OENJPA-1206 - Enable Java 2 security on BV validate call.

git-svn-id: https://svn.apache.org/repos/asf/openjpa/trunk@799013 13f79535-47bb-0310-9956-ffa450edef68

openjpa-lib/pom.xml

@@ -65,6 +65,11 @@
             <groupId>net.sourceforge.serp</groupId>
             <artifactId>serp</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.apache.geronimo.specs</groupId>
+            <artifactId>geronimo-validation_1.0_spec</artifactId>
+            <scope>provided</scope>
+        </dependency>        
     </dependencies>
     <build>
         <plugins>

openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java

@@ -42,8 +42,12 @@ import java.security.PrivilegedAction;
 import java.security.PrivilegedExceptionAction;
 import java.util.Enumeration;
 import java.util.Properties;
+import java.util.Set;
 import java.util.zip.ZipFile;
 
+import javax.validation.ConstraintViolation;
+import javax.validation.Validator;
+
 import serp.bytecode.BCClass;
 import serp.bytecode.BCClassLoader;
 import serp.bytecode.BCField;
@@ -106,6 +110,7 @@ import serp.bytecode.Project;
  * <li>AnnotatedElement.getAnnotations
  * <li>AnnotatedElement.getDeclaredAnnotations
  * <li>AnnotatedElement.isAnnotationPresent
+ * <li>javax.validationValidator.validate
  * </ul>
  * 
  * If these methods are used, the following sample usage patterns should be
@@ -1178,4 +1183,18 @@ public abstract class J2DoPrivHelper {
             }
         };
     }
+    
+    /**
+     * Return a PrivilegeAction object for javax.validationValidator.validate().
+     * 
+     * Requires security policy: 'permission java.lang.RuntimePermission "*";'
+     */
+    public static final <T> PrivilegedAction<Set<ConstraintViolation<T>>> validateAction(
+        final Validator validator, final T arg0, final Class<?>[] groups) {
+        return new PrivilegedAction<Set<ConstraintViolation<T>>>() {
+            public Set<ConstraintViolation<T>> run() {
+                return validator.validate(arg0, groups);
+            }
+        };
+    }
 }

openjpa-persistence/src/main/java/org/apache/openjpa/persistence/validation/ValidatorImpl.java

@@ -18,6 +18,7 @@
  */
 package org.apache.openjpa.persistence.validation;
 
+import java.security.AccessController;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Set;
@@ -33,6 +34,7 @@ import javax.validation.ValidatorFactory;
 import org.apache.openjpa.conf.OpenJPAConfiguration;
 import org.apache.openjpa.event.LifecycleEvent;
 import org.apache.openjpa.lib.conf.Configuration;
+import org.apache.openjpa.lib.util.J2DoPrivHelper;
 import org.apache.openjpa.lib.util.Localizer;
 import org.apache.openjpa.validation.AbstractValidator;
 import org.apache.openjpa.validation.ValidationException;
@@ -286,8 +288,9 @@ public class ValidatorImpl extends AbstractValidator {
     public <T> ValidationException validate(T arg0, int event) { 
         if (!isValidating(event))
             return null;
-        Set<ConstraintViolation<T>> violations = 
-            _validator.validate(arg0, getValidationGroup(event));
+        Set<ConstraintViolation<T>> violations = AccessController.doPrivileged(
+                J2DoPrivHelper.validateAction(_validator, arg0, getValidationGroup(event)));
+
         if (violations != null && violations.size() > 0) {
             return new ValidationException(
                 new ConstraintViolationException(