Preparing for WELD-32, centralizing all SecurityManager-aware reflect…

…ion access. Privileged execution disabled for now, uncomment the true block in SecureReflectionAccess to play around with it.

impl/src/main/java/org/jboss/weld/bean/AbstractClassBean.java

@@ -75,6 +75,7 @@
 import org.jboss.weld.util.Strings;
 import org.jboss.weld.util.Proxies.TypeInfo;
 import org.jboss.weld.util.reflection.Reflections;
+import org.jboss.weld.util.reflection.SecureReflections;
 import org.slf4j.cal10n.LocLogger;
 
 /**
@@ -224,7 +225,7 @@ protected T applyDecorators(T instance, CreationalContext<T> creationalContext,
       }
       try
       {
-         T proxy = proxyClassForDecorators.newInstance();
+         T proxy = SecureReflections.newInstance(proxyClassForDecorators);
          // temporary fix for decorators - make sure that the instance wrapped by the decorators
          // is the contextual instance
          // TODO - correct the decoration algorithm to avoid the creation of new target class instances
@@ -583,7 +584,7 @@ protected void initDirectlyDefinedInterceptors()
          if (getAnnotatedItem().isAnnotationPresent(InterceptionUtils.getInterceptorsAnnotationClass()))
          {
             Annotation interceptorsAnnotation = getType().getAnnotation(InterceptionUtils.getInterceptorsAnnotationClass());
-            classDeclaredInterceptors = Reflections.extractValues(interceptorsAnnotation);
+            classDeclaredInterceptors = SecureReflections.extractValues(interceptorsAnnotation);
          }
 
          if (classDeclaredInterceptors != null)
@@ -598,7 +599,7 @@ protected void initDirectlyDefinedInterceptors()
             Class<?>[] methodDeclaredInterceptors = null;
             if (method.isAnnotationPresent(InterceptionUtils.getInterceptorsAnnotationClass()))
             {
-               methodDeclaredInterceptors = Reflections.extractValues(method.getAnnotation(InterceptionUtils.getInterceptorsAnnotationClass()));
+               methodDeclaredInterceptors = SecureReflections.extractValues(method.getAnnotation(InterceptionUtils.getInterceptorsAnnotationClass()));
             }
             if (excludeClassInterceptors)
             {

impl/src/main/java/org/jboss/weld/bean/DisposalMethod.java

@@ -41,6 +41,7 @@
 import org.jboss.weld.introspector.WeldMethod;
 import org.jboss.weld.introspector.WeldParameter;
 import org.jboss.weld.util.Beans;
+import org.jboss.weld.util.reflection.SecureReflections;
 
 public class DisposalMethod<X, T> extends AbstractReceiverBean<X, T, Method>
 {
@@ -219,14 +220,10 @@ private void checkDisposalMethod()
             if (type instanceof Class<?>)
             {
                Class<?> clazz = (Class<?>) type;
-               try
+               if (SecureReflections.methodExists(clazz, disposalMethodInjectionPoint.getName(), disposalMethodInjectionPoint.getParameterTypesAsArray()))
                {
-                  clazz.getDeclaredMethod(disposalMethodInjectionPoint.getName(), disposalMethodInjectionPoint.getParameterTypesAsArray());
                   methodDeclaredOnTypes = true;
-               }
-               catch (NoSuchMethodException nsme)
-               {
-                  // No - op
+                  continue;
                }
             }
          }

impl/src/main/java/org/jboss/weld/bean/ProducerMethod.java

@@ -43,6 +43,7 @@
 import org.jboss.weld.introspector.WeldMethod;
 import org.jboss.weld.introspector.WeldParameter;
 import org.jboss.weld.util.Names;
+import org.jboss.weld.util.reflection.SecureReflections;
 
 /**
  * Represents a producer method bean
@@ -166,15 +167,10 @@ else if (getDeclaringBean() instanceof SessionBean<?>)
          {
             if (type instanceof Class)
             {
-               Class<?> clazz = (Class<?>) type;
-               try
+               if (SecureReflections.methodExists((Class<?>) type, getAnnotatedItem().getName(), getAnnotatedItem().getParameterTypesAsArray()))
                {
-                  clazz.getDeclaredMethod(getAnnotatedItem().getName(), getAnnotatedItem().getParameterTypesAsArray());
                   methodDeclaredOnTypes = true;
-               }
-               catch (NoSuchMethodException nsme)
-               {
-                  // No - op
+                  continue;
                }
             }
          }

impl/src/main/java/org/jboss/weld/bean/SessionBean.java

@@ -74,6 +74,7 @@
 import org.jboss.weld.util.Proxies;
 import org.jboss.weld.util.Proxies.TypeInfo;
 import org.jboss.weld.util.reflection.HierarchyDiscovery;
+import org.jboss.weld.util.reflection.SecureReflections;
 
 /**
  * An enterprise bean representation
@@ -181,7 +182,7 @@ public T produce(CreationalContext<T> ctx)
             {
                try
                {
-                  T instance = proxyClass.newInstance();
+                  T instance = SecureReflections.newInstance(proxyClass);
                   ctx.push(instance);
                   return Proxies.attachMethodHandler(instance, new EnterpriseBeanProxyMethodHandler<T>(SessionBean.this, ctx));
                }
@@ -409,7 +410,7 @@ public boolean isMethodExistsOnTypes(WeldMethod<?, ?> method)
       {
          if (type instanceof Class)
          {
-            for (Method m : ((Class<?>) type).getMethods())
+            for (Method m : SecureReflections.getMethods((Class<?>) type))
             {
                if (method.getName().equals(m.getName()) && Arrays.equals(method.getParameterTypesAsArray(), m.getParameterTypes()))
                {

impl/src/main/java/org/jboss/weld/bean/builtin/CallableMethodHandler.java

@@ -19,6 +19,7 @@
 import org.jboss.weld.NullInstanceException;
 import org.jboss.weld.bootstrap.api.Service;
 import org.jboss.weld.util.reflection.Reflections;
+import org.jboss.weld.util.reflection.SecureReflections;
 import org.slf4j.cal10n.LocLogger;
 
 public class CallableMethodHandler implements MethodHandler, Serializable
@@ -77,7 +78,7 @@ public Object invoke(Object self, Method proxiedMethod, Method proceed, Object[]
       }
       try
       {
-         Object returnValue = Reflections.invoke(proxiedMethod, instance, args);
+         Object returnValue = SecureReflections.invoke(instance, proxiedMethod, args);
          log.trace(CALL_PROXIED_METHOD, proxiedMethod, instance, args, returnValue == null ? null : returnValue);
          return returnValue;
       }

impl/src/main/java/org/jboss/weld/bean/interceptor/ClassInterceptionHandlerFactory.java

@@ -21,12 +21,12 @@
 
 import javax.enterprise.context.spi.CreationalContext;
 
-import org.jboss.interceptor.proxy.InterceptionHandlerFactory;
-import org.jboss.interceptor.proxy.InterceptionHandler;
 import org.jboss.interceptor.proxy.DirectClassInterceptionHandler;
+import org.jboss.interceptor.proxy.InterceptionHandler;
+import org.jboss.interceptor.proxy.InterceptionHandlerFactory;
 import org.jboss.weld.BeanManagerImpl;
 import org.jboss.weld.DeploymentException;
-import org.jboss.weld.util.reflection.Reflections;
+import org.jboss.weld.util.reflection.SecureReflections;
 
 /**
  * @author Marius Bogoevici
@@ -47,8 +47,7 @@ public InterceptionHandler createFor(Class clazz)
       try
       {
          // this is not a managed instance - assume no-argument constructor exists
-         Constructor constructor = clazz.getDeclaredConstructor();
-         Reflections.ensureAccessible(constructor);
+         Constructor constructor = SecureReflections.getDeclaredConstructor(clazz);
          Object interceptorInstance = constructor.newInstance();
          // inject
          manager.createInjectionTarget(manager.createAnnotatedType(clazz)).inject(interceptorInstance, creationalContext);

impl/src/main/java/org/jboss/weld/bean/proxy/AbstractDecoratorMethodHandler.java

@@ -27,6 +27,7 @@
 import org.jboss.weld.introspector.WeldClass;
 import org.jboss.weld.introspector.jlr.MethodSignatureImpl;
 import org.jboss.weld.util.reflection.Reflections;
+import org.jboss.weld.util.reflection.SecureReflections;
 
 /**
  * {@link MethodHandler} for Abstract decorators.
@@ -74,7 +75,7 @@ public Object invoke(Object self, Method thisMethod, Method proceed, Object[] ar
       if (Reflections.isAbstract(thisMethod))
       {
          Method method = ((AnnotatedMethod<?>) delegateClass.getWeldMethod(new MethodSignatureImpl(thisMethod))).getJavaMember();
-         return Reflections.invoke(method, delegate, args);
+         return SecureReflections.invoke(delegate, method, args);
       }
 
       return proceed.invoke(self, args);

impl/src/main/java/org/jboss/weld/bean/proxy/ClientProxyMethodHandler.java

@@ -34,6 +34,7 @@
 import org.jboss.weld.context.WeldCreationalContext;
 import org.jboss.weld.serialization.spi.ContextualStore;
 import org.jboss.weld.util.reflection.Reflections;
+import org.jboss.weld.util.reflection.SecureReflections;
 import org.slf4j.cal10n.LocLogger;
 
 /**
@@ -110,8 +111,8 @@ public Object invoke(Object self, Method proxiedMethod, Method proceed, Object[]
       }
       try
       {
-         Method method = Reflections.lookupMethod(proxiedMethod, proxiedInstance);
-         Object returnValue = Reflections.invoke(method, proxiedInstance, args);
+         Method method = SecureReflections.lookupMethod(proxiedInstance, proxiedMethod);
+         Object returnValue = SecureReflections.invoke(proxiedInstance, method, args);
          log.trace(CALL_PROXIED_METHOD, proxiedMethod, proxiedInstance, args, returnValue == null ? null : returnValue);
          return returnValue;
       }

impl/src/main/java/org/jboss/weld/bean/proxy/DecoratorProxyMethodHandler.java

@@ -30,7 +30,7 @@
 import org.jboss.weld.introspector.WeldMethod;
 import org.jboss.weld.introspector.jlr.MethodSignatureImpl;
 import org.jboss.weld.serialization.spi.helpers.SerializableContextualInstance;
-import org.jboss.weld.util.reflection.Reflections;
+import org.jboss.weld.util.reflection.SecureReflections;
 
 /**
  * Method handler for decorated beans
@@ -97,6 +97,6 @@ protected Object doInvoke(Object self, Method method, Method proceed, Object[] a
             throw new ForbiddenStateException(UNEXPECTED_UNWRAPPED_CUSTOM_DECORATOR, beanInstance.getContextual().get());
          }
       }
-      return Reflections.invoke(method, getTargetInstance(), args);
+      return SecureReflections.invoke(getTargetInstance(), method, args);
    }
 }

impl/src/main/java/org/jboss/weld/bean/proxy/EnterpriseBeanProxyMethodHandler.java

@@ -37,6 +37,7 @@
 import org.jboss.weld.introspector.MethodSignature;
 import org.jboss.weld.introspector.jlr.MethodSignatureImpl;
 import org.jboss.weld.util.reflection.Reflections;
+import org.jboss.weld.util.reflection.SecureReflections;
 import org.slf4j.cal10n.LocLogger;
 
 /**
@@ -120,10 +121,10 @@ public Object invoke(Object self, Method method, Method proceed, Object[] args)
       }
       Class<?> businessInterface = getBusinessInterface(method);
       Object proxiedInstance = reference.getBusinessObject(businessInterface);
-      Method proxiedMethod = Reflections.lookupMethod(method, proxiedInstance);
+      Method proxiedMethod = SecureReflections.lookupMethod(proxiedInstance, method);
       try
       {
-         Object returnValue = Reflections.invoke(proxiedMethod, proxiedInstance, args);
+         Object returnValue = SecureReflections.invoke(proxiedInstance, proxiedMethod, args);
          log.trace(CALL_PROXIED_METHOD, method, proxiedInstance, args, returnValue);
          return returnValue;
       }

impl/src/main/java/org/jboss/weld/injection/Exceptions.java

@@ -21,6 +21,7 @@
 import javax.enterprise.inject.CreationException;
 
 import org.jboss.weld.WeldException;
+import org.jboss.weld.util.reflection.SecureReflections;
 
 class Exceptions
 {
@@ -36,7 +37,7 @@ private static void rethrowException(Throwable t, Class<? extends RuntimeExcepti
          RuntimeException e;
          try
          {
-            e = exceptionToThrow.newInstance();
+            e = SecureReflections.newInstance(exceptionToThrow);
          }
          catch (InstantiationException e1)
          {

impl/src/main/java/org/jboss/weld/introspector/jlr/WeldAnnotationImpl.java

@@ -32,6 +32,7 @@
 import org.jboss.weld.resources.ClassTransformer;
 import org.jboss.weld.util.Names;
 import org.jboss.weld.util.reflection.HierarchyDiscovery;
+import org.jboss.weld.util.reflection.SecureReflections;
 
 import com.google.common.base.Supplier;
 import com.google.common.collect.Multimaps;
@@ -89,7 +90,7 @@ protected WeldAnnotationImpl(Class<T> annotationType, ClassTransformer classTran
 
       });
       this.namedMembers = new HashMap<String, WeldMethod<?, ?>>();
-      for (Method member : clazz.getDeclaredMethods())
+      for (Method member : SecureReflections.getDeclaredMethods(clazz))
       {
          WeldMethod<?, ?> annotatedMethod = WeldMethodImpl.of(member, this, classTransformer);
          members.add(annotatedMethod);

impl/src/main/java/org/jboss/weld/introspector/jlr/WeldClassImpl.java

@@ -48,6 +48,7 @@
 import org.jboss.weld.util.Names;
 import org.jboss.weld.util.reflection.HierarchyDiscovery;
 import org.jboss.weld.util.reflection.Reflections;
+import org.jboss.weld.util.reflection.SecureReflections;
 
 import com.google.common.base.Supplier;
 import com.google.common.collect.Multimaps;
@@ -225,12 +226,8 @@ public Set<WeldField<?, T>> get()
 
       for (Class<?> c = rawType; c != Object.class && c != null; c = c.getSuperclass())
       {
-         for (Field field : c.getDeclaredFields())
+         for (Field field : SecureReflections.getDeclaredFields(c))
          {
-            if (!field.isAccessible())
-            {
-               field.setAccessible(true);
-            }
             WeldField<?, T> annotatedField = null;
             if (annotatedTypeFields.containsKey(field))
             {
@@ -299,7 +296,7 @@ public Set<WeldConstructor<?>> get()
       }
 
       this.declaredConstructorsBySignature = new HashMap<ConstructorSignature, WeldConstructor<?>>();
-      for (Constructor<?> constructor : rawType.getDeclaredConstructors())
+      for (Constructor<?> constructor : SecureReflections.getDeclaredConstructors(rawType))
       {
          WeldConstructor<T> annotatedConstructor = null;
          if (annotatedTypeConstructors.containsKey(constructor))
@@ -314,10 +311,6 @@ public Set<WeldConstructor<?>> get()
             annotatedConstructor = WeldConstructorImpl.of(c, this.<T>getDeclaringWBClass(c, classTransformer), classTransformer);
          }
 
-         if (!constructor.isAccessible())
-         {
-            constructor.setAccessible(true);
-         }
          this.constructors.add(annotatedConstructor);
          this.constructorsByArgumentMap.put(Arrays.asList(constructor.getParameterTypes()), annotatedConstructor);
 
@@ -394,13 +387,8 @@ public Set<WeldMethod<?, T>> get()
 
       for (Class<?> c = rawType; c != Object.class && c != null; c = c.getSuperclass())
       {
-         for (Method method : c.getDeclaredMethods())
+         for (Method method : SecureReflections.getDeclaredMethods(c))
          {
-            if (!method.isAccessible())
-            {
-               method.setAccessible(true);
-            }
-
             WeldMethod<?, T> annotatedMethod = null;
             if (annotatedTypeMethods.containsKey(method))
             {

impl/src/main/java/org/jboss/weld/introspector/jlr/WeldConstructorImpl.java

@@ -16,8 +16,6 @@
  */
 package org.jboss.weld.introspector.jlr;
 
-import static org.jboss.weld.util.reflection.Reflections.ensureAccessible;
-
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
@@ -75,13 +73,13 @@ public class WeldConstructorImpl<T> extends AbstractWeldCallable<T, T, Construct
    public static <T> WeldConstructor<T> of(Constructor<T> constructor, WeldClass<T> declaringClass, ClassTransformer classTransformer)
    {
       AnnotationStore annotationStore = AnnotationStore.of(constructor, classTransformer.getTypeStore());
-      return new WeldConstructorImpl<T>(ensureAccessible(constructor), constructor.getDeclaringClass(), constructor.getDeclaringClass(), null, new HierarchyDiscovery(constructor.getDeclaringClass()).getTypeClosure(), annotationStore, declaringClass, classTransformer);
+      return new WeldConstructorImpl<T>(constructor, constructor.getDeclaringClass(), constructor.getDeclaringClass(), null, new HierarchyDiscovery(constructor.getDeclaringClass()).getTypeClosure(), annotationStore, declaringClass, classTransformer);
    }
 
    public static <T> WeldConstructor<T> of(AnnotatedConstructor<T> annotatedConstructor,  WeldClass<T> declaringClass, ClassTransformer classTransformer)
    {
       AnnotationStore annotationStore = AnnotationStore.of(annotatedConstructor.getAnnotations(), annotatedConstructor.getAnnotations(), classTransformer.getTypeStore());
-      return new WeldConstructorImpl<T>(ensureAccessible(annotatedConstructor.getJavaMember()), annotatedConstructor.getJavaMember().getDeclaringClass(), annotatedConstructor.getBaseType(), annotatedConstructor, annotatedConstructor.getTypeClosure(), annotationStore, declaringClass, classTransformer);
+      return new WeldConstructorImpl<T>(annotatedConstructor.getJavaMember(), annotatedConstructor.getJavaMember().getDeclaringClass(), annotatedConstructor.getBaseType(), annotatedConstructor, annotatedConstructor.getTypeClosure(), annotationStore, declaringClass, classTransformer);
    }
 
    /**