Restricted getSimpleName() call causes exception in tempate rendering after upgrading spring to 3.4.1 #52
Description
Describe the bug
I've found out that when upgrading spring to 3.4.1, the mapping /model/{className} causes an exception that fails to parse schema.getJavaClass().getSimpleName(). Any version below 3.4.1 are not affected.
As pointed out in the changelog of thymeleaf, they've "Further restricted methods that can be called on Class objects in expressions" in 3.1.3. I think they've restricted the call to getSimpleName.
sprint-boot-starter-thymeleaf 3.4.1 upgraded its thymeleaf-spring6 dependency to 3.1.3, therefore causing the issue.
Is the bug at startup before you perform any action?
No
Stacktrace
I'm using an example project I've found for demonstration, change the org.springframework.boot to 3.4.1 in their build.gradle.
Not full stacktrace but I think this is already enough
org.thymeleaf.exceptions.TemplateInputException: An error happened during template parsing (template: "class path resource [templates/snapadmin/model/list.html]")
at org.thymeleaf.templateparser.markup.AbstractMarkupTemplateParser.parse(AbstractMarkupTemplateParser.java:241) ~[thymeleaf-3.1.3.RELEASE.jar:3.1.3.RELEASE]
...
Caused by: org.thymeleaf.exceptions.TemplateProcessingException: Exception evaluating SpringEL expression: "schema.getJavaClass().getSimpleName()" (template: "snapadmin/model/list" - line 107, col 37)
at org.thymeleaf.spring6.expression.SPELVariableExpressionEvaluator.evaluate(SPELVariableExpressionEvaluator.java:292) ~[thymeleaf-spring6-3.1.3.RELEASE.jar:3.1.3.RELEASE]
...
Caused by: org.springframework.expression.EvaluationException: Calling method 'getSimpleName' is forbidden for type 'class java.lang.Class' in this expression context.
at org.thymeleaf.spring6.expression.ThymeleafEvaluationContext$ThymeleafEvaluationContextACLMethodResolver.resolve(ThymeleafEvaluationContext.java:276) ~[thymeleaf-spring6-3.1.3.RELEASE.jar:3.1.3.RELEASE]
...@entity code
Not relevant
application.properties
Not relevant
Additional context
No