[hibernate-issues] [Hibernate-JIRA] Commented: (HV-552) Need additional AccessController.doPrivileged() for invoking equals() on an instance of Annotation.
Hardy Ferentschik (JIRA)
noreply at atlassian.com
Tue Jan 17 11:18:11 EST 2012
[ http://opensource.atlassian.com/projects/hibernate/browse/HV-552?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=45155#comment-45155 ]
Hardy Ferentschik commented on HV-552:
--------------------------------------
Well, it IS a bug in the IBM JVM and there is the aspect of performance. I would assume that the majority of users are NOT using the IBM VM, why should they be affected? Even more though, there is the aspect of correctness, _equals_ is not a method which does need security permissions.
It is a IBM VM bug and there exists a workaround for using a policy file. If you are running on a JVM with the described problem you should upgrade your JVM or use the workaround.
> Need additional AccessController.doPrivileged() for invoking equals() on an instance of Annotation.
> ---------------------------------------------------------------------------------------------------
>
> Key: HV-552
> URL: http://opensource.atlassian.com/projects/hibernate/browse/HV-552
> Project: Hibernate Validator
> Issue Type: Bug
> Components: engine
> Affects Versions: 4.2.0.Final
> Environment: AIX
> Reporter: Ed Burns
> Assignee: Hardy Ferentschik
> Priority: Trivial
> Attachments: i_hv_522.patch
>
>
> I have a simple servlet that calls some BV apis, like this:
> {code}
> List<String> listOfString = new ArrayList<String>();
> listOfString.add("one");
> listOfString.add("two");
> listOfString.add("three");
> Set<ConstraintViolation<Person>> violations =
> beanValidator.validateValue(Person.class, "listOfString", listOfString);
> {code}
> However, when the _validateValue()_ call is made a _java.security.AccessControlException_ exception is thrown.
> The code throwing the exception is
> {code}
> org.hibernate.validator.metadata.ConstraintDescriptorImpl.equals(ConstraintDescriptorImpl.java:289).
> {code}
> The code looks innocent enough:
> {code}
> @Override
> public boolean equals(Object o) {
> if ( this == o ) {
> return true;
> }
> if ( o == null || getClass() != o.getClass() ) {
> return false;
> }
> ConstraintDescriptorImpl<?> that = (ConstraintDescriptorImpl<?>) o;
> if ( annotation != null ? !annotation.equals( that.annotation ) : that.annotation != null ) {
> return false;
> }
> return true;
> }
> {code}
> The exception is thrown on the invocation of _annotation.equals()_, as
> shown in this stack trace:
> {noformat}
> [#|2011-09-12T12:47:22.022-0700|WARNING|glassfish3.1.2|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=8;_ThreadName=Thread-11;|StandardWrapperValve[SimpleBVServlet]: PWC1406: Servlet.service() for servlet SimpleBVServlet threw exception
> java.security.AccessControlException: Access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:118)
> at com.ibm.oti.reflect.AnnotationHelper$AnnotationInvocationHandler.compare(AnnotationHelper.java:186)
> at com.ibm.oti.reflect.AnnotationHelper$AnnotationInvocationHandler.invoke(AnnotationHelper.java:111)
> at $Proxy15.equals(Unknown Source)
> at org.hibernate.validator.metadata.ConstraintDescriptorImpl.equals(ConstraintDescriptorImpl.java:289)
> at org.hibernate.validator.metadata.MetaConstraint.equals(MetaConstraint.java:106)
> at java.util.ArrayList.contains(ArrayList.java:305)
> at org.hibernate.validator.engine.ValidatorImpl.validatePropertyForDefaultGroup(ValidatorImpl.java:821)
> at org.hibernate.validator.engine.ValidatorImpl.validatePropertyForCurrentGroup(ValidatorImpl.java:742)
> at org.hibernate.validator.engine.ValidatorImpl.validateValueInContext(ValidatorImpl.java:699)
> {noformat}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the hibernate-issues
mailing list