Modified: bval/branches/privileged/bval-jsr303/src/main/java/org/apache/bval/jsr303/xml/ValidationMappingParser.java URL: http://svn.apache.org/viewvc/bval/branches/privileged/bval-jsr303/src/main/java/org/apache/bval/jsr303/xml/ValidationMappingParser.java?rev=1308497&r1=1308496&r2=1308497&view=diff ============================================================================== --- bval/branches/privileged/bval-jsr303/src/main/java/org/apache/bval/jsr303/xml/ValidationMappingParser.java (original) +++ bval/branches/privileged/bval-jsr303/src/main/java/org/apache/bval/jsr303/xml/ValidationMappingParser.java Mon Apr 2 19:31:16 2012 @@ -16,7 +16,6 @@ */ package org.apache.bval.jsr303.xml; - import java.io.InputStream; import java.io.Serializable; import java.lang.annotation.Annotation; @@ -24,7 +23,6 @@ import java.lang.reflect.Array; import java.lang.reflect.Field; import java.lang.reflect.Member; import java.lang.reflect.Method; -import java.security.AccessController; import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Arrays; @@ -38,25 +36,21 @@ import javax.validation.Constraint; import javax.validation.ConstraintValidator; import javax.validation.Payload; import javax.validation.ValidationException; -import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; import javax.xml.bind.JAXBException; -import javax.xml.bind.Unmarshaller; -import javax.xml.transform.stream.StreamSource; import javax.xml.validation.Schema; import org.apache.bval.jsr303.ApacheValidatorFactory; import org.apache.bval.jsr303.ConstraintAnnotationAttributes; import org.apache.bval.jsr303.util.EnumerationConverter; import org.apache.bval.jsr303.util.IOUtils; -import org.apache.bval.jsr303.util.SecureActions; +import org.apache.bval.jsr303.util.Privileged; import org.apache.bval.util.FieldAccess; import org.apache.bval.util.MethodAccess; import org.apache.commons.beanutils.ConvertUtils; import org.apache.commons.beanutils.Converter; import org.apache.commons.lang3.StringUtils; - /** * Uses JAXB to parse constraints.xml based on validation-mapping-1.0.xsd.<br> */ @@ -69,6 +63,8 @@ public class ValidationMappingParser { ConstraintAnnotationAttributes.GROUPS, ConstraintAnnotationAttributes.MESSAGE, ConstraintAnnotationAttributes.PAYLOAD)); + private static final Privileged PRIVILEGED = new Privileged(); + private final Set<Class<?>> processedClasses; private final ApacheValidatorFactory factory; @@ -88,7 +84,14 @@ public class ValidationMappingParser { */ public void processMappingConfig(Set<InputStream> xmlStreams) throws ValidationException { for (InputStream xmlStream : xmlStreams) { - ConstraintMappingsType mapping = parseXmlMappings(xmlStream); + ConstraintMappingsType mapping; + try { + mapping = PRIVILEGED.unmarshallXml(getSchema(), xmlStream, ConstraintMappingsType.class); + } catch (JAXBException e) { + throw new ValidationException("Failed to parse XML deployment descriptor file.", e); + } finally { + IOUtils.closeQuietly(xmlStream); + } String defaultPackage = mapping.getDefaultPackage(); processConstraintDefinitions(mapping.getConstraintDefinition(), defaultPackage); @@ -97,8 +100,7 @@ public class ValidationMappingParser { if (!processedClasses.add(beanClass)) { // spec: A given class must not be described more than once amongst all // the XML mapping descriptors. - throw new ValidationException( - beanClass.getName() + " has already be configured in xml."); + throw new ValidationException(String.format("%s has already be configured in xml.", beanClass.getName())); } factory.getAnnotationIgnores() .setDefaultIgnoreAnnotation(beanClass, bean.isIgnoreAnnotations()); @@ -110,28 +112,8 @@ public class ValidationMappingParser { } } - /** @param in XML stream to parse using the validation-mapping-1.0.xsd */ - private ConstraintMappingsType parseXmlMappings(InputStream in) { - ConstraintMappingsType mappings; - try { - JAXBContext jc = JAXBContext.newInstance(ConstraintMappingsType.class); - Unmarshaller unmarshaller = jc.createUnmarshaller(); - unmarshaller.setSchema(getSchema()); - StreamSource stream = new StreamSource(in); - JAXBElement<ConstraintMappingsType> root = - unmarshaller.unmarshal(stream, ConstraintMappingsType.class); - mappings = root.getValue(); - } catch (JAXBException e) { - throw new ValidationException("Failed to parse XML deployment descriptor file.", - e); - } finally { - IOUtils.closeQuietly(in); - } - return mappings; - } - /** @return validation-mapping-1.0.xsd based schema */ - private Schema getSchema() { + private static Schema getSchema() { return ValidationParser.getSchema(VALIDATION_MAPPING_XSD); } @@ -196,7 +178,7 @@ public class ValidationMappingParser { private <A extends Annotation> Class<?> getAnnotationParameterType( final Class<A> annotationClass, final String name) { - final Method m = doPrivileged(SecureActions.getPublicMethod(annotationClass, name)); + final Method m = PRIVILEGED.getPublicMethod(annotationClass, name); if (m == null) { throw new ValidationException("Annotation of type " + annotationClass.getName() + " does not contain a parameter " + name + "."); @@ -365,7 +347,7 @@ public class ValidationMappingParser { } else { fieldNames.add(fieldName); } - final Field field = doPrivileged(SecureActions.getDeclaredField(beanClass, fieldName)); + final Field field = PRIVILEGED.getDeclaredField(beanClass, fieldName); if (field == null) { throw new ValidationException( beanClass.getName() + " does not contain the fieldType " + fieldName); @@ -521,20 +503,8 @@ public class ValidationMappingParser { return clazz.contains("."); } - - - private static <T> T doPrivileged(final PrivilegedAction<T> action) { - if (System.getSecurityManager() != null) { - return AccessController.doPrivileged(action); - } else { - return action.run(); - } - } - - - private static Method getGetter(final Class<?> clazz, final String propertyName) { - return doPrivileged(new PrivilegedAction<Method>() { + return PRIVILEGED.run(new PrivilegedAction<Method>() { public Method run() { try { final String p = StringUtils.capitalize(propertyName); @@ -551,17 +521,11 @@ public class ValidationMappingParser { } - - private Class<?> loadClass(final String className) { - ClassLoader loader = doPrivileged(SecureActions.getContextClassLoader()); - if (loader == null) - loader = getClass().getClassLoader(); - try { - return Class.forName(className, true, loader); + return PRIVILEGED.getClass(PRIVILEGED.getClassLoader(getClass()), className); } catch (ClassNotFoundException ex) { - throw new ValidationException("Unable to load class: " + className, ex); + throw new ValidationException(String.format("Unable to load class %s", className), ex); } }
Modified: bval/branches/privileged/bval-jsr303/src/main/java/org/apache/bval/jsr303/xml/ValidationParser.java URL: http://svn.apache.org/viewvc/bval/branches/privileged/bval-jsr303/src/main/java/org/apache/bval/jsr303/xml/ValidationParser.java?rev=1308497&r1=1308496&r2=1308497&view=diff ============================================================================== --- bval/branches/privileged/bval-jsr303/src/main/java/org/apache/bval/jsr303/xml/ValidationParser.java (original) +++ bval/branches/privileged/bval-jsr303/src/main/java/org/apache/bval/jsr303/xml/ValidationParser.java Mon Apr 2 19:31:16 2012 @@ -18,12 +18,13 @@ */ package org.apache.bval.jsr303.xml; - -import org.apache.bval.jsr303.ConfigurationImpl; -import org.apache.bval.jsr303.util.IOUtils; -import org.apache.bval.jsr303.util.SecureActions; -import org.apache.bval.util.PrivilegedActions; -import org.xml.sax.SAXException; +import java.io.IOException; +import java.io.InputStream; +import java.net.URL; +import java.security.PrivilegedExceptionAction; +import java.util.Enumeration; +import java.util.logging.Level; +import java.util.logging.Logger; import javax.validation.ConstraintValidatorFactory; import javax.validation.MessageInterpolator; @@ -31,21 +32,16 @@ import javax.validation.TraversableResol import javax.validation.ValidationException; import javax.validation.spi.ValidationProvider; import javax.xml.XMLConstants; -import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Unmarshaller; -import javax.xml.transform.stream.StreamSource; import javax.xml.validation.Schema; import javax.xml.validation.SchemaFactory; -import java.io.IOException; -import java.io.InputStream; -import java.net.URL; -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.util.Enumeration; -import java.util.logging.Level; -import java.util.logging.Logger; + +import org.apache.bval.jsr303.ConfigurationImpl; +import org.apache.bval.jsr303.util.IOUtils; +import org.apache.bval.jsr303.util.Privileged; +import org.apache.commons.lang3.ObjectUtils; +import org.apache.commons.lang3.StringUtils; +import org.xml.sax.SAXException; /** * Description: uses jaxb to parse validation.xml<br/> @@ -56,7 +52,9 @@ public class ValidationParser { private static final String VALIDATION_CONFIGURATION_XSD = "META-INF/validation-configuration-1.0.xsd"; private static final Logger log = Logger.getLogger(ValidationParser.class.getName()); - protected final String validationXmlFile; + private static final Privileged PRIVILEGED = new Privileged(); + + private final String validationXmlFile; /** * Create a new ValidationParser instance. @@ -64,11 +62,7 @@ public class ValidationParser { * @param file */ public ValidationParser(String file) { - if (file == null) { - validationXmlFile = DEFAULT_VALIDATION_XML_FILE; - } else { - validationXmlFile = file; - } + this.validationXmlFile = ObjectUtils.defaultIfNull(file, DEFAULT_VALIDATION_XML_FILE); } /** @@ -91,28 +85,18 @@ public class ValidationParser { log.log(Level.FINEST, String.format("No %s found. Using annotation based configuration only.", validationXmlFile)); return null; } - log.log(Level.FINEST, String.format("%s found.", validationXmlFile)); - Schema schema = getSchema(); - JAXBContext jc = JAXBContext.newInstance(ValidationConfigType.class); - Unmarshaller unmarshaller = jc.createUnmarshaller(); - unmarshaller.setSchema(schema); - StreamSource stream = new StreamSource(inputStream); - JAXBElement<ValidationConfigType> root = - unmarshaller.unmarshal(stream, ValidationConfigType.class); - return root.getValue(); - } catch (JAXBException e) { - throw new ValidationException("Unable to parse " + validationXmlFile, e); - } catch (IOException e) { + return PRIVILEGED.unmarshallXml(getSchema(), inputStream, ValidationConfigType.class); + } catch (Exception e) { throw new ValidationException("Unable to parse " + validationXmlFile, e); } finally { IOUtils.closeQuietly(inputStream); } } - protected InputStream getInputStream(String path) throws IOException { - ClassLoader loader = PrivilegedActions.getClassLoader(getClass()); + static InputStream getInputStream(String path) throws IOException { + final ClassLoader loader = PRIVILEGED.getClassLoader(ValidationParser.class); InputStream inputStream = loader.getResourceAsStream(path); if (inputStream != null) { @@ -132,7 +116,7 @@ public class ValidationParser { return inputStream; } - private Schema getSchema() { + private static Schema getSchema() { return getSchema(VALIDATION_CONFIGURATION_XSD); } @@ -143,9 +127,8 @@ public class ValidationParser { * @return {@link Schema} */ static Schema getSchema(String xsd) { - ClassLoader loader = PrivilegedActions.getClassLoader(ValidationParser.class); SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI); - URL schemaUrl = loader.getResource(xsd); + URL schemaUrl = PRIVILEGED.getClassLoader(ValidationParser.class).getResource(xsd); try { return sf.newSchema(schemaUrl); } catch (SAXException e) { @@ -166,71 +149,61 @@ public class ValidationParser { private void applyProperties(ValidationConfigType xmlConfig, ConfigurationImpl target) { for (PropertyType property : xmlConfig.getProperty()) { if (log.isLoggable(Level.FINEST)) { - log.log(Level.FINEST, String.format("Found property '%s' with value '%s' in %s", property.getName(), property.getValue(), validationXmlFile)); + log.log(Level.FINEST, String.format( + "Found property '%s' with value '%s' in %s", + property.getName(), property.getValue(), validationXmlFile)); } target.addProperty(property.getName(), property.getValue()); } } - @SuppressWarnings("unchecked") private void applyProviderClass(ValidationConfigType xmlConfig, ConfigurationImpl target) { String providerClassName = xmlConfig.getDefaultProvider(); if (providerClassName != null) { + @SuppressWarnings("unchecked") Class<? extends ValidationProvider<?>> clazz = - (Class<? extends ValidationProvider<?>>) loadClass(providerClassName); + (Class<? extends ValidationProvider<?>>) loadClass(providerClassName); target.setProviderClass(clazz); log.log(Level.INFO, String.format("Using %s as validation provider.", providerClassName)); } } - @SuppressWarnings("unchecked") private void applyMessageInterpolator(ValidationConfigType xmlConfig, ConfigurationImpl target) { String messageInterpolatorClass = xmlConfig.getMessageInterpolator(); if (target.getMessageInterpolator() == null) { if (messageInterpolatorClass != null) { - Class<MessageInterpolator> clazz = (Class<MessageInterpolator>) - loadClass(messageInterpolatorClass); + @SuppressWarnings("unchecked") + Class<? extends MessageInterpolator> clazz = + (Class<? extends MessageInterpolator>) loadClass(messageInterpolatorClass); target.messageInterpolator(newInstance(clazz)); log.log(Level.INFO, String.format("Using %s as message interpolator.", messageInterpolatorClass)); } } } - @SuppressWarnings("unchecked") private void applyTraversableResolver(ValidationConfigType xmlConfig, ConfigurationImpl target) { String traversableResolverClass = xmlConfig.getTraversableResolver(); if (target.getTraversableResolver() == null) { if (traversableResolverClass != null) { - Class<TraversableResolver> clazz = (Class<TraversableResolver>) - loadClass(traversableResolverClass); + @SuppressWarnings("unchecked") + Class<? extends TraversableResolver> clazz = + (Class<? extends TraversableResolver>) loadClass(traversableResolverClass); target.traversableResolver(newInstance(clazz)); log.log(Level.INFO, String.format("Using %s as traversable resolver.", traversableResolverClass)); } } } - private <T> T newInstance(final Class<T> cls) { - return AccessController.doPrivileged(new PrivilegedAction<T>() { - public T run() { - try { - return cls.newInstance(); - } catch (final Exception ex) { - throw new ValidationException("Cannot instantiate : " + cls, ex); - } - } - }); - } - - @SuppressWarnings("unchecked") private void applyConstraintFactory(ValidationConfigType xmlConfig, ConfigurationImpl target) { String constraintFactoryClass = xmlConfig.getConstraintValidatorFactory(); if (target.getConstraintValidatorFactory() == null) { if (constraintFactoryClass != null) { - Class<ConstraintValidatorFactory> clazz = (Class<ConstraintValidatorFactory>) - loadClass(constraintFactoryClass); + @SuppressWarnings("unchecked") + Class<? extends ConstraintValidatorFactory> clazz = + (Class<? extends ConstraintValidatorFactory>) loadClass(constraintFactoryClass); target.constraintValidatorFactory(newInstance(clazz)); log.log(Level.INFO, String.format("Using %s as constraint factory.", constraintFactoryClass)); } @@ -240,46 +213,40 @@ public class ValidationParser { private void applyMappingStreams(ValidationConfigType xmlConfig, ConfigurationImpl target) { for (JAXBElement<String> mappingFileNameElement : xmlConfig.getConstraintMapping()) { - String mappingFileName = mappingFileNameElement.getValue(); - if (mappingFileName.startsWith("/")) { - // Classloader needs a path without a starting / - mappingFileName = mappingFileName.substring(1); - } + // Classloader needs a path without a starting / + String mappingFileName = StringUtils.removeStart(mappingFileNameElement.getValue(), "/"); log.log(Level.FINEST, String.format("Trying to open input stream for %s", mappingFileName)); InputStream in = null; try { in = getInputStream(mappingFileName); if (in == null) { - throw new ValidationException( - "Unable to open input stream for mapping file " + - mappingFileName); + throw new ValidationException("Unable to open input stream for mapping file " + mappingFileName); } } catch (IOException e) { - throw new ValidationException("Unable to open input stream for mapping file " + - mappingFileName, e); + throw new ValidationException("Unable to open input stream for mapping file " + mappingFileName, e); } target.addMapping(in); } } + private static <T> T newInstance(final Class<T> cls) { + try { + return PRIVILEGED.run(new PrivilegedExceptionAction<T>() { - private static <T> T doPrivileged(final PrivilegedAction<T> action) { - if (System.getSecurityManager() != null) { - return AccessController.doPrivileged(action); - } else { - return action.run(); + public T run() throws Exception { + return cls.newInstance(); + } + }); + } catch (Exception e) { + throw new RuntimeException(e); } } - private Class<?> loadClass(final String className) { - ClassLoader loader = doPrivileged(SecureActions.getContextClassLoader()); - if (loader == null) - loader = getClass().getClassLoader(); - + private static Class<?> loadClass(final String className) { try { - return Class.forName(className, true, loader); - } catch (ClassNotFoundException ex) { - throw new ValidationException("Unable to load class: " + className, ex); + return PRIVILEGED.getClass(PRIVILEGED.getClassLoader(ValidationParser.class), className); + } catch (ClassNotFoundException e) { + throw new ValidationException(String.format("Unable to load class %s", className), e.getCause()); } } Modified: bval/branches/privileged/bval-jsr303/src/test/java/org/apache/bval/jsr303/BootstrapTest.java URL: http://svn.apache.org/viewvc/bval/branches/privileged/bval-jsr303/src/test/java/org/apache/bval/jsr303/BootstrapTest.java?rev=1308497&r1=1308496&r2=1308497&view=diff ============================================================================== --- bval/branches/privileged/bval-jsr303/src/test/java/org/apache/bval/jsr303/BootstrapTest.java (original) +++ bval/branches/privileged/bval-jsr303/src/test/java/org/apache/bval/jsr303/BootstrapTest.java Mon Apr 2 19:31:16 2012 @@ -62,8 +62,6 @@ public class BootstrapTest extends TestC // with new state ApacheValidatorFactory factory2 = (ApacheValidatorFactory) Validation.buildDefaultValidatorFactory(); Assert.assertTrue(factory2 != factory); - Assert.assertTrue(factory2.getMessageInterpolator() != factory.getMessageInterpolator()); - } public void testLocalizedMessageInterpolatorFactory() { Modified: bval/branches/privileged/bval-jsr303/src/test/java/org/apache/bval/jsr303/util/TestUtils.java URL: http://svn.apache.org/viewvc/bval/branches/privileged/bval-jsr303/src/test/java/org/apache/bval/jsr303/util/TestUtils.java?rev=1308497&r1=1308496&r2=1308497&view=diff ============================================================================== --- bval/branches/privileged/bval-jsr303/src/test/java/org/apache/bval/jsr303/util/TestUtils.java (original) +++ bval/branches/privileged/bval-jsr303/src/test/java/org/apache/bval/jsr303/util/TestUtils.java Mon Apr 2 19:31:16 2012 @@ -26,7 +26,7 @@ import javax.validation.ConstraintViolat import javax.validation.metadata.ConstraintDescriptor; import javax.validation.metadata.ElementDescriptor.ConstraintFinder; -import org.junit.Assert; +import junit.framework.Assert; /** * Description: <br/> Added: bval/branches/privileged/bval-jsr303/src/test/resources/java.policy URL: http://svn.apache.org/viewvc/bval/branches/privileged/bval-jsr303/src/test/resources/java.policy?rev=1308497&view=auto ============================================================================== --- bval/branches/privileged/bval-jsr303/src/test/resources/java.policy (added) +++ bval/branches/privileged/bval-jsr303/src/test/resources/java.policy Mon Apr 2 19:31:16 2012 @@ -0,0 +1,88 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +// +// $Id$ +// +// Allows unit tests to run with a Java Security Manager +// +// Cloned from https://svn.apache.org/repos/asf/commons/proper/lang/trunk/src/test/resources/java.policy +// +// <argLine>-Djava.security.manager -Djava.security.policy=${basedir}/src/test/resources/java.policy</argLine> +// + +grant +{ + // let everyone read target dir + permission java.io.FilePermission "${user.dir}/target/-", "read"; +}; + +// we don't care about the permissions of the testing infrastructure, +// including maven; +grant codeBase "file://${user.home}/.m2/repository/org/apache/maven/-" +{ + permission java.security.AllPermission; +}; + +// junit; +grant codeBase "file://${user.home}/.m2/repository/junit/-" +{ + permission java.security.AllPermission; +}; + +// mockito; +grant codeBase "file://${user.home}/.m2/repository/org/mockito/-" +{ + permission java.security.AllPermission; +}; + +// objenesis (via mockito); +grant codeBase "file://${user.home}/.m2/repository/org/objenesis/-" +{ + permission java.security.AllPermission; +}; + +// and our own testcases +grant codeBase "file://${user.dir}/target/test-classes/-" +{ + permission java.security.AllPermission; +}; + +grant codeBase "file://${user.home}/.m2/repository/javax/validation/-" +{ + permission org.apache.bval.BValPermission "*"; +}; + +grant codeBase "file://${user.home}/.m2/repository/org/apache/geronimo/specs/-" +{ + permission org.apache.bval.BValPermission "*"; +}; + +grant codeBase "file://${user.home}/.m2/repository/org/apache/bval/-" +{ + permission org.apache.bval.BValPermission "*"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; +}; + +grant codeBase "file://${user.dir}/target/classes/-" +{ + permission org.apache.bval.BValPermission "*"; + permission java.lang.RuntimePermission "accessDeclaredMembers"; + permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; + permission java.io.FilePermission "${user.home}/.m2/repository/-", "read"; +};
