HHH-12542 - Add necessary privileged action blocks for SecurityManager used on WildFly.

This commit is contained in:
Chris Cranford 2018-07-11 13:01:51 -04:00 committed by Guillaume Smet
parent d23fc129cc
commit d24685de67
9 changed files with 331 additions and 154 deletions

View File

@ -12,6 +12,8 @@ import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.net.URL; import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Properties; import java.util.Properties;
import org.hibernate.boot.cfgxml.spi.LoadedConfig; import org.hibernate.boot.cfgxml.spi.LoadedConfig;
@ -48,27 +50,34 @@ public class ConfigLoader {
} }
public LoadedConfig loadConfigXmlResource(String cfgXmlResourceName) { public LoadedConfig loadConfigXmlResource(String cfgXmlResourceName) {
final InputStream stream = bootstrapServiceRegistry.getService( ClassLoaderService.class ).locateResourceStream( cfgXmlResourceName ); final PrivilegedAction<JaxbCfgHibernateConfiguration> action = new PrivilegedAction<JaxbCfgHibernateConfiguration>() {
if ( stream == null ) { @Override
throw new ConfigurationException( "Could not locate cfg.xml resource [" + cfgXmlResourceName + "]" ); public JaxbCfgHibernateConfiguration run() {
} final InputStream stream = bootstrapServiceRegistry.getService( ClassLoaderService.class ).locateResourceStream( cfgXmlResourceName );
if ( stream == null ) {
throw new ConfigurationException( "Could not locate cfg.xml resource [" + cfgXmlResourceName + "]" );
}
try { try {
final JaxbCfgHibernateConfiguration jaxbCfg = jaxbProcessorHolder.getValue().unmarshal( return jaxbProcessorHolder.getValue().unmarshal(
stream, stream,
new Origin( SourceType.RESOURCE, cfgXmlResourceName ) new Origin( SourceType.RESOURCE, cfgXmlResourceName )
); );
}
finally {
try {
stream.close();
}
catch ( IOException e ) {
log.debug( "Unable to close cfg.xml resource stream", e );
}
}
}
};
return LoadedConfig.consume( jaxbCfg ); return LoadedConfig.consume(
} System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run()
finally { );
try {
stream.close();
}
catch (IOException e) {
log.debug( "Unable to close cfg.xml resource stream", e );
}
}
} }
public LoadedConfig loadConfigXmlFile(File cfgXmlFile) { public LoadedConfig loadConfigXmlFile(File cfgXmlFile) {

View File

@ -7,6 +7,9 @@
package org.hibernate.boot.jaxb.internal; package org.hibernate.boot.jaxb.internal;
import java.io.InputStream; import java.io.InputStream;
import java.security.AccessController;
import java.security.PrivilegedAction;
import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException; import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller; import javax.xml.bind.Unmarshaller;
@ -98,8 +101,15 @@ public abstract class AbstractBinder implements Binder {
private Binding doBind(XMLEventReader eventReader, Origin origin) { private Binding doBind(XMLEventReader eventReader, Origin origin) {
try { try {
final StartElement rootElementStartEvent = seekRootElementStartEvent( eventReader, origin ); final PrivilegedAction<Binding> action = new PrivilegedAction<Binding>() {
return doBind( eventReader, rootElementStartEvent, origin ); @Override
public Binding run() {
final StartElement rootElementStartEvent = seekRootElementStartEvent( eventReader, origin );
return doBind( eventReader, rootElementStartEvent, origin );
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
} }
finally { finally {
try { try {

View File

@ -83,11 +83,16 @@ public class ClassLoaderServiceImpl implements ClassLoaderService {
orderedClassLoaderSet.add( ClassLoaderServiceImpl.class.getClassLoader() ); orderedClassLoaderSet.add( ClassLoaderServiceImpl.class.getClassLoader() );
// now build the aggregated class loader... // now build the aggregated class loader...
this.aggregatedClassLoader = AccessController.doPrivileged( new PrivilegedAction<AggregatedClassLoader>() { final PrivilegedAction<AggregatedClassLoader> action = new PrivilegedAction<AggregatedClassLoader>() {
@Override
public AggregatedClassLoader run() { public AggregatedClassLoader run() {
return new AggregatedClassLoader( orderedClassLoaderSet, lookupPrecedence ); return new AggregatedClassLoader( orderedClassLoaderSet, lookupPrecedence );
} }
} ); };
this.aggregatedClassLoader = System.getSecurityManager() != null
? AccessController.doPrivileged( action )
: action.run();
} }
/** /**
@ -347,49 +352,62 @@ public class ClassLoaderServiceImpl implements ClassLoaderService {
@Override @Override
@SuppressWarnings({"unchecked"}) @SuppressWarnings({"unchecked"})
public <T> Class<T> classForName(String className) { public <T> Class<T> classForName(String className) {
try { final PrivilegedAction<Class<T>> action = new PrivilegedAction<Class<T>>() {
return (Class<T>) Class.forName( className, true, getAggregatedClassLoader() ); @Override
} public Class<T> run() {
catch (Exception e) { try {
throw new ClassLoadingException( "Unable to load class [" + className + "]", e ); return (Class<T>) Class.forName( className, true, getAggregatedClassLoader() );
} }
catch (LinkageError e) { catch (Exception e) {
throw new ClassLoadingException( "Unable to load class [" + className + "]", e ); throw new ClassLoadingException( "Unable to load class [" + className + "]", e );
} }
catch (LinkageError e) {
throw new ClassLoadingException( "Unable to load class [" + className + "]", e );
}
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
} }
@Override @Override
public URL locateResource(String name) { public URL locateResource(final String name) {
// first we try name as a URL final PrivilegedAction<URL> action = new PrivilegedAction<URL>() {
try { @Override
return new URL( name ); public URL run() {
} try {
catch (Exception ignore) { return new URL( name );
} }
catch (Exception ignore) {
try {
final URL url = getAggregatedClassLoader().getResource( name );
if ( url != null ) {
return url;
}
}
catch (Exception ignore) {
}
if ( name.startsWith( "/" ) ) {
name = name.substring( 1 );
try {
final URL url = getAggregatedClassLoader().getResource( name );
if ( url != null ) {
return url;
} }
}
catch (Exception ignore) {
}
}
return null; try {
final URL url = getAggregatedClassLoader().getResource( name );
if ( url != null ) {
return url;
}
}
catch (Exception ignore) {
}
if ( name.startsWith( "/" ) ) {
final String resourceName = name.substring( 1 );
try {
final URL url = getAggregatedClassLoader().getResource( resourceName );
if ( url != null ) {
return url;
}
}
catch (Exception ignore) {
}
}
return null;
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
} }
@Override @Override
@ -456,16 +474,22 @@ public class ClassLoaderServiceImpl implements ClassLoaderService {
@Override @Override
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public <S> Collection<S> loadJavaServices(Class<S> serviceContract) { public <S> Collection<S> loadJavaServices(Class<S> serviceContract) {
ServiceLoader<S> serviceLoader = serviceLoaders.get( serviceContract ); final PrivilegedAction<Collection<S>> action = new PrivilegedAction<Collection<S>>() {
if ( serviceLoader == null ) { @Override
serviceLoader = ServiceLoader.load( serviceContract, getAggregatedClassLoader() ); public Collection<S> run() {
serviceLoaders.put( serviceContract, serviceLoader ); ServiceLoader<S> serviceLoader = serviceLoaders.get( serviceContract );
} if ( serviceLoader == null ) {
final LinkedHashSet<S> services = new LinkedHashSet<S>(); serviceLoader = ServiceLoader.load( serviceContract, getAggregatedClassLoader() );
for ( S service : serviceLoader ) { serviceLoaders.put( serviceContract, serviceLoader );
services.add( service ); }
} final LinkedHashSet<S> services = new LinkedHashSet<S>();
return services; for ( S service : serviceLoader ) {
services.add( service );
}
return services;
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
} }
@Override @Override
@ -480,7 +504,13 @@ public class ClassLoaderServiceImpl implements ClassLoaderService {
@Override @Override
public <T> T workWithClassLoader(Work<T> work) { public <T> T workWithClassLoader(Work<T> work) {
return work.doWork( getAggregatedClassLoader() ); final PrivilegedAction<T> action = new PrivilegedAction<T>() {
@Override
public T run() {
return work.doWork( getAggregatedClassLoader() );
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
} }
private ClassLoader getAggregatedClassLoader() { private ClassLoader getAggregatedClassLoader() {

View File

@ -10,6 +10,8 @@ import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.net.URL; import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
import org.hibernate.HibernateException; import org.hibernate.HibernateException;
import org.hibernate.cfg.Environment; import org.hibernate.cfg.Environment;
@ -113,28 +115,33 @@ public final class ConfigHelper {
} }
public static InputStream getResourceAsStream(String resource) { public static InputStream getResourceAsStream(String resource) {
String stripped = resource.startsWith( "/" ) final PrivilegedAction<InputStream> action = new PrivilegedAction<InputStream>() {
? resource.substring( 1 ) @Override
: resource; public InputStream run() {
String stripped = resource.startsWith( "/" )
? resource.substring( 1 )
: resource;
InputStream stream = null; InputStream stream = null;
ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
if ( classLoader != null ) { if ( classLoader != null ) {
stream = classLoader.getResourceAsStream( stripped ); stream = classLoader.getResourceAsStream( stripped );
} }
if ( stream == null ) { if ( stream == null ) {
stream = Environment.class.getResourceAsStream( resource ); stream = Environment.class.getResourceAsStream( resource );
} }
if ( stream == null ) { if ( stream == null ) {
stream = Environment.class.getClassLoader().getResourceAsStream( stripped ); stream = Environment.class.getClassLoader().getResourceAsStream( stripped );
} }
if ( stream == null ) { if ( stream == null ) {
throw new HibernateException( resource + " not found" ); throw new HibernateException( resource + " not found" );
} }
return stream; return stream;
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
} }
public static InputStream getUserResourceAsStream(String resource) { public static InputStream getUserResourceAsStream(String resource) {
boolean hasLeadingSlash = resource.startsWith( "/" ); boolean hasLeadingSlash = resource.startsWith( "/" );
String stripped = hasLeadingSlash ? resource.substring( 1 ) : resource; String stripped = hasLeadingSlash ? resource.substring( 1 ) : resource;

View File

@ -13,6 +13,8 @@ import java.lang.reflect.Field;
import java.lang.reflect.Member; import java.lang.reflect.Member;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.lang.reflect.Modifier; import java.lang.reflect.Modifier;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Locale; import java.util.Locale;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import javax.persistence.Transient; import javax.persistence.Transient;
@ -235,7 +237,14 @@ public final class ReflectHelper {
} }
private static Getter getter(Class clazz, String name) throws MappingException { private static Getter getter(Class clazz, String name) throws MappingException {
return PropertyAccessStrategyMixedImpl.INSTANCE.buildPropertyAccess( clazz, name ).getGetter(); final PrivilegedAction<Getter> action = new PrivilegedAction<Getter>() {
@Override
public Getter run() {
return PropertyAccessStrategyMixedImpl.INSTANCE.buildPropertyAccess( clazz, name ).getGetter();
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
} }
public static Object getConstantValue(String name, SessionFactoryImplementor factory) { public static Object getConstantValue(String name, SessionFactoryImplementor factory) {
@ -272,16 +281,23 @@ public final class ReflectHelper {
return null; return null;
} }
try { final PrivilegedAction<Constructor> action = new PrivilegedAction<Constructor>() {
Constructor<T> constructor = clazz.getDeclaredConstructor( NO_PARAM_SIGNATURE ); @Override
ensureAccessibility( constructor ); public Constructor run() {
return constructor; try {
} Constructor<T> constructor = clazz.getDeclaredConstructor( NO_PARAM_SIGNATURE );
catch ( NoSuchMethodException nme ) { ensureAccessibility( constructor );
throw new PropertyNotFoundException( return constructor;
"Object class [" + clazz.getName() + "] must declare a default (no-argument) constructor" }
); catch (NoSuchMethodException e) {
} throw new PropertyNotFoundException(
"Object class [" + clazz.getName() + "] must declare a default (no-argument) constructor"
);
}
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
} }
/** /**
@ -348,12 +364,19 @@ public final class ReflectHelper {
} }
public static Method getMethod(Class clazz, Method method) { public static Method getMethod(Class clazz, Method method) {
try { final PrivilegedAction<Method> action = new PrivilegedAction<Method>() {
return clazz.getMethod( method.getName(), method.getParameterTypes() ); @Override
} public Method run() {
catch (Exception e) { try {
return null; return clazz.getMethod( method.getName(), method.getParameterTypes() );
} }
catch (Exception e){
return null;
}
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
} }
public static Field findField(Class containerClass, String propertyName) { public static Field findField(Class containerClass, String propertyName) {
@ -364,8 +387,14 @@ public final class ReflectHelper {
throw new IllegalArgumentException( "Illegal attempt to locate field [" + propertyName + "] on Object.class" ); throw new IllegalArgumentException( "Illegal attempt to locate field [" + propertyName + "] on Object.class" );
} }
Field field = locateField( containerClass, propertyName ); final PrivilegedAction<Field> action = new PrivilegedAction<Field>() {
@Override
public Field run() {
return locateField( containerClass, propertyName );
}
};
final Field field = System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
if ( field == null ) { if ( field == null ) {
throw new PropertyNotFoundException( throw new PropertyNotFoundException(
String.format( String.format(
@ -383,11 +412,22 @@ public final class ReflectHelper {
} }
public static void ensureAccessibility(AccessibleObject accessibleObject) { public static void ensureAccessibility(AccessibleObject accessibleObject) {
if ( accessibleObject.isAccessible() ) { final PrivilegedAction<Object> action = new PrivilegedAction<Object>() {
return; @Override
} public Object run() {
if ( !accessibleObject.isAccessible() ) {
accessibleObject.setAccessible( true );
}
return null;
}
};
accessibleObject.setAccessible( true ); if ( System.getSecurityManager() != null ) {
AccessController.doPrivileged( action );
}
else {
action.run();
}
} }
private static Field locateField(Class clazz, String propertyName) { private static Field locateField(Class clazz, String propertyName) {
@ -462,7 +502,7 @@ public final class ReflectHelper {
} }
private static Method getGetterOrNull(Class containerClass, String propertyName) { private static Method getGetterOrNull(Class containerClass, String propertyName) {
for ( Method method : containerClass.getDeclaredMethods() ) { for ( Method method : getDeclaredMethods( containerClass ) ) {
// if the method has parameters, skip it // if the method has parameters, skip it
if ( method.getParameterCount() != 0 ) { if ( method.getParameterCount() != 0 ) {
continue; continue;
@ -513,17 +553,39 @@ public final class ReflectHelper {
String propertyName, String propertyName,
Method getMethod, Method getMethod,
String stemName) { String stemName) {
// verify that the Class does not also define a method with the same stem name with 'is' final Method isMethod = getDeclaredMethod( containerClass, "is" + stemName );
try { if ( isMethod != null ) {
final Method isMethod = containerClass.getDeclaredMethod( "is" + stemName );
if ( !Modifier.isStatic( isMethod.getModifiers() ) && isMethod.getAnnotation( Transient.class ) == null ) { if ( !Modifier.isStatic( isMethod.getModifiers() ) && isMethod.getAnnotation( Transient.class ) == null ) {
// No such method should throw the caught exception. So if we get here, there was // No such method should throw the caught exception. So if we get here, there was
// such a method. // such a method.
checkGetAndIsVariants( containerClass, propertyName, getMethod, isMethod ); checkGetAndIsVariants( containerClass, propertyName, getMethod, isMethod );
} }
} }
catch (NoSuchMethodException ignore) { }
}
private static Method getDeclaredMethod(Class containerClass, String methodName) {
final PrivilegedAction<Method> action = new PrivilegedAction<Method>() {
@Override
public Method run() {
try {
return containerClass.getDeclaredMethod( methodName );
}
catch (NoSuchMethodException ignore) {
return null;
}
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
}
private static Method[] getDeclaredMethods(Class containerClass) {
final PrivilegedAction<Method[]> action = new PrivilegedAction<Method[]>() {
@Override
public Method[] run() {
return containerClass.getDeclaredMethods();
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
} }
private static void checkGetAndIsVariants( private static void checkGetAndIsVariants(
@ -554,16 +616,14 @@ public final class ReflectHelper {
Method isMethod, Method isMethod,
String stemName) { String stemName) {
// verify that the Class does not also define a method with the same stem name with 'is' // verify that the Class does not also define a method with the same stem name with 'is'
try { final Method getMethod = getDeclaredMethod( containerClass, "get" + stemName );
final Method getMethod = containerClass.getDeclaredMethod( "get" + stemName ); if ( getMethod != null ) {
// No such method should throw the caught exception. So if we get here, there was // No such method should throw the caught exception. So if we get here, there was
// such a method. // such a method.
if ( !Modifier.isStatic( getMethod.getModifiers() ) && getMethod.getAnnotation( Transient.class ) == null ) { if ( !Modifier.isStatic( getMethod.getModifiers() ) && getMethod.getAnnotation( Transient.class ) == null ) {
checkGetAndIsVariants( containerClass, propertyName, getMethod, isMethod ); checkGetAndIsVariants( containerClass, propertyName, getMethod, isMethod );
} }
} }
catch (NoSuchMethodException ignore) {
}
} }
public static Method getterMethodOrNull(Class containerJavaType, String propertyName) { public static Method getterMethodOrNull(Class containerJavaType, String propertyName) {
@ -631,7 +691,7 @@ public final class ReflectHelper {
private static Method setterOrNull(Class theClass, String propertyName, Class propertyType) { private static Method setterOrNull(Class theClass, String propertyName, Class propertyType) {
Method potentialSetter = null; Method potentialSetter = null;
for ( Method method : theClass.getDeclaredMethods() ) { for ( Method method : getDeclaredMethods( theClass ) ) {
final String methodName = method.getName(); final String methodName = method.getName();
if ( method.getParameterCount() == 1 && methodName.startsWith( "set" ) ) { if ( method.getParameterCount() == 1 && methodName.startsWith( "set" ) ) {
final String testOldMethod = methodName.substring( 3 ); final String testOldMethod = methodName.substring( 3 );
@ -656,7 +716,7 @@ public final class ReflectHelper {
* as an abstract - but again, that is such an edge case... * as an abstract - but again, that is such an edge case...
*/ */
public static Method findGetterMethodForFieldAccess(Field field, String propertyName) { public static Method findGetterMethodForFieldAccess(Field field, String propertyName) {
for ( Method method : field.getDeclaringClass().getDeclaredMethods() ) { for ( Method method : getDeclaredMethods( field.getDeclaringClass() ) ) {
// if the method has parameters, skip it // if the method has parameters, skip it
if ( method.getParameterCount() != 0 ) { if ( method.getParameterCount() != 0 ) {
continue; continue;

View File

@ -10,6 +10,8 @@ import java.lang.annotation.Annotation;
import java.lang.annotation.ElementType; import java.lang.annotation.ElementType;
import java.lang.annotation.Target; import java.lang.annotation.Target;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import javax.persistence.Entity; import javax.persistence.Entity;
@ -72,6 +74,7 @@ public class CallbackBuilderLegacyImpl implements CallbackBuilder {
} }
continue; continue;
} }
final Callback[] callbacks = resolveEntityCallbacks( entityXClass, callbackType, reflectionManager ); final Callback[] callbacks = resolveEntityCallbacks( entityXClass, callbackType, reflectionManager );
callbackRegistrar.registerCallbacks( entityClass, callbacks ); callbackRegistrar.registerCallbacks( entityClass, callbacks );
} }
@ -119,7 +122,7 @@ public class CallbackBuilderLegacyImpl implements CallbackBuilder {
final boolean debugEnabled = log.isDebugEnabled(); final boolean debugEnabled = log.isDebugEnabled();
do { do {
Callback callback = null; Callback callback = null;
List<XMethod> methods = currentClazz.getDeclaredMethods(); List<XMethod> methods = getDeclaredMethods( currentClazz );
for ( final XMethod xMethod : methods ) { for ( final XMethod xMethod : methods ) {
if ( xMethod.isAnnotationPresent( callbackType.getCallbackAnnotation() ) ) { if ( xMethod.isAnnotationPresent( callbackType.getCallbackAnnotation() ) ) {
Method method = reflectionManager.toMethod( xMethod ); Method method = reflectionManager.toMethod( xMethod );
@ -190,7 +193,7 @@ public class CallbackBuilderLegacyImpl implements CallbackBuilder {
if ( listener != null ) { if ( listener != null ) {
XClass xListener = reflectionManager.toXClass( listener ); XClass xListener = reflectionManager.toXClass( listener );
callbacksMethodNames = new ArrayList<>(); callbacksMethodNames = new ArrayList<>();
List<XMethod> methods = xListener.getDeclaredMethods(); List<XMethod> methods = getDeclaredMethods( xListener );
for ( final XMethod xMethod : methods ) { for ( final XMethod xMethod : methods ) {
if ( xMethod.isAnnotationPresent( callbackType.getCallbackAnnotation() ) ) { if ( xMethod.isAnnotationPresent( callbackType.getCallbackAnnotation() ) ) {
final Method method = reflectionManager.toMethod( xMethod ); final Method method = reflectionManager.toMethod( xMethod );
@ -338,4 +341,14 @@ public class CallbackBuilderLegacyImpl implements CallbackBuilder {
} }
} }
} }
private static List<XMethod> getDeclaredMethods(XClass clazz) {
final PrivilegedAction<List<XMethod>> action = new PrivilegedAction<List<XMethod>>() {
@Override
public List<XMethod> run() {
return clazz.getDeclaredMethods();
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
}
} }

View File

@ -7,6 +7,8 @@
package org.hibernate.metamodel.internal; package org.hibernate.metamodel.internal;
import java.lang.reflect.Field; import java.lang.reflect.Field;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
import java.util.HashMap; import java.util.HashMap;
@ -369,13 +371,26 @@ class MetadataContext {
return; return;
} }
final String metamodelClassName = managedTypeClass.getName() + '_'; final String metamodelClassName = managedTypeClass.getName() + '_';
try {
final Class metamodelClass = Class.forName( metamodelClassName, true, managedTypeClass.getClassLoader() ); final PrivilegedAction<Object> action = new PrivilegedAction<Object>() {
// we found the class; so populate it... @Override
registerAttributes( metamodelClass, managedType ); public Object run() {
try {
final Class metamodelClass = Class.forName( metamodelClassName, true, managedTypeClass.getClassLoader() );
// we found the class; so populate it...
registerAttributes( metamodelClass, managedType );
}
catch (ClassNotFoundException ignore) {
// nothing to do...
}
return null;
}
};
if ( System.getSecurityManager() != null ) {
AccessController.doPrivileged( action );
} }
catch (ClassNotFoundException ignore) { else {
// nothing to do... action.run();
} }
// todo : this does not account for @MappeSuperclass, mainly because this is not being tracked in our // todo : this does not account for @MappeSuperclass, mainly because this is not being tracked in our

View File

@ -8,6 +8,8 @@ package org.hibernate.tuple.entity;
import java.lang.reflect.Method; import java.lang.reflect.Method;
import java.lang.reflect.Modifier; import java.lang.reflect.Modifier;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Iterator; import java.util.Iterator;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
@ -157,24 +159,31 @@ public class PojoEntityTuplizer extends AbstractEntityTuplizer {
null : null :
ReflectHelper.getMethod( proxyInterface, idSetterMethod ); ReflectHelper.getMethod( proxyInterface, idSetterMethod );
ProxyFactory pf = buildProxyFactoryInternal( persistentClass, idGetter, idSetter ); final PrivilegedAction<ProxyFactory> action = new PrivilegedAction<ProxyFactory>() {
try { @Override
pf.postInstantiate( public ProxyFactory run() {
getEntityName(), ProxyFactory pf = buildProxyFactoryInternal( persistentClass, idGetter, idSetter );
mappedClass, try {
proxyInterfaces, pf.postInstantiate(
proxyGetIdentifierMethod, getEntityName(),
proxySetIdentifierMethod, mappedClass,
persistentClass.hasEmbeddedIdentifier() ? proxyInterfaces,
(CompositeType) persistentClass.getIdentifier().getType() : proxyGetIdentifierMethod,
null proxySetIdentifierMethod,
); persistentClass.hasEmbeddedIdentifier() ?
} (CompositeType) persistentClass.getIdentifier().getType() :
catch (HibernateException he) { null
LOG.unableToCreateProxyFactory( getEntityName(), he ); );
pf = null; }
} catch (HibernateException he) {
return pf; LOG.unableToCreateProxyFactory( getEntityName(), he );
pf = null;
}
return pf;
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
} }
protected ProxyFactory buildProxyFactoryInternal( protected ProxyFactory buildProxyFactoryInternal(

View File

@ -7,6 +7,8 @@
package org.hibernate.envers.configuration.internal.metadata.reader; package org.hibernate.envers.configuration.internal.metadata.reader;
import java.lang.annotation.Annotation; import java.lang.annotation.Annotation;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.Iterator; import java.util.Iterator;
@ -47,6 +49,7 @@ import org.hibernate.loader.PropertyPath;
import org.hibernate.mapping.Component; import org.hibernate.mapping.Component;
import org.hibernate.mapping.Property; import org.hibernate.mapping.Property;
import org.hibernate.mapping.Value; import org.hibernate.mapping.Value;
import org.jboss.logging.Logger; import org.jboss.logging.Logger;
import static org.hibernate.envers.internal.tools.Tools.newHashMap; import static org.hibernate.envers.internal.tools.Tools.newHashMap;
@ -354,26 +357,47 @@ public class AuditedPropertiesReader {
//look in the class //look in the class
addFromProperties( addFromProperties(
clazz.getDeclaredProperties( "field" ), getPropertiesFromClassByType( clazz, AccessType.FIELD ),
it -> "field", it -> "field",
fieldAccessedPersistentProperties, fieldAccessedPersistentProperties,
allClassAudited allClassAudited
); );
addFromProperties( addFromProperties(
clazz.getDeclaredProperties( "property" ), getPropertiesFromClassByType( clazz, AccessType.PROPERTY ),
propertyAccessedPersistentProperties::get, propertyAccessedPersistentProperties::get,
propertyAccessedPersistentProperties.keySet(), propertyAccessedPersistentProperties.keySet(),
allClassAudited allClassAudited
); );
if ( allClassAudited != null || !auditedPropertiesHolder.isEmpty() ) { if ( allClassAudited != null || !auditedPropertiesHolder.isEmpty() ) {
final XClass superclazz = clazz.getSuperclass(); final PrivilegedAction<XClass> action = new PrivilegedAction<XClass>() {
@Override
public XClass run() {
return clazz.getSuperclass();
}
};
final XClass superclazz = System.getSecurityManager() != null
? AccessController.doPrivileged( action )
: action.run();
if ( !clazz.isInterface() && !"java.lang.Object".equals( superclazz.getName() ) ) { if ( !clazz.isInterface() && !"java.lang.Object".equals( superclazz.getName() ) ) {
addPropertiesFromClass( superclazz ); addPropertiesFromClass( superclazz );
} }
} }
} }
private Iterable<XProperty> getPropertiesFromClassByType(XClass clazz, AccessType accessType) {
final PrivilegedAction<Iterable<XProperty>> action = new PrivilegedAction<Iterable<XProperty>>() {
@Override
public Iterable<XProperty> run() {
return clazz.getDeclaredProperties( accessType.getType() );
}
};
return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run();
}
private void addFromProperties( private void addFromProperties(
Iterable<XProperty> properties, Iterable<XProperty> properties,
Function<String, String> accessTypeProvider, Function<String, String> accessTypeProvider,