[hibernate-issues] [Hibernate-JIRA] Updated: (HV-552) Need additional AccessController.doPrivileged() for invoking equals() on an instance of Annotation.
Hardy Ferentschik (JIRA)
noreply at atlassian.com
Fri Jan 13 05:48:09 EST 2012
[ http://opensource.atlassian.com/projects/hibernate/browse/HV-552?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Hardy Ferentschik updated HV-552:
---------------------------------
Description:
I have a simple servlet that calls some BV apis, like this:
{code}
List<String> listOfString = new ArrayList<String>();
listOfString.add("one");
listOfString.add("two");
listOfString.add("three");
Set<ConstraintViolation<Person>> violations =
beanValidator.validateValue(Person.class, "listOfString", listOfString);
{code}
However, when the _validateValue()_ call is made a _java.security.AccessControlException_ exception is thrown.
The code throwing the exception is
{code}
org.hibernate.validator.metadata.ConstraintDescriptorImpl.equals(ConstraintDescriptorImpl.java:289).
{code}
The code looks innocent enough:
{code}
@Override
public boolean equals(Object o) {
if ( this == o ) {
return true;
}
if ( o == null || getClass() != o.getClass() ) {
return false;
}
ConstraintDescriptorImpl<?> that = (ConstraintDescriptorImpl<?>) o;
if ( annotation != null ? !annotation.equals( that.annotation ) : that.annotation != null ) {
return false;
}
return true;
}
{code}
The exception is thrown on the invocation of _annotation.equals()_, as
shown in this stack trace:
{noformat}
[#|2011-09-12T12:47:22.022-0700|WARNING|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=8;_ThreadName=Thread-11;|StandardWrapperValve[SimpleBVServlet]: PWC1406: Servlet.service() for servlet SimpleBVServlet threw exception
java.security.AccessControlException: Access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:118)
at com.ibm.oti.reflect.AnnotationHelper$AnnotationInvocationHandler.compare(AnnotationHelper.java:186)
at com.ibm.oti.reflect.AnnotationHelper$AnnotationInvocationHandler.invoke(AnnotationHelper.java:111)
at $Proxy15.equals(Unknown Source)
at org.hibernate.validator.metadata.ConstraintDescriptorImpl.equals(ConstraintDescriptorImpl.java:289)
at org.hibernate.validator.metadata.MetaConstraint.equals(MetaConstraint.java:106)
at java.util.ArrayList.contains(ArrayList.java:305)
at org.hibernate.validator.engine.ValidatorImpl.validatePropertyForDefaultGroup(ValidatorImpl.java:821)
at org.hibernate.validator.engine.ValidatorImpl.validatePropertyForCurrentGroup(ValidatorImpl.java:742)
at org.hibernate.validator.engine.ValidatorImpl.validateValueInContext(ValidatorImpl.java:699)
{noformat}
was:
I have a simple servlet that calls some BV apis, like this:
List<String> listOfString = new ArrayList<String>();
listOfString.add("one");
listOfString.add("two");
listOfString.add("three");
Set<ConstraintViolation<Person>> violations =
beanValidator.validateValue(Person.class, "listOfString", listOfString);
However, when the validateValue() call is made a
java.security.AccessControlException exception is thrown.
The code throwing the exception is
org.hibernate.validator.metadata.ConstraintDescriptorImpl.equals(ConstraintDescriptorImpl.java:289).
The code looks innocent enough:
@Override
public boolean equals(Object o) {
if ( this == o ) {
return true;
}
if ( o == null || getClass() != o.getClass() ) {
return false;
}
ConstraintDescriptorImpl<?> that = (ConstraintDescriptorImpl<?>) o;
if ( annotation != null ? !annotation.equals( that.annotation ) : that.annotation != null ) {
return false;
}
return true;
}
The exception is thrown on the invocation of annotation.equals(), as
shown in this stack trace:
[#|2011-09-12T12:47:22.022-0700|WARNING|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=8;_ThreadName=Thread-11;|StandardWrapperValve[SimpleBVServlet]: PWC1406: Servlet.service() for servlet SimpleBVServlet threw exception
java.security.AccessControlException: Access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:118)
at com.ibm.oti.reflect.AnnotationHelper$AnnotationInvocationHandler.compare(AnnotationHelper.java:186)
at com.ibm.oti.reflect.AnnotationHelper$AnnotationInvocationHandler.invoke(AnnotationHelper.java:111)
at $Proxy15.equals(Unknown Source)
at org.hibernate.validator.metadata.ConstraintDescriptorImpl.equals(ConstraintDescriptorImpl.java:289)
at org.hibernate.validator.metadata.MetaConstraint.equals(MetaConstraint.java:106)
at java.util.ArrayList.contains(ArrayList.java:305)
at org.hibernate.validator.engine.ValidatorImpl.validatePropertyForDefaultGroup(ValidatorImpl.java:821)
at org.hibernate.validator.engine.ValidatorImpl.validatePropertyForCurrentGroup(ValidatorImpl.java:742)
at org.hibernate.validator.engine.ValidatorImpl.validateValueInContext(ValidatorImpl.java:699)
Fix Version/s: 4.3.0.next
> Need additional AccessController.doPrivileged() for invoking equals() on an instance of Annotation.
> ---------------------------------------------------------------------------------------------------
>
> Key: HV-552
> URL: http://opensource.atlassian.com/projects/hibernate/browse/HV-552
> Project: Hibernate Validator
> Issue Type: Bug
> Components: engine
> Affects Versions: 4.2.0.Final
> Environment: AIX
> Reporter: Ed Burns
> Assignee: Hardy Ferentschik
> Priority: Trivial
> Fix For: 4.3.0.next
>
> Attachments: i_hv_522.patch
>
>
> I have a simple servlet that calls some BV apis, like this:
> {code}
> List<String> listOfString = new ArrayList<String>();
> listOfString.add("one");
> listOfString.add("two");
> listOfString.add("three");
> Set<ConstraintViolation<Person>> violations =
> beanValidator.validateValue(Person.class, "listOfString", listOfString);
> {code}
> However, when the _validateValue()_ call is made a _java.security.AccessControlException_ exception is thrown.
> The code throwing the exception is
> {code}
> org.hibernate.validator.metadata.ConstraintDescriptorImpl.equals(ConstraintDescriptorImpl.java:289).
> {code}
> The code looks innocent enough:
> {code}
> @Override
> public boolean equals(Object o) {
> if ( this == o ) {
> return true;
> }
> if ( o == null || getClass() != o.getClass() ) {
> return false;
> }
> ConstraintDescriptorImpl<?> that = (ConstraintDescriptorImpl<?>) o;
> if ( annotation != null ? !annotation.equals( that.annotation ) : that.annotation != null ) {
> return false;
> }
> return true;
> }
> {code}
> The exception is thrown on the invocation of _annotation.equals()_, as
> shown in this stack trace:
> {noformat}
> [#|2011-09-12T12:47:22.022-0700|WARNING|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=8;_ThreadName=Thread-11;|StandardWrapperValve[SimpleBVServlet]: PWC1406: Servlet.service() for servlet SimpleBVServlet threw exception
> java.security.AccessControlException: Access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:118)
> at com.ibm.oti.reflect.AnnotationHelper$AnnotationInvocationHandler.compare(AnnotationHelper.java:186)
> at com.ibm.oti.reflect.AnnotationHelper$AnnotationInvocationHandler.invoke(AnnotationHelper.java:111)
> at $Proxy15.equals(Unknown Source)
> at org.hibernate.validator.metadata.ConstraintDescriptorImpl.equals(ConstraintDescriptorImpl.java:289)
> at org.hibernate.validator.metadata.MetaConstraint.equals(MetaConstraint.java:106)
> at java.util.ArrayList.contains(ArrayList.java:305)
> at org.hibernate.validator.engine.ValidatorImpl.validatePropertyForDefaultGroup(ValidatorImpl.java:821)
> at org.hibernate.validator.engine.ValidatorImpl.validatePropertyForCurrentGroup(ValidatorImpl.java:742)
> at org.hibernate.validator.engine.ValidatorImpl.validateValueInContext(ValidatorImpl.java:699)
> {noformat}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the hibernate-issues
mailing list