Hibernate
/
hibernate-orm
mirror of https://github.com/hibernate/hibernate-orm
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

HHH-12932 Execute ByteBuddy code requiring privileges inside a privileged block

This commit is contained in:
Guillaume Smet 2018-08-27 17:41:57 +02:00
parent d195ce03bc
commit 4c5ab83756
1 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
hibernate-core/src/main/java/org/hibernate/bytecode/internal/bytebuddy/ByteBuddyState.java
View File

@ -262,6 +262,7 @@ public final class ByteBuddyState {
} }
private static ForDeclaredMethods getDeclaredMethodMemberSubstitution() { private static ForDeclaredMethods getDeclaredMethodMemberSubstitution() {
// this should only be called if the security manager is enabled, thus the privileged calls
return MemberSubstitution.relaxed() return MemberSubstitution.relaxed()
.method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class, .method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class,
"getDeclaredMethod", String.class, Class[].class ) ) ) ) "getDeclaredMethod", String.class, Class[].class ) ) ) )
@ -272,6 +273,7 @@ public final class ByteBuddyState {
} }
private static ForDeclaredMethods getMethodMemberSubstitution() { private static ForDeclaredMethods getMethodMemberSubstitution() {
// this should only be called if the security manager is enabled, thus the privileged calls
return MemberSubstitution.relaxed() return MemberSubstitution.relaxed()
.method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class, .method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class,
"getMethod", String.class, Class[].class ) ) ) ) "getMethod", String.class, Class[].class ) ) ) )
@ -321,11 +323,34 @@ public final class ByteBuddyState {
.and( returns( td -> "groovy.lang.MetaClass".equals( td.getName() ) ) ) ); .and( returns( td -> "groovy.lang.MetaClass".equals( td.getName() ) ) ) );
this.virtualNotFinalizerFilter = isVirtual().and( not( isFinalizer() ) ); this.virtualNotFinalizerFilter = isVirtual().and( not( isFinalizer() ) );
this.hibernateGeneratedMethodFilter = nameStartsWith( "$$_hibernate_" ).and( isVirtual() ); this.hibernateGeneratedMethodFilter = nameStartsWith( "$$_hibernate_" ).and( isVirtual() );
this.delegateToInterceptorDispatcherMethodDelegation = MethodDelegation
.to( ProxyConfiguration.InterceptorDispatcher.class ); PrivilegedAction<MethodDelegation> delegateToInterceptorDispatcherMethodDelegationPrivilegedAction =
this.interceptorFieldAccessor = FieldAccessor.ofField( ProxyConfiguration.INTERCEPTOR_FIELD_NAME ) new PrivilegedAction<MethodDelegation>() {
@Override
public MethodDelegation run() {
return MethodDelegation.to( ProxyConfiguration.InterceptorDispatcher.class );
}
};
this.delegateToInterceptorDispatcherMethodDelegation = System.getSecurityManager() != null
? AccessController.doPrivileged( delegateToInterceptorDispatcherMethodDelegationPrivilegedAction )
: delegateToInterceptorDispatcherMethodDelegationPrivilegedAction.run();
PrivilegedAction<FieldAccessor.PropertyConfigurable> interceptorFieldAccessorPrivilegedAction =
new PrivilegedAction<FieldAccessor.PropertyConfigurable>() {
@Override
public FieldAccessor.PropertyConfigurable run() {
return FieldAccessor.ofField( ProxyConfiguration.INTERCEPTOR_FIELD_NAME )
.withAssigner( Assigner.DEFAULT, Assigner.Typing.DYNAMIC ); .withAssigner( Assigner.DEFAULT, Assigner.Typing.DYNAMIC );
} }
};
this.interceptorFieldAccessor = System.getSecurityManager() != null
? AccessController.doPrivileged( interceptorFieldAccessorPrivilegedAction )
: interceptorFieldAccessorPrivilegedAction.run();
}
public ElementMatcher<? super MethodDescription> getGroovyGetMetaClassFilter() { public ElementMatcher<? super MethodDescription> getGroovyGetMetaClassFilter() {
return groovyGetMetaClassFilter; return groovyGetMetaClassFilter;