You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@bval.apache.org by "Albert Lee (JIRA)" <ji...@apache.org> on 2010/12/03 17:23:10 UTC
[jira] Reopened: (BVAL-87) Java 2 security violations in
ClassValidator.validate
[ https://issues.apache.org/jira/browse/BVAL-87?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Albert Lee reopened BVAL-87:
----------------------------
Found the following new AccessControlExceptions:
java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
at java.lang.Throwable.<init>(Throwable.java:56)
at java.lang.Throwable.<init>(Throwable.java:67)
at java.lang.Exception.<init>(Exception.java:52)
at java.lang.RuntimeException.<init>(RuntimeException.java:54)
at java.lang.SecurityException.<init>(SecurityException.java:46)
at java.security.AccessControlException.<init>(AccessControlException.java:62)
at java.security.AccessController.checkPermission(AccessController.java:68)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.Thread.getContextClassLoader(Thread.java:457)
at org.apache.commons.lang.ClassUtils.getClass(ClassUtils.java:675)
at org.apache.commons.lang.ClassUtils.getClass(ClassUtils.java:660)
at org.apache.bval.jsr303.resolver.DefaultTraversableResolver.initJpa(DefaultTraversableResolver.java:75)
at org.apache.bval.jsr303.resolver.DefaultTraversableResolver.<init>(DefaultTraversableResolver.java:48)
at org.apache.bval.jsr303.ConfigurationImpl.<init>(ConfigurationImpl.java:85)
java.security.AccessControlException: Access denied (java.lang.reflect.ReflectPermission suppressAccessChecks)
at java.lang.Throwable.<init>(Throwable.java:56)
at java.lang.Throwable.<init>(Throwable.java:67)
at java.lang.Exception.<init>(Exception.java:52)
at java.lang.RuntimeException.<init>(RuntimeException.java:54)
at java.lang.SecurityException.<init>(SecurityException.java:46)
at java.security.AccessControlException.<init>(AccessControlException.java:62)
at java.security.AccessController.checkPermission(AccessController.java:68)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.reflect.AccessibleObject.setAccessible(AccessibleObject.java:118)
at org.apache.bval.util.FieldAccess.<init>(FieldAccess.java:38)
at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:137)
at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
> Java 2 security violations in ClassValidator.validate
> -----------------------------------------------------
>
> Key: BVAL-87
> URL: https://issues.apache.org/jira/browse/BVAL-87
> Project: BeanValidation
> Issue Type: Bug
> Components: jsr303
> Affects Versions: 0.3-incubating
> Reporter: Albert Lee
> Fix For: 0.3-incubating
>
> Attachments: BVAL-87.patch
>
>
> Hitting a few Java 2 security access control exception during validation.
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission accessDeclaredMembers)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
> at java.lang.Class.checkMemberAccess(Class.java:105)
> at java.lang.Class.getDeclaredFields(Class.java:535)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:129)
> at org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
> at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
> at org.apache.bval.MetaBeanManager.findForClass(MetaBeanManager.java:102)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:128)
> java.security.AccessControlException: Access denied (java.lang.RuntimePermission getClassLoader)
> at java.security.AccessController.checkPermission(AccessController.java:108)
> at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
> at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
> at java.lang.Thread.getContextClassLoader(Thread.java:457)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.getFileBasedResourceBundle(DefaultMessageInterpolator.java:163)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.findUserResourceBundle(DefaultMessageInterpolator.java:269)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolateMessage(DefaultMessageInterpolator.java:116)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:97)
> at org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:92)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:85)
> at org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:65)
> at org.apache.bval.jsr303.ConstraintValidation.addErrors(ConstraintValidation.java:255)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:211)
> at org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:140)
> at org.apache.bval.util.ValidationHelper.validateProperty(ValidationHelper.java:212)
> at org.apache.bval.util.ValidationHelper.validateBean(ValidationHelper.java:195)
> at org.apache.bval.jsr303.ClassValidator.validateBeanNet(ClassValidator.java:474)
> at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:140)
> Working through the doPriv location required in the path.
> WIll post a patch when testing is complete.
> Albert Lee
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.