bffa7b424
--- /dev/null
+++ b/src/test/resources/java.policy
@@ -0,0 +1,20 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+grant {
+     permission java.lang.RuntimePermission "setSecurityManager";
+};