[Design the new POJO MicroContainer] - Annotation hash check with security enabled
by alesj
With my recent changes of INSTANCE scope inspection, I have the following code to check if there is some other non-annotation metadata present:
| Set<Object> checkSet = new HashSet<Object>();
| Object[] allMetaData = levelMetaData.getMetaData();
| Annotation[] annotations = levelMetaData.getAnnotations();
| // all meta data is not null, since instance metadata is not empty
| checkSet.addAll(Arrays.asList(allMetaData));
| checkSet.removeAll(Arrays.asList(annotations));
|
| // do we have something else than annotations
| if (checkSet.isEmpty() == false)
| return true;
|
but I already stumbled upon this
| 7828 ERROR [AbstractKernelController] Error installing to Instantiated: name=SimpleBean state=Described
| java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
| at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
| at java.security.AccessController.checkPermission(AccessController.java:427)
| at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
| at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
| at java.lang.Class.checkMemberAccess(Class.java:2125)
| at java.lang.Class.getDeclaredMethods(Class.java:1762)
| at sun.reflect.annotation.AnnotationInvocationHandler.getMemberMethods(AnnotationInvocationHandler.java:257)
| at sun.reflect.annotation.AnnotationInvocationHandler.equalsImpl(AnnotationInvocationHandler.java:169)
| at sun.reflect.annotation.AnnotationInvocationHandler.invoke(AnnotationInvocationHandler.java:40)
| at $Proxy34.equals(Unknown Source)
| at java.util.Arrays$ArrayList.indexOf(Arrays.java:2384)
| at java.util.Arrays$ArrayList.contains(Arrays.java:2391)
| at java.util.AbstractSet.removeAll(AbstractSet.java:146)
| at org.jboss.aop.microcontainer.integration.AOPConstructorJoinpoint.hasMetaDataAtLevel(AOPConstructorJoinpoint.java:213)
| at org.jboss.aop.microcontainer.integration.AOPConstructorJoinpoint.checkForMetaDataAtSubInstanceLevel(AOPConstructorJoinpoint.java:189)
| at org.jboss.aop.microcontainer.integration.AOPConstructorJoinpoint.methodHasSubInstanceMetaData(AOPConstructorJoinpoint.java:166)
| at org.jboss.aop.microcontainer.integration.AOPConstructorJoinpoint.rootHasMethodWithSubInstanceMetaData(AOPConstructorJoinpoint.java:142)
| at org.jboss.aop.microcontainer.integration.AOPConstructorJoinpoint.rootHasSubInstanceMetaData(AOPConstructorJoinpoint.java:122)
|
which I think is somehow too strict to require security check, since is a simple equals/hash call made by HashSet to remove annotation metadata.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4140533#4140533
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4140533
16 years, 1 month