HHH-12932 Execute ByteBuddy code requiring privileges inside a privileged block

This commit is contained in:
Guillaume Smet 2018-08-27 17:41:57 +02:00
parent 56a29af496
commit b04de4c9f7
1 changed files with 29 additions and 4 deletions

View File

@ -262,6 +262,7 @@ public final class ByteBuddyState {
} }
private static ForDeclaredMethods getDeclaredMethodMemberSubstitution() { private static ForDeclaredMethods getDeclaredMethodMemberSubstitution() {
// this should only be called if the security manager is enabled, thus the privileged calls
return MemberSubstitution.relaxed() return MemberSubstitution.relaxed()
.method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class, .method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class,
"getDeclaredMethod", String.class, Class[].class ) ) ) ) "getDeclaredMethod", String.class, Class[].class ) ) ) )
@ -272,6 +273,7 @@ public final class ByteBuddyState {
} }
private static ForDeclaredMethods getMethodMemberSubstitution() { private static ForDeclaredMethods getMethodMemberSubstitution() {
// this should only be called if the security manager is enabled, thus the privileged calls
return MemberSubstitution.relaxed() return MemberSubstitution.relaxed()
.method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class, .method( ElementMatchers.is( AccessController.doPrivileged( new GetDeclaredMethodAction( Class.class,
"getMethod", String.class, Class[].class ) ) ) ) "getMethod", String.class, Class[].class ) ) ) )
@ -321,10 +323,33 @@ public final class ByteBuddyState {
.and( returns( td -> "groovy.lang.MetaClass".equals( td.getName() ) ) ) ); .and( returns( td -> "groovy.lang.MetaClass".equals( td.getName() ) ) ) );
this.virtualNotFinalizerFilter = isVirtual().and( not( isFinalizer() ) ); this.virtualNotFinalizerFilter = isVirtual().and( not( isFinalizer() ) );
this.hibernateGeneratedMethodFilter = nameStartsWith( "$$_hibernate_" ).and( isVirtual() ); this.hibernateGeneratedMethodFilter = nameStartsWith( "$$_hibernate_" ).and( isVirtual() );
this.delegateToInterceptorDispatcherMethodDelegation = MethodDelegation
.to( ProxyConfiguration.InterceptorDispatcher.class ); PrivilegedAction<MethodDelegation> delegateToInterceptorDispatcherMethodDelegationPrivilegedAction =
this.interceptorFieldAccessor = FieldAccessor.ofField( ProxyConfiguration.INTERCEPTOR_FIELD_NAME ) new PrivilegedAction<MethodDelegation>() {
.withAssigner( Assigner.DEFAULT, Assigner.Typing.DYNAMIC );
@Override
public MethodDelegation run() {
return MethodDelegation.to( ProxyConfiguration.InterceptorDispatcher.class );
}
};
this.delegateToInterceptorDispatcherMethodDelegation = System.getSecurityManager() != null
? AccessController.doPrivileged( delegateToInterceptorDispatcherMethodDelegationPrivilegedAction )
: delegateToInterceptorDispatcherMethodDelegationPrivilegedAction.run();
PrivilegedAction<FieldAccessor.PropertyConfigurable> interceptorFieldAccessorPrivilegedAction =
new PrivilegedAction<FieldAccessor.PropertyConfigurable>() {
@Override
public FieldAccessor.PropertyConfigurable run() {
return FieldAccessor.ofField( ProxyConfiguration.INTERCEPTOR_FIELD_NAME )
.withAssigner( Assigner.DEFAULT, Assigner.Typing.DYNAMIC );
}
};
this.interceptorFieldAccessor = System.getSecurityManager() != null
? AccessController.doPrivileged( interceptorFieldAccessorPrivilegedAction )
: interceptorFieldAccessorPrivilegedAction.run();
} }
public ElementMatcher<? super MethodDescription> getGroovyGetMetaClassFilter() { public ElementMatcher<? super MethodDescription> getGroovyGetMetaClassFilter() {