[jira] Created: (BVAL-87) Java 2 security violations in ClassValidator.validate

Tue, 16 Nov 2010 13:55:39 -0800 

Java 2 security violations in ClassValidator.validate
-----------------------------------------------------

                 Key: BVAL-87
                 URL: https://issues.apache.org/jira/browse/BVAL-87
             Project: BeanValidation
          Issue Type: Bug
          Components: jsr303
    Affects Versions: 0.3-incubating
            Reporter: Albert Lee
             Fix For: 0.3-incubating


Hitting a few Java 2 security access control exception during validation.

java.security.AccessControlException: Access denied 
(java.lang.RuntimePermission accessDeclaredMembers)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:533)
at 
com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1678)
at java.lang.Class.checkMemberAccess(Class.java:105)
at java.lang.Class.getDeclaredFields(Class.java:535)
at 
org.apache.bval.jsr303.Jsr303MetaBeanFactory.processClass(Jsr303MetaBeanFactory.java:129)
at 
org.apache.bval.jsr303.Jsr303MetaBeanFactory.buildMetaBean(Jsr303MetaBeanFactory.java:101)
at org.apache.bval.MetaBeanBuilder.buildForClass(MetaBeanBuilder.java:128)
at org.apache.bval.MetaBeanManager.findForClass(MetaBeanManager.java:102)
at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:128)


java.security.AccessControlException: Access denied 
(java.lang.RuntimePermission getClassLoader)
at java.security.AccessController.checkPermission(AccessController.java:108)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
at 
com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:212)
at java.lang.Thread.getContextClassLoader(Thread.java:457)
at 
org.apache.bval.jsr303.DefaultMessageInterpolator.getFileBasedResourceBundle(DefaultMessageInterpolator.java:163)
at 
org.apache.bval.jsr303.DefaultMessageInterpolator.findUserResourceBundle(DefaultMessageInterpolator.java:269)
at 
org.apache.bval.jsr303.DefaultMessageInterpolator.interpolateMessage(DefaultMessageInterpolator.java:116)
at 
org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:97)
at 
org.apache.bval.jsr303.DefaultMessageInterpolator.interpolate(DefaultMessageInterpolator.java:92)
at 
org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:85)
at 
org.apache.bval.jsr303.ConstraintValidationListener.addError(ConstraintValidationListener.java:65)
at 
org.apache.bval.jsr303.ConstraintValidation.addErrors(ConstraintValidation.java:255)
at 
org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:211)
at 
org.apache.bval.jsr303.ConstraintValidation.validate(ConstraintValidation.java:140)
at 
org.apache.bval.util.ValidationHelper.validateProperty(ValidationHelper.java:212)
at org.apache.bval.util.ValidationHelper.validateBean(ValidationHelper.java:195)
at 
org.apache.bval.jsr303.ClassValidator.validateBeanNet(ClassValidator.java:474)
at org.apache.bval.jsr303.ClassValidator.validate(ClassValidator.java:140)

Working through the doPriv location required in the path.

WIll post a patch when testing is complete.

Albert Lee

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to