Hibernate/hibernate-orm
1
0
Fork 0
mirror of https://github.com/hibernate/hibernate-orm synced 2025-02-26 05:14:57 +00:00
Code Issues Packages Projects Releases Wiki Activity

HHH-12932 Execute ByteBuddy code requiring privileges inside a privileged block

Browse Source
This commit is contained in:
Guillaume Smet 2018-08-27 17:41:57 +02:00
parent 56a29af496
commit b04de4c9f7
1 changed files with 29 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
hibernate-core/src/main/java/org/hibernate/bytecode/internal/bytebuddy/ByteBuddyState.java
View File

@ -262,6 +262,7 @@ public static ClassLoadingStrategy<ClassLoader> resolveClassLoadingStrategy(Clas
} }
private static ForDeclaredMethods getDeclaredMethodMemberSubstitution() { private static ForDeclaredMethods getDeclaredMethodMemberSubstitution() {
// this should only be called if the security manager is enabled, thus the privileged calls
return MemberSubstitution.relaxed() return MemberSubstitution.relaxed()
.method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class, .method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class,
"getDeclaredMethod", String.class, Class[].class ) ) ) ) "getDeclaredMethod", String.class, Class[].class ) ) ) )
@ -272,6 +273,7 @@ private static ForDeclaredMethods getDeclaredMethodMemberSubstitution() {
} }
private static ForDeclaredMethods getMethodMemberSubstitution() { private static ForDeclaredMethods getMethodMemberSubstitution() {
// this should only be called if the security manager is enabled, thus the privileged calls
return MemberSubstitution.relaxed() return MemberSubstitution.relaxed()
.method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class, .method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class,
"getMethod", String.class, Class[].class ) ) ) ) "getMethod", String.class, Class[].class ) ) ) )
@ -321,11 +323,34 @@ private ProxyDefinitionHelpers() {
.and( returns( td -> "groovy.lang.MetaClass".equals( td.getName() ) ) ) ); .and( returns( td -> "groovy.lang.MetaClass".equals( td.getName() ) ) ) );
this.virtualNotFinalizerFilter = isVirtual().and( not( isFinalizer() ) ); this.virtualNotFinalizerFilter = isVirtual().and( not( isFinalizer() ) );
this.hibernateGeneratedMethodFilter = nameStartsWith( "$$_hibernate_" ).and( isVirtual() ); this.hibernateGeneratedMethodFilter = nameStartsWith( "$$_hibernate_" ).and( isVirtual() );
this.delegateToInterceptorDispatcherMethodDelegation = MethodDelegation
.to( ProxyConfiguration.InterceptorDispatcher.class ); PrivilegedAction<MethodDelegation> delegateToInterceptorDispatcherMethodDelegationPrivilegedAction =
this.interceptorFieldAccessor = FieldAccessor.ofField( ProxyConfiguration.INTERCEPTOR_FIELD_NAME ) new PrivilegedAction<MethodDelegation>() {
@Override
public MethodDelegation run() {
return MethodDelegation.to( ProxyConfiguration.InterceptorDispatcher.class );
}
};
this.delegateToInterceptorDispatcherMethodDelegation = System.getSecurityManager() != null
? AccessController.doPrivileged( delegateToInterceptorDispatcherMethodDelegationPrivilegedAction )
: delegateToInterceptorDispatcherMethodDelegationPrivilegedAction.run();
PrivilegedAction<FieldAccessor.PropertyConfigurable> interceptorFieldAccessorPrivilegedAction =
new PrivilegedAction<FieldAccessor.PropertyConfigurable>() {
@Override
public FieldAccessor.PropertyConfigurable run() {
return FieldAccessor.ofField( ProxyConfiguration.INTERCEPTOR_FIELD_NAME )
.withAssigner( Assigner.DEFAULT, Assigner.Typing.DYNAMIC ); .withAssigner( Assigner.DEFAULT, Assigner.Typing.DYNAMIC );
} }
};
this.interceptorFieldAccessor = System.getSecurityManager() != null
? AccessController.doPrivileged( interceptorFieldAccessorPrivilegedAction )
: interceptorFieldAccessorPrivilegedAction.run();
}
public ElementMatcher<? super MethodDescription> getGroovyGetMetaClassFilter() { public ElementMatcher<? super MethodDescription> getGroovyGetMetaClassFilter() {
return groovyGetMetaClassFilter; return groovyGetMetaClassFilter;