You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@bval.apache.org by jr...@apache.org on 2010/12/03 22:05:50 UTC
svn commit: r1042001 - in /incubator/bval/trunk:
bval-core/src/main/java/org/apache/bval/util/
bval-jsr303/src/main/java/org/apache/bval/jsr303/resolver/
bval-jsr303/src/main/java/org/apache/bval/jsr303/util/
Author: jrbauer
Date: Fri Dec 3 21:05:49 2010
New Revision: 1042001
URL: http://svn.apache.org/viewvc?rev=1042001&view=rev
Log:
BVAL-87 Committing J2 security updates contributed by Albert Lee.
Modified:
incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/FieldAccess.java
incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/MethodAccess.java
incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java
incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/ClassHelper.java
incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/SecureActions.java
Modified: incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/FieldAccess.java
URL: http://svn.apache.org/viewvc/incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/FieldAccess.java?rev=1042001&r1=1042000&r2=1042001&view=diff
==============================================================================
--- incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/FieldAccess.java (original)
+++ incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/FieldAccess.java Fri Dec 3 21:05:49 2010
@@ -32,10 +32,15 @@ public class FieldAccess extends AccessS
* Create a new FieldAccess instance.
* @param field
*/
- public FieldAccess(Field field) {
+ public FieldAccess(final Field field) {
this.field = field;
if(!field.isAccessible()) {
- field.setAccessible(true);
+ PrivilegedActions.run( new PrivilegedAction<Object>() {
+ public Object run() {
+ field.setAccessible(true);
+ return (Object) null;
+ }
+ });
}
}
Modified: incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/MethodAccess.java
URL: http://svn.apache.org/viewvc/incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/MethodAccess.java?rev=1042001&r1=1042000&r2=1042001&view=diff
==============================================================================
--- incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/MethodAccess.java (original)
+++ incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/MethodAccess.java Fri Dec 3 21:05:49 2010
@@ -43,11 +43,16 @@ public class MethodAccess extends Access
* @param propertyName
* @param method
*/
- public MethodAccess(String propertyName, Method method) {
+ public MethodAccess(String propertyName, final Method method) {
this.method = method;
this.propertyName = propertyName;
if (!method.isAccessible()) {
- method.setAccessible(true);
+ PrivilegedActions.run( new PrivilegedAction<Object>() {
+ public Object run() {
+ method.setAccessible(true);
+ return (Object) null;
+ }
+ });
}
}
Modified: incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java
URL: http://svn.apache.org/viewvc/incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java?rev=1042001&r1=1042000&r2=1042001&view=diff
==============================================================================
--- incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java (original)
+++ incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java Fri Dec 3 21:05:49 2010
@@ -16,14 +16,16 @@
*/
package org.apache.bval.jsr303.resolver;
-import org.apache.bval.jsr303.util.SecureActions;
-import org.apache.commons.lang.ClassUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
+import java.lang.annotation.ElementType;
import javax.validation.Path;
import javax.validation.TraversableResolver;
-import java.lang.annotation.ElementType;
+
+import org.apache.bval.jsr303.util.ClassHelper;
+import org.apache.bval.jsr303.util.SecureActions;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
/** @see javax.validation.TraversableResolver */
@@ -72,7 +74,7 @@ public class DefaultTraversableResolver
@SuppressWarnings("unchecked")
private void initJpa() {
try {
- ClassUtils.getClass(PERSISTENCE_UTIL_CLASSNAME);
+ ClassHelper.getClass(PERSISTENCE_UTIL_CLASSNAME);
log.debug("Found {} on classpath.", PERSISTENCE_UTIL_CLASSNAME);
} catch (Exception e) {
log.debug("Cannot find {} on classpath. All properties will per default be traversable.", PERSISTENCE_UTIL_CLASSNAME);
@@ -81,7 +83,7 @@ public class DefaultTraversableResolver
try {
Class<? extends TraversableResolver> jpaAwareResolverClass =
- (Class<? extends TraversableResolver>) ClassUtils
+ (Class<? extends TraversableResolver>) ClassHelper
.getClass(JPA_AWARE_TRAVERSABLE_RESOLVER_CLASSNAME);
jpaTR = SecureActions.newInstance(jpaAwareResolverClass);
log.debug("Instantiated an instance of {}.", JPA_AWARE_TRAVERSABLE_RESOLVER_CLASSNAME);
Modified: incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/ClassHelper.java
URL: http://svn.apache.org/viewvc/incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/ClassHelper.java?rev=1042001&r1=1042000&r2=1042001&view=diff
==============================================================================
--- incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/ClassHelper.java (original)
+++ incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/ClassHelper.java Fri Dec 3 21:05:49 2010
@@ -23,6 +23,8 @@ import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
+import org.apache.commons.lang.ClassUtils;
+
/**
* Common operations on classes that do not require an {@link AccessController}.
*
@@ -58,4 +60,16 @@ public class ClassHelper {
}
}
+ /**
+ * Perform ClassUtils.getClass functions with Java 2 Security enabled.
+ */
+ public static Class<?> getClass(String className) throws ClassNotFoundException {
+ return getClass(className, true);
+ }
+
+ public static Class<?> getClass(String className, boolean initialize) throws ClassNotFoundException {
+ ClassLoader ctxtCldr = SecureActions.getContextClassLoader(Thread.currentThread());
+ ClassLoader loader = (ctxtCldr != null) ? ctxtCldr : SecureActions.getClassLoader(ClassHelper.class);
+ return ClassUtils.getClass(loader, className, initialize);
+ }
}
Modified: incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/SecureActions.java
URL: http://svn.apache.org/viewvc/incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/SecureActions.java?rev=1042001&r1=1042000&r2=1042001&view=diff
==============================================================================
--- incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/SecureActions.java (original)
+++ incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/SecureActions.java Fri Dec 3 21:05:49 2010
@@ -213,6 +213,19 @@ public class SecureActions extends Privi
}
/**
+ * Get class loader of <code>class</code>.
+ * @param clazz
+ * @return {@link ClassLoader}
+ */
+ public static ClassLoader getContextClassLoader(final Class<?> clazz) {
+ return run(new PrivilegedAction<ClassLoader>() {
+ public ClassLoader run() {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+
+ /**
* Get the constructor of <code>clazz</code> matching <code>params</code>.
* @param <T>
* @param clazz