From 5c1bcd549bf1dbb85f17f4a78037f16017083f05 Mon Sep 17 00:00:00 2001 From: Chris Cranford Date: Wed, 11 Jul 2018 13:01:51 -0400 Subject: [PATCH 1/3] HHH-12542 - Add necessary privileged action blocks for SecurityManager used on WildFly. --- .../boot/cfgxml/internal/ConfigLoader.java | 45 +-- .../boot/jaxb/internal/AbstractBinder.java | 12 +- .../internal/ClassLoaderServiceImpl.java | 110 +++++--- .../hibernate/internal/util/ConfigHelper.java | 45 +-- .../internal/util/ReflectHelper.java | 264 ++++++++++-------- .../internal/CallbackBuilderLegacyImpl.java | 11 +- .../metamodel/internal/MetadataContext.java | 25 +- .../tuple/entity/PojoEntityTuplizer.java | 43 +-- .../boot/internal/EnversServiceImpl.java | 29 +- 9 files changed, 352 insertions(+), 232 deletions(-) diff --git a/hibernate-core/src/main/java/org/hibernate/boot/cfgxml/internal/ConfigLoader.java b/hibernate-core/src/main/java/org/hibernate/boot/cfgxml/internal/ConfigLoader.java index ab094f769bc8..7341a5f77fb4 100644 --- a/hibernate-core/src/main/java/org/hibernate/boot/cfgxml/internal/ConfigLoader.java +++ b/hibernate-core/src/main/java/org/hibernate/boot/cfgxml/internal/ConfigLoader.java @@ -12,6 +12,8 @@ import java.io.IOException; import java.io.InputStream; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Properties; import org.hibernate.boot.cfgxml.spi.LoadedConfig; @@ -48,27 +50,32 @@ public ConfigLoader(BootstrapServiceRegistry bootstrapServiceRegistry) { } public LoadedConfig loadConfigXmlResource(String cfgXmlResourceName) { - final InputStream stream = bootstrapServiceRegistry.getService( ClassLoaderService.class ).locateResourceStream( cfgXmlResourceName ); - if ( stream == null ) { - throw new ConfigurationException( "Could not locate cfg.xml resource [" + cfgXmlResourceName + "]" ); - } - - try { - final JaxbCfgHibernateConfiguration jaxbCfg = jaxbProcessorHolder.getValue().unmarshal( - stream, - new Origin( SourceType.RESOURCE, cfgXmlResourceName ) - ); + final JaxbCfgHibernateConfiguration jaxbCfg = AccessController.doPrivileged( new PrivilegedAction() { + @Override + public JaxbCfgHibernateConfiguration run() { + final InputStream stream = bootstrapServiceRegistry.getService( ClassLoaderService.class ).locateResourceStream( cfgXmlResourceName ); + if ( stream == null ) { + throw new ConfigurationException( "Could not locate cfg.xml resource [" + cfgXmlResourceName + "]" ); + } - return LoadedConfig.consume( jaxbCfg ); - } - finally { - try { - stream.close(); - } - catch (IOException e) { - log.debug( "Unable to close cfg.xml resource stream", e ); + try { + return jaxbProcessorHolder.getValue().unmarshal( + stream, + new Origin( SourceType.RESOURCE, cfgXmlResourceName ) + ); + } + finally { + try { + stream.close(); + } + catch ( IOException e ) { + log.debug( "Unable to close cfg.xml resource stream", e ); + } + } } - } + } ); + + return LoadedConfig.consume( jaxbCfg ); } public LoadedConfig loadConfigXmlFile(File cfgXmlFile) { diff --git a/hibernate-core/src/main/java/org/hibernate/boot/jaxb/internal/AbstractBinder.java b/hibernate-core/src/main/java/org/hibernate/boot/jaxb/internal/AbstractBinder.java index 79ef80e06089..db17881d7d92 100644 --- a/hibernate-core/src/main/java/org/hibernate/boot/jaxb/internal/AbstractBinder.java +++ b/hibernate-core/src/main/java/org/hibernate/boot/jaxb/internal/AbstractBinder.java @@ -7,6 +7,9 @@ package org.hibernate.boot.jaxb.internal; import java.io.InputStream; +import java.security.AccessController; +import java.security.PrivilegedAction; + import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; import javax.xml.bind.Unmarshaller; @@ -98,8 +101,13 @@ protected XMLEventReader createReader(Source source, Origin origin) { private Binding doBind(XMLEventReader eventReader, Origin origin) { try { - final StartElement rootElementStartEvent = seekRootElementStartEvent( eventReader, origin ); - return doBind( eventReader, rootElementStartEvent, origin ); + return AccessController.doPrivileged( new PrivilegedAction() { + @Override + public Binding run() { + final StartElement rootElementStartEvent = seekRootElementStartEvent( eventReader, origin ); + return doBind( eventReader, rootElementStartEvent, origin ); + } + } ); } finally { try { diff --git a/hibernate-core/src/main/java/org/hibernate/boot/registry/classloading/internal/ClassLoaderServiceImpl.java b/hibernate-core/src/main/java/org/hibernate/boot/registry/classloading/internal/ClassLoaderServiceImpl.java index fd4deff3f3e5..415fd409eb8a 100644 --- a/hibernate-core/src/main/java/org/hibernate/boot/registry/classloading/internal/ClassLoaderServiceImpl.java +++ b/hibernate-core/src/main/java/org/hibernate/boot/registry/classloading/internal/ClassLoaderServiceImpl.java @@ -347,49 +347,59 @@ protected Class findClass(String name) throws ClassNotFoundException { @Override @SuppressWarnings({"unchecked"}) public Class classForName(String className) { - try { - return (Class) Class.forName( className, true, getAggregatedClassLoader() ); - } - catch (Exception e) { - throw new ClassLoadingException( "Unable to load class [" + className + "]", e ); - } - catch (LinkageError e) { - throw new ClassLoadingException( "Unable to load class [" + className + "]", e ); - } + return AccessController.doPrivileged( new PrivilegedAction>() { + @Override + public Class run() { + try { + return (Class) Class.forName( className, true, getAggregatedClassLoader() ); + } + catch (Exception e) { + throw new ClassLoadingException( "Unable to load class [" + className + "]", e ); + } + catch (LinkageError e) { + throw new ClassLoadingException( "Unable to load class [" + className + "]", e ); + } + } + } ); } @Override - public URL locateResource(String name) { + public URL locateResource(final String name) { // first we try name as a URL - try { - return new URL( name ); - } - catch (Exception ignore) { - } + return AccessController.doPrivileged( new PrivilegedAction() { + @Override + public URL run() { + try { + return new URL( name ); + } + catch (Exception ignore) { + } - try { - final URL url = getAggregatedClassLoader().getResource( name ); - if ( url != null ) { - return url; - } - } - catch (Exception ignore) { - } + try { + final URL url = getAggregatedClassLoader().getResource( name ); + if ( url != null ) { + return url; + } + } + catch (Exception ignore) { + } - if ( name.startsWith( "/" ) ) { - name = name.substring( 1 ); + if ( name.startsWith( "/" ) ) { + final String resourceName = name.substring( 1 ); - try { - final URL url = getAggregatedClassLoader().getResource( name ); - if ( url != null ) { - return url; + try { + final URL url = getAggregatedClassLoader().getResource( resourceName ); + if ( url != null ) { + return url; + } + } + catch (Exception ignore) { + } } - } - catch (Exception ignore) { - } - } - return null; + return null; + } + } ); } @Override @@ -456,16 +466,21 @@ public List locateResources(String name) { @Override @SuppressWarnings("unchecked") public Collection loadJavaServices(Class serviceContract) { - ServiceLoader serviceLoader = serviceLoaders.get( serviceContract ); - if ( serviceLoader == null ) { - serviceLoader = ServiceLoader.load( serviceContract, getAggregatedClassLoader() ); - serviceLoaders.put( serviceContract, serviceLoader ); - } - final LinkedHashSet services = new LinkedHashSet(); - for ( S service : serviceLoader ) { - services.add( service ); - } - return services; + return AccessController.doPrivileged( new PrivilegedAction>() { + @Override + public Collection run() { + ServiceLoader serviceLoader = serviceLoaders.get( serviceContract ); + if ( serviceLoader == null ) { + serviceLoader = ServiceLoader.load( serviceContract, getAggregatedClassLoader() ); + serviceLoaders.put( serviceContract, serviceLoader ); + } + final LinkedHashSet services = new LinkedHashSet(); + for ( S service : serviceLoader ) { + services.add( service ); + } + return services; + } + } ); } @Override @@ -480,7 +495,12 @@ public T generateProxy(InvocationHandler handler, Class... interfaces) { @Override public T workWithClassLoader(Work work) { - return work.doWork( getAggregatedClassLoader() ); + return AccessController.doPrivileged( new PrivilegedAction() { + @Override + public T run() { + return work.doWork( getAggregatedClassLoader() ); + } + } ); } private ClassLoader getAggregatedClassLoader() { diff --git a/hibernate-core/src/main/java/org/hibernate/internal/util/ConfigHelper.java b/hibernate-core/src/main/java/org/hibernate/internal/util/ConfigHelper.java index f87581521cb8..1da5a31f5aa9 100644 --- a/hibernate-core/src/main/java/org/hibernate/internal/util/ConfigHelper.java +++ b/hibernate-core/src/main/java/org/hibernate/internal/util/ConfigHelper.java @@ -10,6 +10,8 @@ import java.io.InputStream; import java.net.MalformedURLException; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedAction; import org.hibernate.HibernateException; import org.hibernate.cfg.Environment; @@ -113,28 +115,33 @@ private ConfigHelper() { } public static InputStream getResourceAsStream(String resource) { - String stripped = resource.startsWith( "/" ) - ? resource.substring( 1 ) - : resource; + return AccessController.doPrivileged( new PrivilegedAction() { + @Override + public InputStream run() { + String stripped = resource.startsWith( "/" ) + ? resource.substring( 1 ) + : resource; + + InputStream stream = null; + ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); + if ( classLoader != null ) { + stream = classLoader.getResourceAsStream( stripped ); + } + if ( stream == null ) { + stream = Environment.class.getResourceAsStream( resource ); + } + if ( stream == null ) { + stream = Environment.class.getClassLoader().getResourceAsStream( stripped ); + } + if ( stream == null ) { + throw new HibernateException( resource + " not found" ); + } + return stream; - InputStream stream = null; - ClassLoader classLoader = Thread.currentThread().getContextClassLoader(); - if ( classLoader != null ) { - stream = classLoader.getResourceAsStream( stripped ); - } - if ( stream == null ) { - stream = Environment.class.getResourceAsStream( resource ); - } - if ( stream == null ) { - stream = Environment.class.getClassLoader().getResourceAsStream( stripped ); - } - if ( stream == null ) { - throw new HibernateException( resource + " not found" ); - } - return stream; + } + } ); } - public static InputStream getUserResourceAsStream(String resource) { boolean hasLeadingSlash = resource.startsWith( "/" ); String stripped = hasLeadingSlash ? resource.substring( 1 ) : resource; diff --git a/hibernate-core/src/main/java/org/hibernate/internal/util/ReflectHelper.java b/hibernate-core/src/main/java/org/hibernate/internal/util/ReflectHelper.java index 4fbff725c4bf..d2b6437b065f 100644 --- a/hibernate-core/src/main/java/org/hibernate/internal/util/ReflectHelper.java +++ b/hibernate-core/src/main/java/org/hibernate/internal/util/ReflectHelper.java @@ -13,6 +13,8 @@ import java.lang.reflect.Member; import java.lang.reflect.Method; import java.lang.reflect.Modifier; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Locale; import java.util.regex.Pattern; import javax.persistence.Transient; @@ -235,7 +237,12 @@ public static Class reflectedPropertyClass(Class clazz, String name) throws Mapp } private static Getter getter(Class clazz, String name) throws MappingException { - return PropertyAccessStrategyMixedImpl.INSTANCE.buildPropertyAccess( clazz, name ).getGetter(); + return AccessController.doPrivileged( new PrivilegedAction() { + @Override + public Getter run() { + return PropertyAccessStrategyMixedImpl.INSTANCE.buildPropertyAccess( clazz, name ).getGetter(); + } + } ); } public static Object getConstantValue(String name, SessionFactoryImplementor factory) { @@ -272,16 +279,21 @@ public static Constructor getDefaultConstructor(Class clazz) throws Pr return null; } - try { - Constructor constructor = clazz.getDeclaredConstructor( NO_PARAM_SIGNATURE ); - ensureAccessibility( constructor ); - return constructor; - } - catch ( NoSuchMethodException nme ) { - throw new PropertyNotFoundException( - "Object class [" + clazz.getName() + "] must declare a default (no-argument) constructor" - ); - } + return AccessController.doPrivileged( new PrivilegedAction>() { + @Override + public Constructor run() { + try { + Constructor constructor = clazz.getDeclaredConstructor( NO_PARAM_SIGNATURE ); + ensureAccessibility( constructor ); + return constructor; + } + catch ( NoSuchMethodException nme ) { + throw new PropertyNotFoundException( + "Object class [" + clazz.getName() + "] must declare a default (no-argument) constructor" + ); + } + } + } ); } /** @@ -348,12 +360,17 @@ public static Constructor getConstructor(Class clazz, Type[] types) throws Prope } public static Method getMethod(Class clazz, Method method) { - try { - return clazz.getMethod( method.getName(), method.getParameterTypes() ); - } - catch (Exception e) { - return null; - } + return AccessController.doPrivileged( new PrivilegedAction() { + @Override + public Method run() { + try { + return clazz.getMethod( method.getName(), method.getParameterTypes() ); + } + catch (Exception e) { + return null; + } + } + } ); } public static Field findField(Class containerClass, String propertyName) { @@ -364,7 +381,12 @@ else if ( containerClass == Object.class ) { throw new IllegalArgumentException( "Illegal attempt to locate field [" + propertyName + "] on Object.class" ); } - Field field = locateField( containerClass, propertyName ); + Field field = AccessController.doPrivileged( new PrivilegedAction() { + @Override + public Field run() { + return locateField( containerClass, propertyName ); + } + } ); if ( field == null ) { throw new PropertyNotFoundException( @@ -383,11 +405,15 @@ else if ( containerClass == Object.class ) { } public static void ensureAccessibility(AccessibleObject accessibleObject) { - if ( accessibleObject.isAccessible() ) { - return; - } - - accessibleObject.setAccessible( true ); + AccessController.doPrivileged( new PrivilegedAction() { + @Override + public Void run() { + if ( !accessibleObject.isAccessible() ) { + accessibleObject.setAccessible( true ); + } + return null; + } + } ); } private static Field locateField(Class clazz, String propertyName) { @@ -412,40 +438,45 @@ private static boolean isStaticField(Field field) { } public static Method findGetterMethod(Class containerClass, String propertyName) { - Class checkClass = containerClass; - Method getter = null; - - // check containerClass, and then its super types (if any) - while ( getter == null && checkClass != null ) { - if ( checkClass.equals( Object.class ) ) { - break; - } + return AccessController.doPrivileged( new PrivilegedAction() { + @Override + public Method run() { + Class checkClass = containerClass; + Method getter = null; + + // check containerClass, and then its super types (if any) + while ( getter == null && checkClass != null ) { + if ( checkClass.equals( Object.class ) ) { + break; + } - getter = getGetterOrNull( checkClass, propertyName ); + getter = getGetterOrNull( checkClass, propertyName ); - // if no getter found yet, check all implemented interfaces - if ( getter == null ) { - getter = getGetterOrNull( checkClass.getInterfaces(), propertyName ); - } + // if no getter found yet, check all implemented interfaces + if ( getter == null ) { + getter = getGetterOrNull( checkClass.getInterfaces(), propertyName ); + } - checkClass = checkClass.getSuperclass(); - } + checkClass = checkClass.getSuperclass(); + } - if ( getter == null ) { - throw new PropertyNotFoundException( - String.format( - Locale.ROOT, - "Could not locate getter method for property [%s#%s]", - containerClass.getName(), - propertyName - ) - ); - } + if ( getter == null ) { + throw new PropertyNotFoundException( + String.format( + Locale.ROOT, + "Could not locate getter method for property [%s#%s]", + containerClass.getName(), + propertyName + ) + ); + } - ensureAccessibility( getter ); + ensureAccessibility( getter ); - return getter; + return getter; + } + } ); } private static Method getGetterOrNull(Class[] interfaces, String propertyName) { @@ -576,43 +607,53 @@ public static Method getterMethodOrNull(Class containerJavaType, String property } public static Method setterMethodOrNull(final Class containerClass, final String propertyName, final Class propertyType) { - Class checkClass = containerClass; - Method setter = null; + return AccessController.doPrivileged( new PrivilegedAction() { + @Override + public Method run() { + Class checkClass = containerClass; + Method setter = null; + + // check containerClass, and then its super types (if any) + while ( setter == null && checkClass != null ) { + if ( checkClass.equals( Object.class ) ) { + break; + } - // check containerClass, and then its super types (if any) - while ( setter == null && checkClass != null ) { - if ( checkClass.equals( Object.class ) ) { - break; - } + setter = setterOrNull( checkClass, propertyName, propertyType ); - setter = setterOrNull( checkClass, propertyName, propertyType ); + // if no setter found yet, check all implemented interfaces + if ( setter == null ) { + setter = setterOrNull( checkClass.getInterfaces(), propertyName, propertyType ); + } + else { + ensureAccessibility( setter ); + } - // if no setter found yet, check all implemented interfaces - if ( setter == null ) { - setter = setterOrNull( checkClass.getInterfaces(), propertyName, propertyType ); - } - else { - ensureAccessibility( setter ); + checkClass = checkClass.getSuperclass(); + } + return setter; // might be null } - - checkClass = checkClass.getSuperclass(); - } - return setter; // might be null + } ); } public static Method findSetterMethod(final Class containerClass, final String propertyName, final Class propertyType) { - final Method setter = setterMethodOrNull( containerClass, propertyName, propertyType ); - if ( setter == null ) { - throw new PropertyNotFoundException( - String.format( - Locale.ROOT, - "Could not locate setter method for property [%s#%s]", - containerClass.getName(), - propertyName - ) - ); - } - return setter; + return AccessController.doPrivileged( new PrivilegedAction() { + @Override + public Method run() { + final Method setter = setterMethodOrNull( containerClass, propertyName, propertyType ); + if ( setter == null ) { + throw new PropertyNotFoundException( + String.format( + Locale.ROOT, + "Could not locate setter method for property [%s#%s]", + containerClass.getName(), + propertyName + ) + ); + } + return setter; + } + } ); } private static Method setterOrNull(Class[] interfaces, String propertyName, Class propertyType) { @@ -656,42 +697,47 @@ private static Method setterOrNull(Class theClass, String propertyName, Class pr * as an abstract - but again, that is such an edge case... */ public static Method findGetterMethodForFieldAccess(Field field, String propertyName) { - for ( Method method : field.getDeclaringClass().getDeclaredMethods() ) { - // if the method has parameters, skip it - if ( method.getParameterCount() != 0 ) { - continue; - } + return AccessController.doPrivileged( new PrivilegedAction() { + @Override + public Method run() { + for ( Method method : field.getDeclaringClass().getDeclaredMethods() ) { + // if the method has parameters, skip it + if ( method.getParameterCount() != 0 ) { + continue; + } - if ( Modifier.isStatic( method.getModifiers() ) ) { - continue; - } + if ( Modifier.isStatic( method.getModifiers() ) ) { + continue; + } - if ( ! method.getReturnType().isAssignableFrom( field.getType() ) ) { - continue; - } + if ( ! method.getReturnType().isAssignableFrom( field.getType() ) ) { + continue; + } - final String methodName = method.getName(); + final String methodName = method.getName(); - // try "get" - if ( methodName.startsWith( "get" ) ) { - final String stemName = methodName.substring( 3 ); - final String decapitalizedStemName = Introspector.decapitalize( stemName ); - if ( stemName.equals( propertyName ) || decapitalizedStemName.equals( propertyName ) ) { - return method; - } + // try "get" + if ( methodName.startsWith( "get" ) ) { + final String stemName = methodName.substring( 3 ); + final String decapitalizedStemName = Introspector.decapitalize( stemName ); + if ( stemName.equals( propertyName ) || decapitalizedStemName.equals( propertyName ) ) { + return method; + } - } + } - // if not "get", then try "is" - if ( methodName.startsWith( "is" ) ) { - final String stemName = methodName.substring( 2 ); - String decapitalizedStemName = Introspector.decapitalize( stemName ); - if ( stemName.equals( propertyName ) || decapitalizedStemName.equals( propertyName ) ) { - return method; + // if not "get", then try "is" + if ( methodName.startsWith( "is" ) ) { + final String stemName = methodName.substring( 2 ); + String decapitalizedStemName = Introspector.decapitalize( stemName ); + if ( stemName.equals( propertyName ) || decapitalizedStemName.equals( propertyName ) ) { + return method; + } + } } - } - } - return null; + return null; + } + } ); } } diff --git a/hibernate-core/src/main/java/org/hibernate/jpa/event/internal/CallbackBuilderLegacyImpl.java b/hibernate-core/src/main/java/org/hibernate/jpa/event/internal/CallbackBuilderLegacyImpl.java index 1a6851ba3ce9..f5f00d48303d 100644 --- a/hibernate-core/src/main/java/org/hibernate/jpa/event/internal/CallbackBuilderLegacyImpl.java +++ b/hibernate-core/src/main/java/org/hibernate/jpa/event/internal/CallbackBuilderLegacyImpl.java @@ -10,6 +10,8 @@ import java.lang.annotation.ElementType; import java.lang.annotation.Target; import java.lang.reflect.Method; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.List; import javax.persistence.Entity; @@ -72,7 +74,14 @@ public void buildCallbacksForEntity(String entityClassName, CallbackRegistrar ca } continue; } - final Callback[] callbacks = resolveEntityCallbacks( entityXClass, callbackType, reflectionManager ); + + final Callback[] callbacks = AccessController.doPrivileged( new PrivilegedAction() { + @Override + public Callback[] run() { + return resolveEntityCallbacks( entityXClass, callbackType, reflectionManager ); + } + } ); + callbackRegistrar.registerCallbacks( entityClass, callbacks ); } } diff --git a/hibernate-core/src/main/java/org/hibernate/metamodel/internal/MetadataContext.java b/hibernate-core/src/main/java/org/hibernate/metamodel/internal/MetadataContext.java index edfc52477e5e..2e916dd0cba2 100755 --- a/hibernate-core/src/main/java/org/hibernate/metamodel/internal/MetadataContext.java +++ b/hibernate-core/src/main/java/org/hibernate/metamodel/internal/MetadataContext.java @@ -7,6 +7,8 @@ package org.hibernate.metamodel.internal; import java.lang.reflect.Field; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Collections; import java.util.HashMap; @@ -369,14 +371,21 @@ private void populateStaticMetamodel(AbstractManagedType managedType) { return; } final String metamodelClassName = managedTypeClass.getName() + '_'; - try { - final Class metamodelClass = Class.forName( metamodelClassName, true, managedTypeClass.getClassLoader() ); - // we found the class; so populate it... - registerAttributes( metamodelClass, managedType ); - } - catch (ClassNotFoundException ignore) { - // nothing to do... - } + + AccessController.doPrivileged( new PrivilegedAction() { + @Override + public Object run() { + try { + final Class metamodelClass = Class.forName( metamodelClassName, true, managedTypeClass.getClassLoader() ); + // we found the class; so populate it... + registerAttributes( metamodelClass, managedType ); + } + catch (ClassNotFoundException ignore) { + // nothing to do... + } + return null; + } + } ); // todo : this does not account for @MappeSuperclass, mainly because this is not being tracked in our // internal metamodel as populated from the annotatios properly diff --git a/hibernate-core/src/main/java/org/hibernate/tuple/entity/PojoEntityTuplizer.java b/hibernate-core/src/main/java/org/hibernate/tuple/entity/PojoEntityTuplizer.java index f186e8a384c2..c9467439b5f0 100644 --- a/hibernate-core/src/main/java/org/hibernate/tuple/entity/PojoEntityTuplizer.java +++ b/hibernate-core/src/main/java/org/hibernate/tuple/entity/PojoEntityTuplizer.java @@ -8,6 +8,8 @@ import java.lang.reflect.Method; import java.lang.reflect.Modifier; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Iterator; import java.util.Map; import java.util.Set; @@ -157,24 +159,29 @@ protected ProxyFactory buildProxyFactory(PersistentClass persistentClass, Getter null : ReflectHelper.getMethod( proxyInterface, idSetterMethod ); - ProxyFactory pf = buildProxyFactoryInternal( persistentClass, idGetter, idSetter ); - try { - pf.postInstantiate( - getEntityName(), - mappedClass, - proxyInterfaces, - proxyGetIdentifierMethod, - proxySetIdentifierMethod, - persistentClass.hasEmbeddedIdentifier() ? - (CompositeType) persistentClass.getIdentifier().getType() : - null - ); - } - catch (HibernateException he) { - LOG.unableToCreateProxyFactory( getEntityName(), he ); - pf = null; - } - return pf; + return AccessController.doPrivileged( new PrivilegedAction() { + @Override + public ProxyFactory run() { + ProxyFactory pf = buildProxyFactoryInternal( persistentClass, idGetter, idSetter ); + try { + pf.postInstantiate( + getEntityName(), + mappedClass, + proxyInterfaces, + proxyGetIdentifierMethod, + proxySetIdentifierMethod, + persistentClass.hasEmbeddedIdentifier() ? + (CompositeType) persistentClass.getIdentifier().getType() : + null + ); + } + catch (HibernateException he) { + LOG.unableToCreateProxyFactory( getEntityName(), he ); + pf = null; + } + return pf; + } + } ); } protected ProxyFactory buildProxyFactoryInternal( diff --git a/hibernate-envers/src/main/java/org/hibernate/envers/boot/internal/EnversServiceImpl.java b/hibernate-envers/src/main/java/org/hibernate/envers/boot/internal/EnversServiceImpl.java index e724dc4aa7d1..c22698fd8e9a 100644 --- a/hibernate-envers/src/main/java/org/hibernate/envers/boot/internal/EnversServiceImpl.java +++ b/hibernate-envers/src/main/java/org/hibernate/envers/boot/internal/EnversServiceImpl.java @@ -6,6 +6,8 @@ */ package org.hibernate.envers.boot.internal; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Map; import java.util.Properties; @@ -151,17 +153,22 @@ private void doInitialize( revInfoCfgResult.getRevisionInfoTimestampData(), serviceRegistry ); - this.entitiesConfigurations = new EntitiesConfigurator().configure( - metadata, - serviceRegistry, - reflectionManager, - mappingCollector, - globalConfiguration, - auditEntitiesConfiguration, - auditStrategy, - revInfoCfgResult.getRevisionInfoXmlMapping(), - revInfoCfgResult.getRevisionInfoRelationMapping() - ); + this.entitiesConfigurations = AccessController.doPrivileged( new PrivilegedAction() { + @Override + public EntitiesConfigurations run() { + return new EntitiesConfigurator().configure( + metadata, + serviceRegistry, + reflectionManager, + mappingCollector, + globalConfiguration, + auditEntitiesConfiguration, + auditStrategy, + revInfoCfgResult.getRevisionInfoXmlMapping(), + revInfoCfgResult.getRevisionInfoRelationMapping() + ); + } + } ); } private static AuditStrategy initializeAuditStrategy( From 97521471ef4f2db284cb814b2d0dc6e98a65df9a Mon Sep 17 00:00:00 2001 From: Chris Cranford Date: Wed, 18 Jul 2018 10:30:59 -0400 Subject: [PATCH 2/3] HHH-12542 - Reworked Privileged block scope & invocation. --- .../boot/cfgxml/internal/ConfigLoader.java | 8 +- .../boot/jaxb/internal/AbstractBinder.java | 6 +- .../internal/ClassLoaderServiceImpl.java | 32 +- .../hibernate/internal/util/ConfigHelper.java | 6 +- .../internal/util/ReflectHelper.java | 285 ++++++++++-------- .../internal/CallbackBuilderLegacyImpl.java | 22 +- .../metamodel/internal/MetadataContext.java | 10 +- .../tuple/entity/PojoEntityTuplizer.java | 66 ++-- .../boot/internal/EnversServiceImpl.java | 29 +- .../reader/AuditedPropertiesReader.java | 30 +- 10 files changed, 291 insertions(+), 203 deletions(-) diff --git a/hibernate-core/src/main/java/org/hibernate/boot/cfgxml/internal/ConfigLoader.java b/hibernate-core/src/main/java/org/hibernate/boot/cfgxml/internal/ConfigLoader.java index 7341a5f77fb4..1485347c9f82 100644 --- a/hibernate-core/src/main/java/org/hibernate/boot/cfgxml/internal/ConfigLoader.java +++ b/hibernate-core/src/main/java/org/hibernate/boot/cfgxml/internal/ConfigLoader.java @@ -50,7 +50,7 @@ public ConfigLoader(BootstrapServiceRegistry bootstrapServiceRegistry) { } public LoadedConfig loadConfigXmlResource(String cfgXmlResourceName) { - final JaxbCfgHibernateConfiguration jaxbCfg = AccessController.doPrivileged( new PrivilegedAction() { + final PrivilegedAction action = new PrivilegedAction() { @Override public JaxbCfgHibernateConfiguration run() { final InputStream stream = bootstrapServiceRegistry.getService( ClassLoaderService.class ).locateResourceStream( cfgXmlResourceName ); @@ -73,9 +73,11 @@ public JaxbCfgHibernateConfiguration run() { } } } - } ); + }; - return LoadedConfig.consume( jaxbCfg ); + return LoadedConfig.consume( + System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run() + ); } public LoadedConfig loadConfigXmlFile(File cfgXmlFile) { diff --git a/hibernate-core/src/main/java/org/hibernate/boot/jaxb/internal/AbstractBinder.java b/hibernate-core/src/main/java/org/hibernate/boot/jaxb/internal/AbstractBinder.java index db17881d7d92..8f5ffd919d48 100644 --- a/hibernate-core/src/main/java/org/hibernate/boot/jaxb/internal/AbstractBinder.java +++ b/hibernate-core/src/main/java/org/hibernate/boot/jaxb/internal/AbstractBinder.java @@ -101,13 +101,15 @@ protected XMLEventReader createReader(Source source, Origin origin) { private Binding doBind(XMLEventReader eventReader, Origin origin) { try { - return AccessController.doPrivileged( new PrivilegedAction() { + final PrivilegedAction action = new PrivilegedAction() { @Override public Binding run() { final StartElement rootElementStartEvent = seekRootElementStartEvent( eventReader, origin ); return doBind( eventReader, rootElementStartEvent, origin ); } - } ); + }; + + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); } finally { try { diff --git a/hibernate-core/src/main/java/org/hibernate/boot/registry/classloading/internal/ClassLoaderServiceImpl.java b/hibernate-core/src/main/java/org/hibernate/boot/registry/classloading/internal/ClassLoaderServiceImpl.java index 415fd409eb8a..c1f7fa3df1ca 100644 --- a/hibernate-core/src/main/java/org/hibernate/boot/registry/classloading/internal/ClassLoaderServiceImpl.java +++ b/hibernate-core/src/main/java/org/hibernate/boot/registry/classloading/internal/ClassLoaderServiceImpl.java @@ -83,11 +83,16 @@ public ClassLoaderServiceImpl(Collection providedClassLoaders, Tccl orderedClassLoaderSet.add( ClassLoaderServiceImpl.class.getClassLoader() ); // now build the aggregated class loader... - this.aggregatedClassLoader = AccessController.doPrivileged( new PrivilegedAction() { + final PrivilegedAction action = new PrivilegedAction() { + @Override public AggregatedClassLoader run() { return new AggregatedClassLoader( orderedClassLoaderSet, lookupPrecedence ); } - } ); + }; + + this.aggregatedClassLoader = System.getSecurityManager() != null + ? AccessController.doPrivileged( action ) + : action.run(); } /** @@ -347,7 +352,7 @@ protected Class findClass(String name) throws ClassNotFoundException { @Override @SuppressWarnings({"unchecked"}) public Class classForName(String className) { - return AccessController.doPrivileged( new PrivilegedAction>() { + final PrivilegedAction> action = new PrivilegedAction>() { @Override public Class run() { try { @@ -360,13 +365,14 @@ public Class run() { throw new ClassLoadingException( "Unable to load class [" + className + "]", e ); } } - } ); + }; + + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); } @Override public URL locateResource(final String name) { - // first we try name as a URL - return AccessController.doPrivileged( new PrivilegedAction() { + final PrivilegedAction action = new PrivilegedAction() { @Override public URL run() { try { @@ -399,7 +405,9 @@ public URL run() { return null; } - } ); + }; + + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); } @Override @@ -466,7 +474,7 @@ public List locateResources(String name) { @Override @SuppressWarnings("unchecked") public Collection loadJavaServices(Class serviceContract) { - return AccessController.doPrivileged( new PrivilegedAction>() { + final PrivilegedAction> action = new PrivilegedAction>() { @Override public Collection run() { ServiceLoader serviceLoader = serviceLoaders.get( serviceContract ); @@ -480,7 +488,8 @@ public Collection run() { } return services; } - } ); + }; + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); } @Override @@ -495,12 +504,13 @@ public T generateProxy(InvocationHandler handler, Class... interfaces) { @Override public T workWithClassLoader(Work work) { - return AccessController.doPrivileged( new PrivilegedAction() { + final PrivilegedAction action = new PrivilegedAction() { @Override public T run() { return work.doWork( getAggregatedClassLoader() ); } - } ); + }; + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); } private ClassLoader getAggregatedClassLoader() { diff --git a/hibernate-core/src/main/java/org/hibernate/internal/util/ConfigHelper.java b/hibernate-core/src/main/java/org/hibernate/internal/util/ConfigHelper.java index 1da5a31f5aa9..a3383bde8696 100644 --- a/hibernate-core/src/main/java/org/hibernate/internal/util/ConfigHelper.java +++ b/hibernate-core/src/main/java/org/hibernate/internal/util/ConfigHelper.java @@ -115,7 +115,7 @@ private ConfigHelper() { } public static InputStream getResourceAsStream(String resource) { - return AccessController.doPrivileged( new PrivilegedAction() { + final PrivilegedAction action = new PrivilegedAction() { @Override public InputStream run() { String stripped = resource.startsWith( "/" ) @@ -137,9 +137,9 @@ public InputStream run() { throw new HibernateException( resource + " not found" ); } return stream; - } - } ); + }; + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); } public static InputStream getUserResourceAsStream(String resource) { diff --git a/hibernate-core/src/main/java/org/hibernate/internal/util/ReflectHelper.java b/hibernate-core/src/main/java/org/hibernate/internal/util/ReflectHelper.java index d2b6437b065f..7be80218ad10 100644 --- a/hibernate-core/src/main/java/org/hibernate/internal/util/ReflectHelper.java +++ b/hibernate-core/src/main/java/org/hibernate/internal/util/ReflectHelper.java @@ -237,12 +237,14 @@ public static Class reflectedPropertyClass(Class clazz, String name) throws Mapp } private static Getter getter(Class clazz, String name) throws MappingException { - return AccessController.doPrivileged( new PrivilegedAction() { + final PrivilegedAction action = new PrivilegedAction() { @Override public Getter run() { return PropertyAccessStrategyMixedImpl.INSTANCE.buildPropertyAccess( clazz, name ).getGetter(); } - } ); + }; + + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); } public static Object getConstantValue(String name, SessionFactoryImplementor factory) { @@ -279,21 +281,23 @@ public static Constructor getDefaultConstructor(Class clazz) throws Pr return null; } - return AccessController.doPrivileged( new PrivilegedAction>() { + final PrivilegedAction action = new PrivilegedAction() { @Override - public Constructor run() { + public Constructor run() { try { Constructor constructor = clazz.getDeclaredConstructor( NO_PARAM_SIGNATURE ); ensureAccessibility( constructor ); return constructor; } - catch ( NoSuchMethodException nme ) { + catch (NoSuchMethodException e) { throw new PropertyNotFoundException( "Object class [" + clazz.getName() + "] must declare a default (no-argument) constructor" ); } } - } ); + }; + + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); } /** @@ -360,17 +364,19 @@ public static Constructor getConstructor(Class clazz, Type[] types) throws Prope } public static Method getMethod(Class clazz, Method method) { - return AccessController.doPrivileged( new PrivilegedAction() { + final PrivilegedAction action = new PrivilegedAction() { @Override public Method run() { try { return clazz.getMethod( method.getName(), method.getParameterTypes() ); } - catch (Exception e) { + catch (Exception e){ return null; } } - } ); + }; + + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); } public static Field findField(Class containerClass, String propertyName) { @@ -381,13 +387,14 @@ else if ( containerClass == Object.class ) { throw new IllegalArgumentException( "Illegal attempt to locate field [" + propertyName + "] on Object.class" ); } - Field field = AccessController.doPrivileged( new PrivilegedAction() { + final PrivilegedAction action = new PrivilegedAction() { @Override public Field run() { return locateField( containerClass, propertyName ); } - } ); + }; + final Field field = System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); if ( field == null ) { throw new PropertyNotFoundException( String.format( @@ -405,15 +412,22 @@ public Field run() { } public static void ensureAccessibility(AccessibleObject accessibleObject) { - AccessController.doPrivileged( new PrivilegedAction() { + final PrivilegedAction action = new PrivilegedAction() { @Override - public Void run() { + public Object run() { if ( !accessibleObject.isAccessible() ) { accessibleObject.setAccessible( true ); } return null; } - } ); + }; + + if ( System.getSecurityManager() != null ) { + AccessController.doPrivileged( action ); + } + else { + action.run(); + } } private static Field locateField(Class clazz, String propertyName) { @@ -438,45 +452,40 @@ private static boolean isStaticField(Field field) { } public static Method findGetterMethod(Class containerClass, String propertyName) { - return AccessController.doPrivileged( new PrivilegedAction() { - @Override - public Method run() { - Class checkClass = containerClass; - Method getter = null; + Class checkClass = containerClass; + Method getter = null; - // check containerClass, and then its super types (if any) - while ( getter == null && checkClass != null ) { - if ( checkClass.equals( Object.class ) ) { - break; - } + // check containerClass, and then its super types (if any) + while ( getter == null && checkClass != null ) { + if ( checkClass.equals( Object.class ) ) { + break; + } - getter = getGetterOrNull( checkClass, propertyName ); + getter = getGetterOrNull( checkClass, propertyName ); - // if no getter found yet, check all implemented interfaces - if ( getter == null ) { - getter = getGetterOrNull( checkClass.getInterfaces(), propertyName ); - } + // if no getter found yet, check all implemented interfaces + if ( getter == null ) { + getter = getGetterOrNull( checkClass.getInterfaces(), propertyName ); + } - checkClass = checkClass.getSuperclass(); - } + checkClass = checkClass.getSuperclass(); + } - if ( getter == null ) { - throw new PropertyNotFoundException( - String.format( - Locale.ROOT, - "Could not locate getter method for property [%s#%s]", - containerClass.getName(), - propertyName - ) - ); - } + if ( getter == null ) { + throw new PropertyNotFoundException( + String.format( + Locale.ROOT, + "Could not locate getter method for property [%s#%s]", + containerClass.getName(), + propertyName + ) + ); + } - ensureAccessibility( getter ); + ensureAccessibility( getter ); - return getter; - } - } ); + return getter; } private static Method getGetterOrNull(Class[] interfaces, String propertyName) { @@ -493,7 +502,7 @@ private static Method getGetterOrNull(Class[] interfaces, String propertyName) { } private static Method getGetterOrNull(Class containerClass, String propertyName) { - for ( Method method : containerClass.getDeclaredMethods() ) { + for ( Method method : getDeclaredMethods( containerClass ) ) { // if the method has parameters, skip it if ( method.getParameterCount() != 0 ) { continue; @@ -544,17 +553,39 @@ private static void verifyNoIsVariantExists( String propertyName, Method getMethod, String stemName) { - // verify that the Class does not also define a method with the same stem name with 'is' - try { - final Method isMethod = containerClass.getDeclaredMethod( "is" + stemName ); + final Method isMethod = getDeclaredMethod( containerClass, "is" + stemName ); + if ( isMethod != null ) { if ( !Modifier.isStatic( isMethod.getModifiers() ) && isMethod.getAnnotation( Transient.class ) == null ) { // No such method should throw the caught exception. So if we get here, there was // such a method. checkGetAndIsVariants( containerClass, propertyName, getMethod, isMethod ); } } - catch (NoSuchMethodException ignore) { - } + } + + private static Method getDeclaredMethod(Class containerClass, String methodName) { + final PrivilegedAction action = new PrivilegedAction() { + @Override + public Method run() { + try { + return containerClass.getDeclaredMethod( methodName ); + } + catch (NoSuchMethodException ignore) { + return null; + } + } + }; + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); + } + + private static Method[] getDeclaredMethods(Class containerClass) { + final PrivilegedAction action = new PrivilegedAction() { + @Override + public Method[] run() { + return containerClass.getDeclaredMethods(); + } + }; + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); } private static void checkGetAndIsVariants( @@ -585,16 +616,14 @@ private static void verifyNoGetVariantExists( Method isMethod, String stemName) { // verify that the Class does not also define a method with the same stem name with 'is' - try { - final Method getMethod = containerClass.getDeclaredMethod( "get" + stemName ); + final Method getMethod = getDeclaredMethod( containerClass, "get" + stemName ); + if ( getMethod != null ) { // No such method should throw the caught exception. So if we get here, there was // such a method. if ( !Modifier.isStatic( getMethod.getModifiers() ) && getMethod.getAnnotation( Transient.class ) == null ) { checkGetAndIsVariants( containerClass, propertyName, getMethod, isMethod ); } } - catch (NoSuchMethodException ignore) { - } } public static Method getterMethodOrNull(Class containerJavaType, String propertyName) { @@ -607,53 +636,43 @@ public static Method getterMethodOrNull(Class containerJavaType, String property } public static Method setterMethodOrNull(final Class containerClass, final String propertyName, final Class propertyType) { - return AccessController.doPrivileged( new PrivilegedAction() { - @Override - public Method run() { - Class checkClass = containerClass; - Method setter = null; - - // check containerClass, and then its super types (if any) - while ( setter == null && checkClass != null ) { - if ( checkClass.equals( Object.class ) ) { - break; - } + Class checkClass = containerClass; + Method setter = null; - setter = setterOrNull( checkClass, propertyName, propertyType ); + // check containerClass, and then its super types (if any) + while ( setter == null && checkClass != null ) { + if ( checkClass.equals( Object.class ) ) { + break; + } - // if no setter found yet, check all implemented interfaces - if ( setter == null ) { - setter = setterOrNull( checkClass.getInterfaces(), propertyName, propertyType ); - } - else { - ensureAccessibility( setter ); - } + setter = setterOrNull( checkClass, propertyName, propertyType ); - checkClass = checkClass.getSuperclass(); - } - return setter; // might be null + // if no setter found yet, check all implemented interfaces + if ( setter == null ) { + setter = setterOrNull( checkClass.getInterfaces(), propertyName, propertyType ); } - } ); + else { + ensureAccessibility( setter ); + } + + checkClass = checkClass.getSuperclass(); + } + return setter; // might be null } public static Method findSetterMethod(final Class containerClass, final String propertyName, final Class propertyType) { - return AccessController.doPrivileged( new PrivilegedAction() { - @Override - public Method run() { - final Method setter = setterMethodOrNull( containerClass, propertyName, propertyType ); - if ( setter == null ) { - throw new PropertyNotFoundException( - String.format( - Locale.ROOT, - "Could not locate setter method for property [%s#%s]", - containerClass.getName(), - propertyName - ) - ); - } - return setter; - } - } ); + final Method setter = setterMethodOrNull( containerClass, propertyName, propertyType ); + if ( setter == null ) { + throw new PropertyNotFoundException( + String.format( + Locale.ROOT, + "Could not locate setter method for property [%s#%s]", + containerClass.getName(), + propertyName + ) + ); + } + return setter; } private static Method setterOrNull(Class[] interfaces, String propertyName, Class propertyType) { @@ -672,7 +691,7 @@ private static Method setterOrNull(Class[] interfaces, String propertyName, Clas private static Method setterOrNull(Class theClass, String propertyName, Class propertyType) { Method potentialSetter = null; - for ( Method method : theClass.getDeclaredMethods() ) { + for ( Method method : getDeclaredMethods( theClass ) ) { final String methodName = method.getName(); if ( method.getParameterCount() == 1 && methodName.startsWith( "set" ) ) { final String testOldMethod = methodName.substring( 3 ); @@ -697,47 +716,53 @@ private static Method setterOrNull(Class theClass, String propertyName, Class pr * as an abstract - but again, that is such an edge case... */ public static Method findGetterMethodForFieldAccess(Field field, String propertyName) { - return AccessController.doPrivileged( new PrivilegedAction() { - @Override - public Method run() { - for ( Method method : field.getDeclaringClass().getDeclaredMethods() ) { - // if the method has parameters, skip it - if ( method.getParameterCount() != 0 ) { - continue; - } +// final PrivilegedAction action = new PrivilegedAction() { +// @Override +// public Method[] run() { +// return field.getDeclaringClass().getDeclaredMethods(); +// } +// }; +// +// final Method[] methods = System.getSecurityManager() != null +// ? AccessController.doPrivileged( action ) +// : action.run(); + + for ( Method method : getDeclaredMethods( field.getDeclaringClass() ) ) { + // if the method has parameters, skip it + if ( method.getParameterCount() != 0 ) { + continue; + } - if ( Modifier.isStatic( method.getModifiers() ) ) { - continue; - } + if ( Modifier.isStatic( method.getModifiers() ) ) { + continue; + } - if ( ! method.getReturnType().isAssignableFrom( field.getType() ) ) { - continue; - } + if ( ! method.getReturnType().isAssignableFrom( field.getType() ) ) { + continue; + } - final String methodName = method.getName(); + final String methodName = method.getName(); - // try "get" - if ( methodName.startsWith( "get" ) ) { - final String stemName = methodName.substring( 3 ); - final String decapitalizedStemName = Introspector.decapitalize( stemName ); - if ( stemName.equals( propertyName ) || decapitalizedStemName.equals( propertyName ) ) { - return method; - } + // try "get" + if ( methodName.startsWith( "get" ) ) { + final String stemName = methodName.substring( 3 ); + final String decapitalizedStemName = Introspector.decapitalize( stemName ); + if ( stemName.equals( propertyName ) || decapitalizedStemName.equals( propertyName ) ) { + return method; + } - } + } - // if not "get", then try "is" - if ( methodName.startsWith( "is" ) ) { - final String stemName = methodName.substring( 2 ); - String decapitalizedStemName = Introspector.decapitalize( stemName ); - if ( stemName.equals( propertyName ) || decapitalizedStemName.equals( propertyName ) ) { - return method; - } - } + // if not "get", then try "is" + if ( methodName.startsWith( "is" ) ) { + final String stemName = methodName.substring( 2 ); + String decapitalizedStemName = Introspector.decapitalize( stemName ); + if ( stemName.equals( propertyName ) || decapitalizedStemName.equals( propertyName ) ) { + return method; } - - return null; } - } ); + } + + return null; } } diff --git a/hibernate-core/src/main/java/org/hibernate/jpa/event/internal/CallbackBuilderLegacyImpl.java b/hibernate-core/src/main/java/org/hibernate/jpa/event/internal/CallbackBuilderLegacyImpl.java index f5f00d48303d..42da63f82d0e 100644 --- a/hibernate-core/src/main/java/org/hibernate/jpa/event/internal/CallbackBuilderLegacyImpl.java +++ b/hibernate-core/src/main/java/org/hibernate/jpa/event/internal/CallbackBuilderLegacyImpl.java @@ -75,13 +75,7 @@ public void buildCallbacksForEntity(String entityClassName, CallbackRegistrar ca continue; } - final Callback[] callbacks = AccessController.doPrivileged( new PrivilegedAction() { - @Override - public Callback[] run() { - return resolveEntityCallbacks( entityXClass, callbackType, reflectionManager ); - } - } ); - + final Callback[] callbacks = resolveEntityCallbacks( entityXClass, callbackType, reflectionManager ); callbackRegistrar.registerCallbacks( entityClass, callbacks ); } } @@ -128,7 +122,7 @@ public Callback[] resolveEntityCallbacks(XClass beanClass, CallbackType callback final boolean debugEnabled = log.isDebugEnabled(); do { Callback callback = null; - List methods = currentClazz.getDeclaredMethods(); + List methods = getDeclaredMethods( currentClazz ); for ( final XMethod xMethod : methods ) { if ( xMethod.isAnnotationPresent( callbackType.getCallbackAnnotation() ) ) { Method method = reflectionManager.toMethod( xMethod ); @@ -199,7 +193,7 @@ public Callback[] resolveEntityCallbacks(XClass beanClass, CallbackType callback if ( listener != null ) { XClass xListener = reflectionManager.toXClass( listener ); callbacksMethodNames = new ArrayList<>(); - List methods = xListener.getDeclaredMethods(); + List methods = getDeclaredMethods( xListener ); for ( final XMethod xMethod : methods ) { if ( xMethod.isAnnotationPresent( callbackType.getCallbackAnnotation() ) ) { final Method method = reflectionManager.toMethod( xMethod ); @@ -347,4 +341,14 @@ private static void getListeners(XClass currentClazz, List orderedListene } } } + + private static List getDeclaredMethods(XClass clazz) { + final PrivilegedAction> action = new PrivilegedAction>() { + @Override + public List run() { + return clazz.getDeclaredMethods(); + } + }; + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); + } } diff --git a/hibernate-core/src/main/java/org/hibernate/metamodel/internal/MetadataContext.java b/hibernate-core/src/main/java/org/hibernate/metamodel/internal/MetadataContext.java index 2e916dd0cba2..3dee49037312 100755 --- a/hibernate-core/src/main/java/org/hibernate/metamodel/internal/MetadataContext.java +++ b/hibernate-core/src/main/java/org/hibernate/metamodel/internal/MetadataContext.java @@ -372,7 +372,7 @@ private void populateStaticMetamodel(AbstractManagedType managedType) { } final String metamodelClassName = managedTypeClass.getName() + '_'; - AccessController.doPrivileged( new PrivilegedAction() { + final PrivilegedAction action = new PrivilegedAction() { @Override public Object run() { try { @@ -385,7 +385,13 @@ public Object run() { } return null; } - } ); + }; + if ( System.getSecurityManager() != null ) { + AccessController.doPrivileged( action ); + } + else { + action.run(); + } // todo : this does not account for @MappeSuperclass, mainly because this is not being tracked in our // internal metamodel as populated from the annotatios properly diff --git a/hibernate-core/src/main/java/org/hibernate/tuple/entity/PojoEntityTuplizer.java b/hibernate-core/src/main/java/org/hibernate/tuple/entity/PojoEntityTuplizer.java index c9467439b5f0..f42c1fbcb633 100644 --- a/hibernate-core/src/main/java/org/hibernate/tuple/entity/PojoEntityTuplizer.java +++ b/hibernate-core/src/main/java/org/hibernate/tuple/entity/PojoEntityTuplizer.java @@ -159,29 +159,51 @@ protected ProxyFactory buildProxyFactory(PersistentClass persistentClass, Getter null : ReflectHelper.getMethod( proxyInterface, idSetterMethod ); - return AccessController.doPrivileged( new PrivilegedAction() { - @Override - public ProxyFactory run() { - ProxyFactory pf = buildProxyFactoryInternal( persistentClass, idGetter, idSetter ); - try { - pf.postInstantiate( - getEntityName(), - mappedClass, - proxyInterfaces, - proxyGetIdentifierMethod, - proxySetIdentifierMethod, - persistentClass.hasEmbeddedIdentifier() ? - (CompositeType) persistentClass.getIdentifier().getType() : - null - ); - } - catch (HibernateException he) { - LOG.unableToCreateProxyFactory( getEntityName(), he ); - pf = null; - } - return pf; + if ( System.getSecurityManager() == null ) { + ProxyFactory pf = buildProxyFactoryInternal( persistentClass, idGetter, idSetter ); + try { + pf.postInstantiate( + getEntityName(), + mappedClass, + proxyInterfaces, + proxyGetIdentifierMethod, + proxySetIdentifierMethod, + persistentClass.hasEmbeddedIdentifier() ? + (CompositeType) persistentClass.getIdentifier().getType() : + null + ); + } + catch (HibernateException he) { + LOG.unableToCreateProxyFactory( getEntityName(), he ); + pf = null; } - } ); + return pf; + } + else { + return AccessController.doPrivileged( new PrivilegedAction() { + @Override + public ProxyFactory run() { + ProxyFactory pf = buildProxyFactoryInternal( persistentClass, idGetter, idSetter ); + try { + pf.postInstantiate( + getEntityName(), + mappedClass, + proxyInterfaces, + proxyGetIdentifierMethod, + proxySetIdentifierMethod, + persistentClass.hasEmbeddedIdentifier() ? + (CompositeType) persistentClass.getIdentifier().getType() : + null + ); + } + catch ( HibernateException he ) { + LOG.unableToCreateProxyFactory( getEntityName(), he ); + pf = null; + } + return pf; + } + } ); + } } protected ProxyFactory buildProxyFactoryInternal( diff --git a/hibernate-envers/src/main/java/org/hibernate/envers/boot/internal/EnversServiceImpl.java b/hibernate-envers/src/main/java/org/hibernate/envers/boot/internal/EnversServiceImpl.java index c22698fd8e9a..e724dc4aa7d1 100644 --- a/hibernate-envers/src/main/java/org/hibernate/envers/boot/internal/EnversServiceImpl.java +++ b/hibernate-envers/src/main/java/org/hibernate/envers/boot/internal/EnversServiceImpl.java @@ -6,8 +6,6 @@ */ package org.hibernate.envers.boot.internal; -import java.security.AccessController; -import java.security.PrivilegedAction; import java.util.Map; import java.util.Properties; @@ -153,22 +151,17 @@ private void doInitialize( revInfoCfgResult.getRevisionInfoTimestampData(), serviceRegistry ); - this.entitiesConfigurations = AccessController.doPrivileged( new PrivilegedAction() { - @Override - public EntitiesConfigurations run() { - return new EntitiesConfigurator().configure( - metadata, - serviceRegistry, - reflectionManager, - mappingCollector, - globalConfiguration, - auditEntitiesConfiguration, - auditStrategy, - revInfoCfgResult.getRevisionInfoXmlMapping(), - revInfoCfgResult.getRevisionInfoRelationMapping() - ); - } - } ); + this.entitiesConfigurations = new EntitiesConfigurator().configure( + metadata, + serviceRegistry, + reflectionManager, + mappingCollector, + globalConfiguration, + auditEntitiesConfiguration, + auditStrategy, + revInfoCfgResult.getRevisionInfoXmlMapping(), + revInfoCfgResult.getRevisionInfoRelationMapping() + ); } private static AuditStrategy initializeAuditStrategy( diff --git a/hibernate-envers/src/main/java/org/hibernate/envers/configuration/internal/metadata/reader/AuditedPropertiesReader.java b/hibernate-envers/src/main/java/org/hibernate/envers/configuration/internal/metadata/reader/AuditedPropertiesReader.java index 3ddffe0a4621..a1d28592157a 100644 --- a/hibernate-envers/src/main/java/org/hibernate/envers/configuration/internal/metadata/reader/AuditedPropertiesReader.java +++ b/hibernate-envers/src/main/java/org/hibernate/envers/configuration/internal/metadata/reader/AuditedPropertiesReader.java @@ -7,6 +7,8 @@ package org.hibernate.envers.configuration.internal.metadata.reader; import java.lang.annotation.Annotation; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Arrays; import java.util.Collections; import java.util.Iterator; @@ -47,6 +49,7 @@ import org.hibernate.mapping.Component; import org.hibernate.mapping.Property; import org.hibernate.mapping.Value; + import org.jboss.logging.Logger; import static org.hibernate.envers.internal.tools.Tools.newHashMap; @@ -354,26 +357,47 @@ private void addPropertiesFromClass(XClass clazz) { //look in the class addFromProperties( - clazz.getDeclaredProperties( "field" ), + getPropertiesFromClassByType( clazz, AccessType.FIELD ), it -> "field", fieldAccessedPersistentProperties, allClassAudited ); + addFromProperties( - clazz.getDeclaredProperties( "property" ), + getPropertiesFromClassByType( clazz, AccessType.PROPERTY ), propertyAccessedPersistentProperties::get, propertyAccessedPersistentProperties.keySet(), allClassAudited ); if ( allClassAudited != null || !auditedPropertiesHolder.isEmpty() ) { - final XClass superclazz = clazz.getSuperclass(); + final PrivilegedAction action = new PrivilegedAction() { + @Override + public XClass run() { + return clazz.getSuperclass(); + } + }; + + final XClass superclazz = System.getSecurityManager() != null + ? AccessController.doPrivileged( action ) + : action.run(); + if ( !clazz.isInterface() && !"java.lang.Object".equals( superclazz.getName() ) ) { addPropertiesFromClass( superclazz ); } } } + private Iterable getPropertiesFromClassByType(XClass clazz, AccessType accessType) { + final PrivilegedAction> action = new PrivilegedAction>() { + @Override + public Iterable run() { + return clazz.getDeclaredProperties( accessType.getType() ); + } + }; + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); + } + private void addFromProperties( Iterable properties, Function accessTypeProvider, From af7bf7ff6ccd6e27b399eb17b3781e41714d99b4 Mon Sep 17 00:00:00 2001 From: Chris Cranford Date: Wed, 18 Jul 2018 10:37:06 -0400 Subject: [PATCH 3/3] HHH-12542 - Remove comment and fix one last remaining Privilege block call. --- .../internal/util/ReflectHelper.java | 11 --- .../tuple/entity/PojoEntityTuplizer.java | 68 +++++++------------ 2 files changed, 24 insertions(+), 55 deletions(-) diff --git a/hibernate-core/src/main/java/org/hibernate/internal/util/ReflectHelper.java b/hibernate-core/src/main/java/org/hibernate/internal/util/ReflectHelper.java index 7be80218ad10..b192252ad542 100644 --- a/hibernate-core/src/main/java/org/hibernate/internal/util/ReflectHelper.java +++ b/hibernate-core/src/main/java/org/hibernate/internal/util/ReflectHelper.java @@ -716,17 +716,6 @@ private static Method setterOrNull(Class theClass, String propertyName, Class pr * as an abstract - but again, that is such an edge case... */ public static Method findGetterMethodForFieldAccess(Field field, String propertyName) { -// final PrivilegedAction action = new PrivilegedAction() { -// @Override -// public Method[] run() { -// return field.getDeclaringClass().getDeclaredMethods(); -// } -// }; -// -// final Method[] methods = System.getSecurityManager() != null -// ? AccessController.doPrivileged( action ) -// : action.run(); - for ( Method method : getDeclaredMethods( field.getDeclaringClass() ) ) { // if the method has parameters, skip it if ( method.getParameterCount() != 0 ) { diff --git a/hibernate-core/src/main/java/org/hibernate/tuple/entity/PojoEntityTuplizer.java b/hibernate-core/src/main/java/org/hibernate/tuple/entity/PojoEntityTuplizer.java index f42c1fbcb633..6efd27b543e1 100644 --- a/hibernate-core/src/main/java/org/hibernate/tuple/entity/PojoEntityTuplizer.java +++ b/hibernate-core/src/main/java/org/hibernate/tuple/entity/PojoEntityTuplizer.java @@ -159,51 +159,31 @@ protected ProxyFactory buildProxyFactory(PersistentClass persistentClass, Getter null : ReflectHelper.getMethod( proxyInterface, idSetterMethod ); - if ( System.getSecurityManager() == null ) { - ProxyFactory pf = buildProxyFactoryInternal( persistentClass, idGetter, idSetter ); - try { - pf.postInstantiate( - getEntityName(), - mappedClass, - proxyInterfaces, - proxyGetIdentifierMethod, - proxySetIdentifierMethod, - persistentClass.hasEmbeddedIdentifier() ? - (CompositeType) persistentClass.getIdentifier().getType() : - null - ); - } - catch (HibernateException he) { - LOG.unableToCreateProxyFactory( getEntityName(), he ); - pf = null; - } - return pf; - } - else { - return AccessController.doPrivileged( new PrivilegedAction() { - @Override - public ProxyFactory run() { - ProxyFactory pf = buildProxyFactoryInternal( persistentClass, idGetter, idSetter ); - try { - pf.postInstantiate( - getEntityName(), - mappedClass, - proxyInterfaces, - proxyGetIdentifierMethod, - proxySetIdentifierMethod, - persistentClass.hasEmbeddedIdentifier() ? - (CompositeType) persistentClass.getIdentifier().getType() : - null - ); - } - catch ( HibernateException he ) { - LOG.unableToCreateProxyFactory( getEntityName(), he ); - pf = null; - } - return pf; + final PrivilegedAction action = new PrivilegedAction() { + @Override + public ProxyFactory run() { + ProxyFactory pf = buildProxyFactoryInternal( persistentClass, idGetter, idSetter ); + try { + pf.postInstantiate( + getEntityName(), + mappedClass, + proxyInterfaces, + proxyGetIdentifierMethod, + proxySetIdentifierMethod, + persistentClass.hasEmbeddedIdentifier() ? + (CompositeType) persistentClass.getIdentifier().getType() : + null + ); } - } ); - } + catch (HibernateException he) { + LOG.unableToCreateProxyFactory( getEntityName(), he ); + pf = null; + } + return pf; + } + }; + + return System.getSecurityManager() != null ? AccessController.doPrivileged( action ) : action.run(); } protected ProxyFactory buildProxyFactoryInternal(