[hibernate-issues] [Hibernate-JIRA] Commented: (HV-552) Need additional AccessController.doPrivileged() for invoking equals() on an instance of Annotation.
[
http://opensource.atlassian.com/projects/hibernate/browse/HV-552?page=com...
]
Ed Burns commented on HV-552:
-----------------------------
While this may be a bug in the IBM JDK, I kindly request that you apply the doPrivileged()
as indicated in the patch. I assert that the downside to doing this is smaller than the
upside for our IBM users who, as we all know, are very beholden to the lengthy release
cycle of IBM software and seem often to have great difficulty in upgrading any part of
their stack. If we can give them a working fix that is not a workaround, I think we
should. What is the nature of the opposition to my proposed fix? Performance? If so, I
don't think one additional doPrivileged() block will make any difference.
Need additional AccessController.doPrivileged() for invoking equals()
on an instance of Annotation.
---------------------------------------------------------------------------------------------------
Key: HV-552
URL: http://opensource.atlassian.com/projects/hibernate/browse/HV-552
Project: Hibernate Validator
Issue Type: Bug
Components: engine
Affects Versions: 4.2.0.Final
Environment: AIX
Reporter: Ed Burns
Assignee: Hardy Ferentschik
Priority: Trivial
Attachments: i_hv_522.patch
I have a simple servlet that calls some BV apis, like this:
{code}
List<String> listOfString = new ArrayList<String>();
listOfString.add("one");
listOfString.add("two");
listOfString.add("three");
Set<ConstraintViolation<Person>> violations =
beanValidator.validateValue(Person.class, "listOfString",
listOfString);
{code}
However, when the _validateValue()_ call is made a _java.security.AccessControlException_
exception is thrown.
The code throwing the exception is
{code}
org.hibernate.validator.metadata.ConstraintDescriptorImpl.equals(ConstraintDescriptorImpl.java:289).
{code}
The code looks innocent enough:
{code}
@Override
public boolean equals(Object o) {
if ( this == o ) {
return true;
}
if ( o == null || getClass() != o.getClass() ) {
return false;
}
ConstraintDescriptorImpl<?> that = (ConstraintDescriptorImpl<?>) o;
if ( annotation != null ? !annotation.equals( that.annotation ) : that.annotation !=
null ) {
return false;
}
return true;
}
{code}
The exception is thrown on the invocation of _annotation.equals()_, as
shown in this stack trace:
{noformat}
[#|2011-09-12T12:47:22.022-0700|WARNING|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=8;_ThreadName=Thread-11;|StandardWrapperValve[SimpleBVServlet]:
PWC1406: Servlet.service() for servlet SimpleBVServlet threw exception
java.security.AccessControlException: Access denied (java.lang.reflect.ReflectPermission
suppressAccessChecks)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:118)
at
com.ibm.oti.reflect.AnnotationHelper$AnnotationInvocationHandler.compare(AnnotationHelper.java:186)
at
com.ibm.oti.reflect.AnnotationHelper$AnnotationInvocationHandler.invoke(AnnotationHelper.java:111)
at $Proxy15.equals(Unknown Source)
at
org.hibernate.validator.metadata.ConstraintDescriptorImpl.equals(ConstraintDescriptorImpl.java:289)
at org.hibernate.validator.metadata.MetaConstraint.equals(MetaConstraint.java:106)
at java.util.ArrayList.contains(ArrayList.java:305)
at
org.hibernate.validator.engine.ValidatorImpl.validatePropertyForDefaultGroup(ValidatorImpl.java:821)
at
org.hibernate.validator.engine.ValidatorImpl.validatePropertyForCurrentGroup(ValidatorImpl.java:742)
at
org.hibernate.validator.engine.ValidatorImpl.validateValueInContext(ValidatorImpl.java:699)
{noformat}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira