From b04de4c9f771c414011d61d423f9d9278a9597d2 Mon Sep 17 00:00:00 2001 From: Guillaume Smet Date: Mon, 27 Aug 2018 17:41:57 +0200 Subject: [PATCH] HHH-12932 Execute ByteBuddy code requiring privileges inside a privileged block --- .../internal/bytebuddy/ByteBuddyState.java | 33 ++++++++++++++++--- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/hibernate-core/src/main/java/org/hibernate/bytecode/internal/bytebuddy/ByteBuddyState.java b/hibernate-core/src/main/java/org/hibernate/bytecode/internal/bytebuddy/ByteBuddyState.java index 0c46420472..1cdeecbc88 100644 --- a/hibernate-core/src/main/java/org/hibernate/bytecode/internal/bytebuddy/ByteBuddyState.java +++ b/hibernate-core/src/main/java/org/hibernate/bytecode/internal/bytebuddy/ByteBuddyState.java @@ -262,6 +262,7 @@ public final class ByteBuddyState { } private static ForDeclaredMethods getDeclaredMethodMemberSubstitution() { + // this should only be called if the security manager is enabled, thus the privileged calls return MemberSubstitution.relaxed() .method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class, "getDeclaredMethod", String.class, Class[].class ) ) ) ) @@ -272,6 +273,7 @@ public final class ByteBuddyState { } private static ForDeclaredMethods getMethodMemberSubstitution() { + // this should only be called if the security manager is enabled, thus the privileged calls return MemberSubstitution.relaxed() .method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class, "getMethod", String.class, Class[].class ) ) ) ) @@ -321,10 +323,33 @@ public final class ByteBuddyState { .and( returns( td -> "groovy.lang.MetaClass".equals( td.getName() ) ) ) ); this.virtualNotFinalizerFilter = isVirtual().and( not( isFinalizer() ) ); this.hibernateGeneratedMethodFilter = nameStartsWith( "$$_hibernate_" ).and( isVirtual() ); - this.delegateToInterceptorDispatcherMethodDelegation = MethodDelegation - .to( ProxyConfiguration.InterceptorDispatcher.class ); - this.interceptorFieldAccessor = FieldAccessor.ofField( ProxyConfiguration.INTERCEPTOR_FIELD_NAME ) - .withAssigner( Assigner.DEFAULT, Assigner.Typing.DYNAMIC ); + + PrivilegedAction delegateToInterceptorDispatcherMethodDelegationPrivilegedAction = + new PrivilegedAction() { + + @Override + public MethodDelegation run() { + return MethodDelegation.to( ProxyConfiguration.InterceptorDispatcher.class ); + } + }; + + this.delegateToInterceptorDispatcherMethodDelegation = System.getSecurityManager() != null + ? AccessController.doPrivileged( delegateToInterceptorDispatcherMethodDelegationPrivilegedAction ) + : delegateToInterceptorDispatcherMethodDelegationPrivilegedAction.run(); + + PrivilegedAction interceptorFieldAccessorPrivilegedAction = + new PrivilegedAction() { + + @Override + public FieldAccessor.PropertyConfigurable run() { + return FieldAccessor.ofField( ProxyConfiguration.INTERCEPTOR_FIELD_NAME ) + .withAssigner( Assigner.DEFAULT, Assigner.Typing.DYNAMIC ); + } + }; + + this.interceptorFieldAccessor = System.getSecurityManager() != null + ? AccessController.doPrivileged( interceptorFieldAccessorPrivilegedAction ) + : interceptorFieldAccessorPrivilegedAction.run(); } public ElementMatcher getGroovyGetMetaClassFilter() {