From ba84a115bc5240a7abb07348044f0a8890bfb7d1 Mon Sep 17 00:00:00 2001 From: Albert Lee Date: Wed, 29 Jul 2009 18:58:00 +0000 Subject: [PATCH] OENJPA-1206 - Enable Java 2 security on BV validate call. git-svn-id: https://svn.apache.org/repos/asf/openjpa/trunk@799013 13f79535-47bb-0310-9956-ffa450edef68 --- openjpa-lib/pom.xml | 5 +++++ .../openjpa/lib/util/J2DoPrivHelper.java | 19 +++++++++++++++++++ .../persistence/validation/ValidatorImpl.java | 7 +++++-- 3 files changed, 29 insertions(+), 2 deletions(-) diff --git a/openjpa-lib/pom.xml b/openjpa-lib/pom.xml index 9f1c61903..664168796 100644 --- a/openjpa-lib/pom.xml +++ b/openjpa-lib/pom.xml @@ -65,6 +65,11 @@ net.sourceforge.serp serp + + org.apache.geronimo.specs + geronimo-validation_1.0_spec + provided + diff --git a/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java b/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java index a5bc4014b..cb0e62b93 100644 --- a/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java +++ b/openjpa-lib/src/main/java/org/apache/openjpa/lib/util/J2DoPrivHelper.java @@ -42,8 +42,12 @@ import java.security.PrivilegedAction; import java.security.PrivilegedExceptionAction; import java.util.Enumeration; import java.util.Properties; +import java.util.Set; import java.util.zip.ZipFile; +import javax.validation.ConstraintViolation; +import javax.validation.Validator; + import serp.bytecode.BCClass; import serp.bytecode.BCClassLoader; import serp.bytecode.BCField; @@ -106,6 +110,7 @@ import serp.bytecode.Project; *
  • AnnotatedElement.getAnnotations *
  • AnnotatedElement.getDeclaredAnnotations *
  • AnnotatedElement.isAnnotationPresent + *
  • javax.validationValidator.validate * * * If these methods are used, the following sample usage patterns should be @@ -1178,4 +1183,18 @@ public abstract class J2DoPrivHelper { } }; } + + /** + * Return a PrivilegeAction object for javax.validationValidator.validate(). + * + * Requires security policy: 'permission java.lang.RuntimePermission "*";' + */ + public static final PrivilegedAction>> validateAction( + final Validator validator, final T arg0, final Class[] groups) { + return new PrivilegedAction>>() { + public Set> run() { + return validator.validate(arg0, groups); + } + }; + } } diff --git a/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/validation/ValidatorImpl.java b/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/validation/ValidatorImpl.java index 5efbf0e0d..c95bb1ee1 100644 --- a/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/validation/ValidatorImpl.java +++ b/openjpa-persistence/src/main/java/org/apache/openjpa/persistence/validation/ValidatorImpl.java @@ -18,6 +18,7 @@ */ package org.apache.openjpa.persistence.validation; +import java.security.AccessController; import java.util.HashMap; import java.util.Map; import java.util.Set; @@ -33,6 +34,7 @@ import javax.validation.ValidatorFactory; import org.apache.openjpa.conf.OpenJPAConfiguration; import org.apache.openjpa.event.LifecycleEvent; import org.apache.openjpa.lib.conf.Configuration; +import org.apache.openjpa.lib.util.J2DoPrivHelper; import org.apache.openjpa.lib.util.Localizer; import org.apache.openjpa.validation.AbstractValidator; import org.apache.openjpa.validation.ValidationException; @@ -286,8 +288,9 @@ public class ValidatorImpl extends AbstractValidator { public ValidationException validate(T arg0, int event) { if (!isValidating(event)) return null; - Set> violations = - _validator.validate(arg0, getValidationGroup(event)); + Set> violations = AccessController.doPrivileged( + J2DoPrivHelper.validateAction(_validator, arg0, getValidationGroup(event))); + if (violations != null && violations.size() > 0) { return new ValidationException( new ConstraintViolationException(