[hibernate-commits] Hibernate SVN: r17261 - in validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation: engine/resolver and 5 other directories.
hibernate-commits at lists.jboss.org
hibernate-commits at lists.jboss.org
Mon Aug 10 21:01:19 EDT 2009
Author: epbernard
Date: 2009-08-10 21:01:18 -0400 (Mon, 10 Aug 2009)
New Revision: 17261
Added:
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/ContainsMethod.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetAnnotationParameter.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetConstructor.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetMethod.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetMethodFromPropertyName.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetMethods.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/NewInstance.java
Modified:
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/engine/ConstraintValidatorFactoryImpl.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/engine/resolver/DefaultTraversableResolver.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/metadata/ConstraintDescriptorImpl.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/metadata/ConstraintHelper.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/ReflectionHelper.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/annotationfactory/AnnotationFactory.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/xml/ValidationXmlParser.java
validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/xml/XmlMappingParser.java
Log:
HV-171 partial implementation adding due doPriviledge when needed
Modified: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/engine/ConstraintValidatorFactoryImpl.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/engine/ConstraintValidatorFactoryImpl.java 2009-08-11 00:53:08 UTC (rev 17260)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/engine/ConstraintValidatorFactoryImpl.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -17,10 +17,13 @@
*/
package org.hibernate.validation.engine;
+import java.security.AccessController;
import javax.validation.ConstraintValidator;
import javax.validation.ConstraintValidatorFactory;
import javax.validation.ValidationException;
+import org.hibernate.validation.util.priviledgedactions.NewInstance;
+
/**
* Default <code>ConstraintValidatorFactory</code> using a no-arg constructor.
*
@@ -30,17 +33,12 @@
public class ConstraintValidatorFactoryImpl implements ConstraintValidatorFactory {
public <T extends ConstraintValidator<?, ?>> T getInstance(Class<T> key) {
- try {
- return key.newInstance();
+ NewInstance<T> newInstance = NewInstance.action( key, "" );
+ if ( System.getSecurityManager() != null ) {
+ return AccessController.doPrivileged( newInstance );
}
- catch ( InstantiationException e ) {
- throw new ValidationException( "Unable to instanciate " + key, e );
+ else {
+ return newInstance.run();
}
- catch ( IllegalAccessException e ) {
- throw new ValidationException( "Unable to instanciate " + key, e );
- }
- catch ( RuntimeException e ) {
- throw new ValidationException( "Unable to instanciate " + key, e );
- }
}
}
Modified: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/engine/resolver/DefaultTraversableResolver.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/engine/resolver/DefaultTraversableResolver.java 2009-08-11 00:53:08 UTC (rev 17260)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/engine/resolver/DefaultTraversableResolver.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -1,13 +1,16 @@
package org.hibernate.validation.engine.resolver;
import java.lang.annotation.ElementType;
+import java.security.AccessController;
import javax.validation.Path;
import javax.validation.TraversableResolver;
+import javax.validation.ValidationException;
import org.slf4j.Logger;
import org.hibernate.validation.util.LoggerFactory;
import org.hibernate.validation.util.ReflectionHelper;
+import org.hibernate.validation.util.priviledgedactions.NewInstance;
/**
* A JPA 2 aware <code>TraversableResolver</code>.
@@ -56,10 +59,16 @@
}
try {
- Class jpaAwareResolverClass = ReflectionHelper.classForName(
- JPA_AWARE_TRAVERSABLE_RESOLVER_CLASS_NAME, this.getClass()
- );
- jpaTraversableResolver = ( TraversableResolver ) jpaAwareResolverClass.newInstance();
+ @SuppressWarnings( "unchecked" )
+ Class<? extends TraversableResolver> jpaAwareResolverClass = (Class<? extends TraversableResolver>)
+ ReflectionHelper.classForName(JPA_AWARE_TRAVERSABLE_RESOLVER_CLASS_NAME, this.getClass() );
+ NewInstance<? extends TraversableResolver> newInstance = NewInstance.action( jpaAwareResolverClass, "" );
+ if ( System.getSecurityManager() != null ) {
+ jpaTraversableResolver = AccessController.doPrivileged( newInstance );
+ }
+ else {
+ jpaTraversableResolver = newInstance.run();
+ }
log.info(
"Instantiated an instance of {}.", JPA_AWARE_TRAVERSABLE_RESOLVER_CLASS_NAME
);
@@ -70,18 +79,12 @@
JPA_AWARE_TRAVERSABLE_RESOLVER_CLASS_NAME
);
}
- catch ( IllegalAccessException e ) {
+ catch ( ValidationException e ) {
log.info(
"Unable to instantiate JPA aware resolver {}. All properties will per default be traversable.",
JPA_AWARE_TRAVERSABLE_RESOLVER_CLASS_NAME
);
}
- catch ( InstantiationException e ) {
- log.info(
- "Unable to instantiate JPA aware resolver {}. All properties will per default be traversable.",
- JPA_AWARE_TRAVERSABLE_RESOLVER_CLASS_NAME
- );
- }
}
public boolean isReachable(Object traversableObject, Path.Node traversableProperty, Class<?> rootBeanType, Path pathToTraversableObject, ElementType elementType) {
Modified: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/metadata/ConstraintDescriptorImpl.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/metadata/ConstraintDescriptorImpl.java 2009-08-11 00:53:08 UTC (rev 17260)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/metadata/ConstraintDescriptorImpl.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -28,6 +28,8 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import javax.validation.Constraint;
import javax.validation.ConstraintDefinitionException;
import javax.validation.ConstraintPayload;
@@ -42,6 +44,9 @@
import org.hibernate.validation.util.LoggerFactory;
import org.hibernate.validation.util.ReflectionHelper;
+import org.hibernate.validation.util.priviledgedactions.GetMethods;
+import org.hibernate.validation.util.priviledgedactions.GetMethod;
+import org.hibernate.validation.util.priviledgedactions.GetAnnotationParameter;
import org.hibernate.validation.util.annotationfactory.AnnotationDescriptor;
import org.hibernate.validation.util.annotationfactory.AnnotationFactory;
@@ -121,12 +126,13 @@
Class<ConstraintPayload>[] payloadFromAnnotation;
try {
//TODO be extra safe and make sure this is an array of ConstraintPayload
- @SuppressWarnings("unchecked")
- Class<ConstraintPayload>[] unsafePayloadFromAnnotation = ( Class<ConstraintPayload>[] )
- ReflectionHelper.getAnnotationParameter(
- annotation, PAYLOAD, Class[].class
- );
- payloadFromAnnotation = unsafePayloadFromAnnotation;
+ GetAnnotationParameter<Class[]> action = GetAnnotationParameter.action( annotation, PAYLOAD, Class[].class );
+ if (System.getSecurityManager() != null) {
+ payloadFromAnnotation = AccessController.doPrivileged( action );
+ }
+ else {
+ payloadFromAnnotation = action.run();
+ }
}
catch ( ValidationException e ) {
//ignore people not defining payloads
@@ -140,9 +146,14 @@
private Set<Class<?>> buildGroupSet(Class<?> implicitGroup) {
Set<Class<?>> groupSet = new HashSet<Class<?>>();
- Class<?>[] groupsFromAnnotation = ReflectionHelper.getAnnotationParameter(
- annotation, GROUPS, Class[].class
- );
+ final Class<?>[] groupsFromAnnotation;
+ GetAnnotationParameter<Class[]> action = GetAnnotationParameter.action( annotation, GROUPS, Class[].class );
+ if (System.getSecurityManager() != null) {
+ groupsFromAnnotation = AccessController.doPrivileged( action );
+ }
+ else {
+ groupsFromAnnotation = action.run();
+ }
if ( groupsFromAnnotation.length == 0 ) {
groupSet.add( Default.class );
}
@@ -270,7 +281,16 @@
private Map<ClassIndexWrapper, Map<String, Object>> parseOverrideParameters() {
Map<ClassIndexWrapper, Map<String, Object>> overrideParameters = new HashMap<ClassIndexWrapper, Map<String, Object>>();
- for ( Method m : annotation.annotationType().getMethods() ) {
+ final Method[] methods;
+ final GetMethods getMethods = GetMethods.action( annotation.annotationType() );
+ if ( System.getSecurityManager() != null ) {
+ methods = AccessController.doPrivileged( getMethods );
+ }
+ else {
+ methods = getMethods.run();
+ }
+
+ for ( Method m : methods ) {
if ( m.getAnnotation( OverridesAttribute.class ) != null ) {
addOverrideAttributes(
overrideParameters, m, m.getAnnotation( OverridesAttribute.class )
@@ -306,21 +326,25 @@
}
private void ensureAttributeIsOverridable(Method m, OverridesAttribute overridesAttribute) {
- try {
- Class<?> returnTypeOfOverridenConstraint = overridesAttribute.constraint()
- .getMethod( overridesAttribute.name() )
- .getReturnType();
- if ( !returnTypeOfOverridenConstraint.equals( m.getReturnType() ) ) {
- String message = "The overiding type of a composite constraint must be identical to the overwridden one. Expected " + returnTypeOfOverridenConstraint
- .getName() + " found " + m.getReturnType();
- throw new ConstraintDefinitionException( message );
- }
+ final GetMethod getMethod = GetMethod.action( overridesAttribute.constraint(), overridesAttribute.name() );
+ final Method method;
+ if ( System.getSecurityManager() != null ) {
+ method = AccessController.doPrivileged( getMethod );
}
- catch ( NoSuchMethodException nsme ) {
+ else {
+ method = getMethod.run();
+ }
+ if (method == null) {
throw new ConstraintDefinitionException(
"Overriden constraint does not define an attribute with name " + overridesAttribute.name()
);
}
+ Class<?> returnTypeOfOverridenConstraint = method.getReturnType();
+ if ( !returnTypeOfOverridenConstraint.equals( m.getReturnType() ) ) {
+ String message = "The overiding type of a composite constraint must be identical to the overwridden one. Expected " + returnTypeOfOverridenConstraint
+ .getName() + " found " + m.getReturnType();
+ throw new ConstraintDefinitionException( message );
+ }
}
private Set<ConstraintDescriptor<?>> parseComposingConstraints() {
Modified: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/metadata/ConstraintHelper.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/metadata/ConstraintHelper.java 2009-08-11 00:53:08 UTC (rev 17260)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/metadata/ConstraintHelper.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -23,6 +23,7 @@
import java.util.ArrayList;
import java.util.List;
import java.util.concurrent.ConcurrentHashMap;
+import java.security.AccessController;
import javax.validation.Constraint;
import javax.validation.ConstraintDefinitionException;
import javax.validation.ConstraintValidator;
@@ -72,6 +73,9 @@
import org.hibernate.validation.constraints.impl.SizeValidatorForMap;
import org.hibernate.validation.constraints.impl.SizeValidatorForString;
import org.hibernate.validation.util.ReflectionHelper;
+import org.hibernate.validation.util.priviledgedactions.GetMethods;
+import org.hibernate.validation.util.priviledgedactions.GetMethod;
+import org.hibernate.validation.util.priviledgedactions.GetAnnotationParameter;
/**
* Keeps track of builtin constraints and their validator implementations, as well as already resolved validator definitions.
@@ -193,24 +197,30 @@
public boolean isMultiValueConstraint(Annotation annotation) {
boolean isMultiValueConstraint = false;
try {
- Method m = annotation.getClass().getMethod( "value" );
- Class returnType = m.getReturnType();
- if ( returnType.isArray() && returnType.getComponentType().isAnnotation() ) {
- Annotation[] annotations = ( Annotation[] ) m.invoke( annotation );
- for ( Annotation a : annotations ) {
- if ( isConstraintAnnotation( a ) || isBuiltinConstraint( a.annotationType() ) ) {
- isMultiValueConstraint = true;
+ final GetMethod getMethod = GetMethod.action( annotation.getClass(), "value" );
+ final Method method;
+ if ( System.getSecurityManager() != null ) {
+ method = AccessController.doPrivileged( getMethod );
+ }
+ else {
+ method = getMethod.run();
+ }
+ if (method != null) {
+ Class returnType = method.getReturnType();
+ if ( returnType.isArray() && returnType.getComponentType().isAnnotation() ) {
+ Annotation[] annotations = ( Annotation[] ) method.invoke( annotation );
+ for ( Annotation a : annotations ) {
+ if ( isConstraintAnnotation( a ) || isBuiltinConstraint( a.annotationType() ) ) {
+ isMultiValueConstraint = true;
+ }
+ else {
+ isMultiValueConstraint = false;
+ break;
+ }
}
- else {
- isMultiValueConstraint = false;
- break;
- }
}
}
}
- catch ( NoSuchMethodException nsme ) {
- // ignore
- }
catch ( IllegalAccessException iae ) {
// ignore
}
@@ -232,20 +242,26 @@
public <A extends Annotation> List<Annotation> getMultiValueConstraints(A annotation) {
List<Annotation> annotationList = new ArrayList<Annotation>();
try {
- Method m = annotation.getClass().getMethod( "value" );
- Class returnType = m.getReturnType();
- if ( returnType.isArray() && returnType.getComponentType().isAnnotation() ) {
- Annotation[] annotations = ( Annotation[] ) m.invoke( annotation );
- for ( Annotation a : annotations ) {
- if ( isConstraintAnnotation( a ) || isBuiltinConstraint( a.annotationType() ) ) {
- annotationList.add( a );
+ final GetMethod getMethod = GetMethod.action( annotation.getClass(), "value" );
+ final Method method;
+ if ( System.getSecurityManager() != null ) {
+ method = AccessController.doPrivileged( getMethod );
+ }
+ else {
+ method = getMethod.run();
+ }
+ if (method != null) {
+ Class returnType = method.getReturnType();
+ if ( returnType.isArray() && returnType.getComponentType().isAnnotation() ) {
+ Annotation[] annotations = ( Annotation[] ) method.invoke( annotation );
+ for ( Annotation a : annotations ) {
+ if ( isConstraintAnnotation( a ) || isBuiltinConstraint( a.annotationType() ) ) {
+ annotationList.add( a );
+ }
}
}
}
}
- catch ( NoSuchMethodException nsme ) {
- // ignore
- }
catch ( IllegalAccessException iae ) {
// ignore
}
@@ -287,7 +303,14 @@
}
private void assertNoParameterStartsWithValid(Annotation annotation) {
- Method[] methods = annotation.getClass().getMethods();
+ final Method[] methods;
+ final GetMethods getMethods = GetMethods.action( annotation.annotationType() );
+ if ( System.getSecurityManager() != null ) {
+ methods = AccessController.doPrivileged( getMethods );
+ }
+ else {
+ methods = getMethods.run();
+ }
for ( Method m : methods ) {
if ( m.getName().startsWith( "valid" ) ) {
String msg = "Parameters starting with 'valid' are not allowed in a constraint.";
@@ -298,9 +321,20 @@
private void assertPayloadParameterExists(Annotation annotation) {
try {
- Class<?>[] defaultPayload = ( Class<?>[] ) annotation.annotationType()
- .getMethod( "payload" )
- .getDefaultValue();
+ final GetMethod getMethod = GetMethod.action( annotation.annotationType(), "payload" );
+ final Method method;
+ if ( System.getSecurityManager() != null ) {
+ method = AccessController.doPrivileged( getMethod );
+ }
+ else {
+ method = getMethod.run();
+ }
+ if (method == null) {
+ String msg = annotation.annotationType().getName() + " contains Constraint annotation, but does " +
+ "not contain a payload parameter.";
+ throw new ConstraintDefinitionException( msg );
+ }
+ Class<?>[] defaultPayload = ( Class<?>[] ) method.getDefaultValue();
if ( defaultPayload.length != 0 ) {
String msg = annotation.annotationType()
.getName() + " contains Constraint annotation, but the payload " +
@@ -313,18 +347,24 @@
"payload parameter is of wrong type.";
throw new ConstraintDefinitionException( msg );
}
- catch ( NoSuchMethodException nsme ) {
- String msg = annotation.annotationType().getName() + " contains Constraint annotation, but does " +
- "not contain a payload parameter.";
- throw new ConstraintDefinitionException( msg );
- }
}
private void assertGroupsParameterExists(Annotation annotation) {
try {
- Class<?>[] defaultGroups = ( Class<?>[] ) annotation.annotationType()
- .getMethod( "groups" )
- .getDefaultValue();
+ final GetMethod getMethod = GetMethod.action( annotation.annotationType(), "groups" );
+ final Method method;
+ if ( System.getSecurityManager() != null ) {
+ method = AccessController.doPrivileged( getMethod );
+ }
+ else {
+ method = getMethod.run();
+ }
+ if (method == null) {
+ String msg = annotation.annotationType().getName() + " contains Constraint annotation, but does " +
+ "not contain a groups parameter.";
+ throw new ConstraintDefinitionException( msg );
+ }
+ Class<?>[] defaultGroups = ( Class<?>[] ) method.getDefaultValue();
if ( defaultGroups.length != 0 ) {
String msg = annotation.annotationType()
.getName() + " contains Constraint annotation, but the groups " +
@@ -337,16 +377,17 @@
"groups parameter is of wrong type.";
throw new ConstraintDefinitionException( msg );
}
- catch ( NoSuchMethodException nsme ) {
- String msg = annotation.annotationType().getName() + " contains Constraint annotation, but does " +
- "not contain a groups parameter.";
- throw new ConstraintDefinitionException( msg );
- }
}
private void assertMessageParameterExists(Annotation annotation) {
try {
- ReflectionHelper.getAnnotationParameter( annotation, "message", String.class );
+ GetAnnotationParameter<?> action = GetAnnotationParameter.action( annotation, "message", String.class );
+ if (System.getSecurityManager() != null) {
+ AccessController.doPrivileged( action );
+ }
+ else {
+ action.run();
+ }
}
catch ( Exception e ) {
String msg = annotation.annotationType().getName() + " contains Constraint annotation, but does " +
Modified: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/ReflectionHelper.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/ReflectionHelper.java 2009-08-11 00:53:08 UTC (rev 17260)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/ReflectionHelper.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -50,6 +50,7 @@
private ReflectionHelper() {
}
+ //run client in priviledge block
@SuppressWarnings("unchecked")
public static <T> T getAnnotationParameter(Annotation annotation, String parameterName, Class<T> type) {
try {
@@ -355,19 +356,6 @@
}
/**
- * Checks whether the specified class contains a field or property matching the given name.
- *
- * @param clazz The class to check.
- * @param property The property name.
- *
- * @return Returns <code>true</code> if the cass contains a field or member for the specified property, <code>
- * false</code> otherwise.
- */
- public static boolean containsMember(Class<?> clazz, String property) {
- return containsField( clazz, property ) || containsMethod( clazz, property );
- }
-
- /**
* Checks whether the specified class contains a field matching the specified name.
*
* @param clazz The class to check.
Modified: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/annotationfactory/AnnotationFactory.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/annotationfactory/AnnotationFactory.java 2009-08-11 00:53:08 UTC (rev 17260)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/annotationfactory/AnnotationFactory.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -22,8 +22,11 @@
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Proxy;
+import java.security.AccessController;
+import org.hibernate.validation.util.priviledgedactions.GetConstructor;
+
/**
* Creates live annotations (actually <code>AnnotationProxies</code>) from <code>AnnotationDescriptors</code>.
*
@@ -53,7 +56,14 @@
private static <T extends Annotation> T getProxyInstance(Class<T> proxyClass, InvocationHandler handler) throws
SecurityException, NoSuchMethodException, IllegalArgumentException, InstantiationException,
IllegalAccessException, InvocationTargetException {
- Constructor<T> constructor = proxyClass.getConstructor( new Class[]{InvocationHandler.class} );
+ GetConstructor<T> action = GetConstructor.action( proxyClass, InvocationHandler.class );
+ final Constructor<T> constructor;
+ if ( System.getSecurityManager() != null ) {
+ constructor = AccessController.doPrivileged( action );
+ }
+ else {
+ constructor = action.run();
+ }
return constructor.newInstance( new Object[]{handler} );
}
}
Added: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/ContainsMethod.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/ContainsMethod.java (rev 0)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/ContainsMethod.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -0,0 +1,27 @@
+package org.hibernate.validation.util.priviledgedactions;
+
+import java.lang.reflect.Method;
+import java.security.PrivilegedAction;
+
+import org.hibernate.validation.util.ReflectionHelper;
+
+/**
+ * @author Emmanuel Bernard
+ */
+public class ContainsMethod implements PrivilegedAction<Boolean> {
+ private final Class<?> clazz;
+ private final String property;
+
+ public static ContainsMethod action(Class<?> clazz, String property) {
+ return new ContainsMethod( clazz, property );
+ }
+
+ private ContainsMethod(Class<?> clazz, String property) {
+ this.clazz = clazz;
+ this.property = property;
+ }
+
+ public Boolean run() {
+ return ReflectionHelper.containsMethod( clazz, property );
+ }
+}
\ No newline at end of file
Added: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetAnnotationParameter.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetAnnotationParameter.java (rev 0)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetAnnotationParameter.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -0,0 +1,31 @@
+package org.hibernate.validation.util.priviledgedactions;
+
+import java.lang.reflect.Method;
+import java.lang.annotation.Annotation;
+import java.security.PrivilegedAction;
+
+import org.hibernate.validation.util.ReflectionHelper;
+
+/**
+ * @author Emmanuel Bernard
+ */
+public class GetAnnotationParameter<T> implements PrivilegedAction<T> {
+ private final Annotation annotation;
+ private final String parameterName;
+ private final Class<T> type;
+
+
+ public static <T> GetAnnotationParameter<T> action(Annotation annotation, String parameterName, Class<T> type) {
+ return new GetAnnotationParameter<T>( annotation, parameterName, type );
+ }
+
+ private GetAnnotationParameter(Annotation annotation, String parameterName, Class<T> type) {
+ this.annotation = annotation;
+ this.parameterName = parameterName;
+ this.type = type;
+ }
+
+ public T run() {
+ return ReflectionHelper.getAnnotationParameter( annotation, parameterName, type );
+ }
+}
Added: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetConstructor.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetConstructor.java (rev 0)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetConstructor.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -0,0 +1,31 @@
+package org.hibernate.validation.util.priviledgedactions;
+
+import java.lang.reflect.Method;
+import java.lang.reflect.Constructor;
+import java.security.PrivilegedAction;
+
+/**
+ * @author Emmanuel Bernard
+ */
+public class GetConstructor<T> implements PrivilegedAction<Constructor<T>> {
+ private final Class<T> clazz;
+ private final Class<?>[] params;
+
+ public static <T> GetConstructor<T> action(Class<T> clazz, Class<?>... params) {
+ return new GetConstructor<T>( clazz, params );
+ }
+
+ private GetConstructor(Class<T> clazz, Class<?>... params) {
+ this.clazz = clazz;
+ this.params = params;
+ }
+
+ public Constructor<T> run() {
+ try {
+ return clazz.getConstructor(params);
+ }
+ catch ( NoSuchMethodException e ) {
+ return null;
+ }
+ }
+}
\ No newline at end of file
Added: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetMethod.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetMethod.java (rev 0)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetMethod.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -0,0 +1,30 @@
+package org.hibernate.validation.util.priviledgedactions;
+
+import java.lang.reflect.Method;
+import java.security.PrivilegedAction;
+
+/**
+ * @author Emmanuel Bernard
+ */
+public class GetMethod implements PrivilegedAction<Method> {
+ private final Class<?> clazz;
+ private final String methodName;
+
+ public static GetMethod action(Class<?> clazz, String methodName) {
+ return new GetMethod( clazz, methodName );
+ }
+
+ private GetMethod(Class<?> clazz, String methodName) {
+ this.clazz = clazz;
+ this.methodName = methodName;
+ }
+
+ public Method run() {
+ try {
+ return clazz.getMethod(methodName);
+ }
+ catch ( NoSuchMethodException e ) {
+ return null;
+ }
+ }
+}
Added: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetMethodFromPropertyName.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetMethodFromPropertyName.java (rev 0)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetMethodFromPropertyName.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -0,0 +1,27 @@
+package org.hibernate.validation.util.priviledgedactions;
+
+import java.lang.reflect.Method;
+import java.security.PrivilegedAction;
+
+import org.hibernate.validation.util.ReflectionHelper;
+
+/**
+ * @author Emmanuel Bernard
+ */
+public class GetMethodFromPropertyName implements PrivilegedAction<Method> {
+ private final Class<?> clazz;
+ private final String property;
+
+ public static GetMethodFromPropertyName action(Class<?> clazz, String property) {
+ return new GetMethodFromPropertyName( clazz, property );
+ }
+
+ private GetMethodFromPropertyName(Class<?> clazz, String property) {
+ this.clazz = clazz;
+ this.property = property;
+ }
+
+ public Method run() {
+ return ReflectionHelper.getMethod( clazz, property );
+ }
+}
\ No newline at end of file
Added: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetMethods.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetMethods.java (rev 0)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/GetMethods.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -0,0 +1,23 @@
+package org.hibernate.validation.util.priviledgedactions;
+
+import java.security.PrivilegedAction;
+import java.lang.reflect.Method;
+
+/**
+ * @author Emmanuel Bernard
+ */
+public class GetMethods implements PrivilegedAction<Method[]> {
+ private final Class<?> clazz;
+
+ public static GetMethods action(Class<?> clazz) {
+ return new GetMethods( clazz );
+ }
+
+ private GetMethods(Class<?> clazz) {
+ this.clazz = clazz;
+ }
+
+ public Method[] run() {
+ return clazz.getMethods();
+ }
+}
Added: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/NewInstance.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/NewInstance.java (rev 0)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/util/priviledgedactions/NewInstance.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -0,0 +1,37 @@
+package org.hibernate.validation.util.priviledgedactions;
+
+import java.lang.reflect.Method;
+import java.security.PrivilegedAction;
+import javax.validation.ValidationException;
+
+/**
+ * @author Emmanuel Bernard
+ */
+public class NewInstance<T> implements PrivilegedAction<T> {
+ private final Class<T> clazz;
+ private final String message;
+
+ public static <T> NewInstance<T> action(Class<T> clazz, String message) {
+ return new NewInstance<T>( clazz, message );
+ }
+
+ private NewInstance(Class<T> clazz, String message) {
+ this.clazz = clazz;
+ this.message = message;
+ }
+
+ public T run() {
+ try {
+ return clazz.newInstance();
+ }
+ catch ( InstantiationException e ) {
+ throw new ValidationException( "Unable to instanciate " + message + ": " + clazz, e );
+ }
+ catch ( IllegalAccessException e ) {
+ throw new ValidationException( "Unable to instanciate " + clazz, e );
+ }
+ catch ( RuntimeException e ) {
+ throw new ValidationException( "Unable to instanciate " + clazz, e );
+ }
+ }
+}
Modified: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/xml/ValidationXmlParser.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/xml/ValidationXmlParser.java 2009-08-11 00:53:08 UTC (rev 17260)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/xml/ValidationXmlParser.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -19,6 +19,7 @@
import java.io.InputStream;
import java.net.URL;
+import java.security.AccessController;
import javax.validation.ConstraintValidatorFactory;
import javax.validation.MessageInterpolator;
import javax.validation.TraversableResolver;
@@ -37,6 +38,7 @@
import org.hibernate.validation.util.LoggerFactory;
import org.hibernate.validation.util.ReflectionHelper;
+import org.hibernate.validation.util.priviledgedactions.NewInstance;
import org.hibernate.validation.xml.PropertyType;
import org.hibernate.validation.xml.ValidationConfigType;
@@ -80,7 +82,13 @@
Class<ConstraintValidatorFactory> clazz = ( Class<ConstraintValidatorFactory> ) ReflectionHelper.classForName(
constraintFactoryClass, this.getClass()
);
- xmlParameters.constraintValidatorFactory = clazz.newInstance();
+ NewInstance<ConstraintValidatorFactory> newInstance = NewInstance.action( clazz, "constraint factory class" );
+ if ( System.getSecurityManager() != null ) {
+ xmlParameters.constraintValidatorFactory = AccessController.doPrivileged( newInstance );
+ }
+ else {
+ xmlParameters.constraintValidatorFactory = newInstance.run();
+ }
log.info( "Using {} as constraint factory.", constraintFactoryClass );
}
catch ( ClassNotFoundException e ) {
@@ -88,16 +96,6 @@
"Unable to instantiate constraint factory class " + constraintFactoryClass + ".", e
);
}
- catch ( InstantiationException e ) {
- throw new ValidationException(
- "Unable to instantiate constraint factory class " + constraintFactoryClass + ".", e
- );
- }
- catch ( IllegalAccessException e ) {
- throw new ValidationException(
- "Unable to instantiate constraint factory class " + constraintFactoryClass + ".", e
- );
- }
}
}
Modified: validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/xml/XmlMappingParser.java
===================================================================
--- validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/xml/XmlMappingParser.java 2009-08-11 00:53:08 UTC (rev 17260)
+++ validator/trunk/hibernate-validator/src/main/java/org/hibernate/validation/xml/XmlMappingParser.java 2009-08-11 01:01:18 UTC (rev 17261)
@@ -33,6 +33,7 @@
import java.util.List;
import java.util.Map;
import java.util.Set;
+import java.security.AccessController;
import javax.validation.Constraint;
import javax.validation.ConstraintValidator;
import javax.validation.ValidationException;
@@ -53,6 +54,9 @@
import org.hibernate.validation.metadata.AnnotationIgnores;
import org.hibernate.validation.util.LoggerFactory;
import org.hibernate.validation.util.ReflectionHelper;
+import org.hibernate.validation.util.priviledgedactions.GetMethodFromPropertyName;
+import org.hibernate.validation.util.priviledgedactions.ContainsMethod;
+import org.hibernate.validation.util.priviledgedactions.GetMethod;
import org.hibernate.validation.util.annotationfactory.AnnotationDescriptor;
import org.hibernate.validation.util.annotationfactory.AnnotationFactory;
import org.hibernate.validation.xml.AnnotationType;
@@ -267,10 +271,25 @@
private void parsePropertyLevelOverrides(List<GetterType> getters, Class<?> beanClass, String defaultPackage) {
for ( GetterType getterType : getters ) {
String getterName = getterType.getName();
- if ( !ReflectionHelper.containsMethod( beanClass, getterName ) ) {
+ ContainsMethod cmAction = ContainsMethod.action( beanClass, getterName );
+ boolean containsMethod;
+ if ( System.getSecurityManager() != null ) {
+ containsMethod = AccessController.doPrivileged( cmAction );
+ }
+ else {
+ containsMethod = cmAction.run();
+ }
+ if ( !containsMethod ) {
throw new ValidationException( beanClass.getName() + " does not contain the property " + getterName );
}
- Method method = ReflectionHelper.getMethod( beanClass, getterName );
+ final Method method;
+ GetMethodFromPropertyName action = GetMethodFromPropertyName.action( beanClass, getterName );
+ if ( System.getSecurityManager() != null ) {
+ method = AccessController.doPrivileged( action );
+ }
+ else {
+ method = action.run();
+ }
// ignore annotations
boolean ignoreGetterAnnotation = getterType.isIgnoreAnnotations() == null ? false : getterType.isIgnoreAnnotations();
@@ -383,10 +402,15 @@
private <A extends Annotation> Class<?> getAnnotationParamterType(Class<A> annotationClass, String name) {
Method m;
- try {
- m = annotationClass.getMethod( name );
+ GetMethod action = GetMethod.action( annotationClass, name );
+ if ( System.getSecurityManager() != null ) {
+ m = AccessController.doPrivileged( action );
}
- catch ( NoSuchMethodException e ) {
+ else {
+ m = action.run();
+ }
+
+ if ( m == null ) {
throw new ValidationException( "Annotation of type " + annotationClass.getName() + " does not contain a paramter " + name + "." );
}
return m.getReturnType();
More information about the hibernate-commits
mailing list