bval-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mben...@apache.org
Subject svn commit: r1406733 - in /bval/branches/privileged2: ./ src/main/java/org/apache/bval/jsr303/ src/main/java/org/apache/bval/jsr303/resolver/ src/main/java/org/apache/bval/jsr303/util/ src/main/java/org/apache/bval/jsr303/xml/ src/test/java/org/apache/...
Date Wed, 07 Nov 2012 17:44:27 GMT
Author: mbenson
Date: Wed Nov  7 17:44:26 2012
New Revision: 1406733

URL: http://svn.apache.org/viewvc?rev=1406733&view=rev
Log:
new privileged work branch

Added:
    bval/branches/privileged2/   (props changed)
      - copied from r1405063, bval/trunk/bval-jsr303/
Removed:
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/util/SecureActions.java
Modified:
    bval/branches/privileged2/pom.xml
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/AnnotationConstraintBuilder.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/AnnotationProcessor.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheFactoryContext.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheValidationProvider.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheValidatorFactory.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConfigurationImpl.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConstraintAnnotationAttributes.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConstraintDefaults.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/DefaultMessageInterpolator.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/DefaultValidationProviderResolver.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/Jsr303MetaBeanFactory.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/util/ClassHelper.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/util/ConstraintDefinitionValidator.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/AnnotationProxy.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/AnnotationProxyBuilder.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/ValidationMappingParser.java
    bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/ValidationParser.java
    bval/branches/privileged2/src/test/java/org/apache/bval/jsr303/ConstraintValidatorContextTest.java
    bval/branches/privileged2/src/test/resources/java.policy

Propchange: bval/branches/privileged2/
------------------------------------------------------------------------------
--- svn:ignore (added)
+++ svn:ignore Wed Nov  7 17:44:26 2012
@@ -0,0 +1,6 @@
+*.log
+.*
+target
+maven-eclipse.xml
+*.ipr
+*.iml

Propchange: bval/branches/privileged2/
------------------------------------------------------------------------------
    svn:mergeinfo = /incubator/bval/sandbox/lang3-work/bval-jsr303:992137-1166425

Modified: bval/branches/privileged2/pom.xml
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/pom.xml?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/pom.xml (original)
+++ bval/branches/privileged2/pom.xml Wed Nov  7 17:44:26 2012
@@ -104,7 +104,12 @@
                                 <include>**/*Test.java</include>
                                 <include>**/*TestCase.java</include>
                             </includes>
-                            <argLine>-Djava.security.manager -Djava.security.policy=${project.basedir}/src/test/resources/java.policy</argLine>
+                            <forkMode>once</forkMode>
+                            <systemPropertyVariables>
+                                <surefire.security.manager>java.lang.SecurityManager</surefire.security.manager>
+                                <java.security.policy>${project.basedir}/src/test/resources/java.policy</java.security.policy>
+                                <user.dir>${project.basedir}</user.dir>
+                            </systemPropertyVariables>
                         </configuration>
                     </plugin>
                 </plugins>
@@ -122,6 +127,11 @@
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
         </dependency>
+        <dependency>
+            <groupId>mbenson.pmw</groupId>
+            <artifactId>privileged-method-weaver-api</artifactId>
+        </dependency>
+     <!-- Test dependencies -->
         <!-- optional dependencies -->
         <dependency>
             <groupId>org.apache.bval</groupId>
@@ -210,6 +220,20 @@
                     </includes>
                 </configuration>
             </plugin>
+            <plugin>
+                <groupId>mbenson.pmw</groupId>
+                <artifactId>privileged-method-weaver-maven-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>prepare</goal>
+                            <goal>weave</goal>
+                            <goal>test-prepare</goal>
+                            <goal>test-weave</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
         </plugins>
     </build>
 </project>

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/AnnotationConstraintBuilder.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/AnnotationConstraintBuilder.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/AnnotationConstraintBuilder.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/AnnotationConstraintBuilder.java Wed Nov  7 17:44:26 2012
@@ -19,10 +19,9 @@
 package org.apache.bval.jsr303;
 
 import java.lang.annotation.Annotation;
+import java.lang.reflect.AccessibleObject;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
@@ -44,6 +43,8 @@ import org.apache.bval.jsr303.groups.Gro
 import org.apache.bval.jsr303.xml.AnnotationProxyBuilder;
 import org.apache.bval.util.AccessStrategy;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Description: helper class that builds a {@link ConstraintValidation} or its
  * composite constraint validations by parsing the jsr303-annotations and
@@ -77,30 +78,25 @@ final class AnnotationConstraintBuilder<
     /** build attributes, payload, groups from 'annotation' */
     private void buildFromAnnotation() {
         if (constraintValidation.getAnnotation() != null) {
-            run(new PrivilegedAction<Object>() {
-                public Object run() {
-                    for (Method method : constraintValidation.getAnnotation().annotationType().getDeclaredMethods()) {
-                        // groups + payload must also appear in attributes (also
-                        // checked by TCK-Tests)
-                        if (method.getParameterTypes().length == 0) {
-                            try {
-                                if (ConstraintAnnotationAttributes.PAYLOAD.getAttributeName().equals(method.getName())) {
-                                    buildPayload(method);
-                                } else if (ConstraintAnnotationAttributes.GROUPS.getAttributeName().equals(
-                                    method.getName())) {
-                                    buildGroups(method);
-                                } else {
-                                    constraintValidation.getAttributes().put(method.getName(),
-                                        method.invoke(constraintValidation.getAnnotation()));
-                                }
-                            } catch (Exception e) { // do nothing
-                                log.log(Level.WARNING, String.format("Error processing annotation: %s ", constraintValidation.getAnnotation()), e);
-                            }
+            for (Method method : getDeclaredMethods(constraintValidation.getAnnotation().annotationType())) {
+                // groups + payload must also appear in attributes (also
+                // checked by TCK-Tests)
+                if (method.getParameterTypes().length == 0) {
+                    try {
+                        if (ConstraintAnnotationAttributes.PAYLOAD.getAttributeName().equals(method.getName())) {
+                            buildPayload(method);
+                        } else if (ConstraintAnnotationAttributes.GROUPS.getAttributeName().equals(
+                            method.getName())) {
+                            buildGroups(method);
+                        } else {
+                            constraintValidation.getAttributes().put(method.getName(),
+                                method.invoke(constraintValidation.getAnnotation()));
                         }
+                    } catch (Exception e) { // do nothing
+                        log.log(Level.WARNING, String.format("Error processing annotation: %s ", constraintValidation.getAnnotation()), e);
                     }
-                    return null;
                 }
-            });
+            }
         }
     }
 
@@ -201,7 +197,7 @@ final class AnnotationConstraintBuilder<
     /** read overridesAttributes from constraintValidation.annotation */
     private void buildOverridesAttributes() {
         overrides = new LinkedList<ConstraintOverrides>();
-        for (Method method : constraintValidation.getAnnotation().annotationType().getDeclaredMethods()) {
+        for (Method method : getDeclaredMethods(constraintValidation.getAnnotation().annotationType())) {
             OverridesAttribute.List annoOAL = method.getAnnotation(OverridesAttribute.List.class);
             if (annoOAL != null) {
                 for (OverridesAttribute annoOA : annoOAL.value()) {
@@ -266,11 +262,10 @@ final class AnnotationConstraintBuilder<
         }
     }
 
-    private static <T> T run(PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
-        }
+    @Privileged
+    private static Method[] getDeclaredMethods(Class<?> type) {
+        Method[] result = type.getDeclaredMethods();
+        AccessibleObject.setAccessible(result, true);
+        return result;
     }
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/AnnotationProcessor.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/AnnotationProcessor.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/AnnotationProcessor.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/AnnotationProcessor.java Wed Nov  7 17:44:26 2012
@@ -23,6 +23,7 @@ import java.lang.reflect.AnnotatedElemen
 import java.lang.reflect.Array;
 import java.lang.reflect.GenericArrayType;
 import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
 import java.lang.reflect.Type;
 import java.util.ArrayList;
 import java.util.HashMap;
@@ -38,7 +39,6 @@ import javax.validation.ValidationExcept
 import javax.validation.groups.Default;
 
 import org.apache.bval.jsr303.util.ConstraintDefinitionValidator;
-import org.apache.bval.jsr303.util.SecureActions;
 import org.apache.bval.model.Features;
 import org.apache.bval.model.MetaBean;
 import org.apache.bval.model.MetaProperty;
@@ -47,6 +47,8 @@ import org.apache.commons.lang3.ArrayUti
 import org.apache.commons.lang3.ClassUtils;
 import org.apache.commons.lang3.reflect.TypeUtils;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Description: implements uniform handling of JSR303 {@link Constraint}
  * annotations, including composed constraints and the resolution of
@@ -154,8 +156,7 @@ public final class AnnotationProcessor {
          * annotated by @Constraint) whose value element has a return type of an
          * array of constraint annotations in a special way.
          */
-        Object result =
-            SecureActions.getAnnotationValue(annotation, ConstraintAnnotationAttributes.VALUE.getAttributeName());
+        final Object result = getAnnotationValue(annotation, ConstraintAnnotationAttributes.VALUE.getAttributeName());
         if (result instanceof Annotation[]) {
             boolean changed = false;
             for (Annotation each : (Annotation[]) result) {
@@ -448,4 +449,26 @@ public final class AnnotationProcessor {
         return validatorsTypes;
     }
 
+    private static Object getAnnotationValue(Annotation host, String name) {
+        Method m = getAccessor(host.annotationType(), name);
+        try {
+            return m.invoke(host);
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    @Privileged
+    private static Method getAccessor(Class type, String name) {
+        final Method m;
+        try {
+            m = type.getDeclaredMethod(name);
+        } catch (NoSuchMethodException e) {
+            return null;
+        }
+        // Shouldn't annotation values already be accessible?
+        m.setAccessible(true);
+        return m;
+    }
+
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheFactoryContext.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheFactoryContext.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheFactoryContext.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheFactoryContext.java Wed Nov  7 17:44:26 2012
@@ -19,8 +19,6 @@
 package org.apache.bval.jsr303;
 
 import java.lang.reflect.Constructor;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -36,13 +34,14 @@ import org.apache.bval.MetaBeanBuilder;
 import org.apache.bval.MetaBeanFactory;
 import org.apache.bval.MetaBeanFinder;
 import org.apache.bval.MetaBeanManager;
-import org.apache.bval.jsr303.util.SecureActions;
 import org.apache.bval.xml.XMLMetaBeanBuilder;
 import org.apache.bval.xml.XMLMetaBeanFactory;
 import org.apache.bval.xml.XMLMetaBeanManager;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.reflect.ConstructorUtils;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Description: Represents the context that is used to create
  * <code>ClassValidator</code> instances.<br/>
@@ -228,25 +227,21 @@ public class ApacheFactoryContext implem
         return new MetaBeanManager(new MetaBeanBuilder(builders.toArray(new MetaBeanFactory[builders.size()])));
     }
 
+    @Privileged
     private <F extends MetaBeanFactory> F createMetaBeanFactory(final Class<F> cls) {
-        return run(new PrivilegedAction<F>() {
-
-            public F run() {
-                try {
-                    Constructor<F> c = ConstructorUtils.getMatchingAccessibleConstructor(cls, ApacheFactoryContext.this.getClass());
-                    if (c != null) {
-                        return c.newInstance(ApacheFactoryContext.this);
-                    }
-                    c = ConstructorUtils.getMatchingAccessibleConstructor(cls, getFactory().getClass());
-                    if (c != null) {
-                        return c.newInstance(getFactory());
-                    }
-                    return cls.newInstance();
-                } catch (Exception e) {
-                    throw new ValidationException(e);
-                }
+        try {
+            Constructor<F> c = ConstructorUtils.getMatchingAccessibleConstructor(cls, ApacheFactoryContext.this.getClass());
+            if (c != null) {
+                return c.newInstance(ApacheFactoryContext.this);
             }
-        });
+            c = ConstructorUtils.getMatchingAccessibleConstructor(cls, getFactory().getClass());
+            if (c != null) {
+                return c.newInstance(getFactory());
+            }
+            return cls.newInstance();
+        } catch (Exception e) {
+            throw new ValidationException(e);
+        }
     }
 
     /**
@@ -276,18 +271,11 @@ public class ApacheFactoryContext implem
         }
     }
 
-    private static <T> T doPrivileged(final PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
-        }
-    }
-
     private Class<?> loadClass(final String className) {
-        ClassLoader loader = doPrivileged(SecureActions.getContextClassLoader());
-        if (loader == null)
+        ClassLoader loader = contextClassLoader();
+        if (loader == null) {
             loader = getClass().getClassLoader();
+        }
 
         try {
             return Class.forName(className, true, loader);
@@ -296,11 +284,12 @@ public class ApacheFactoryContext implem
         }
     }
 
-    private static <T> T run(PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
+    @Privileged
+    private static ClassLoader contextClassLoader() {
+        try {
+            return Thread.currentThread().getContextClassLoader();
+        } catch (Exception e) {
+            return null;
         }
     }
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheValidationProvider.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheValidationProvider.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheValidationProvider.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheValidationProvider.java Wed Nov  7 17:44:26 2012
@@ -18,9 +18,6 @@
  */
 package org.apache.bval.jsr303;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-
 import javax.validation.Configuration;
 import javax.validation.ValidationException;
 import javax.validation.ValidatorFactory;
@@ -30,6 +27,8 @@ import javax.validation.spi.ValidationPr
 
 import org.apache.commons.lang3.ClassUtils;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Description: Implementation of {@link ValidationProvider} for jsr303
  * implementation of the apache-validation framework.
@@ -99,15 +98,10 @@ public class ApacheValidationProvider im
         // No privileges should be required to access the constructor,
         // because the classloader of ApacheValidationProvider will always
         // be an ancestor of the loader of validatorFactoryClass.
-        return (System.getSecurityManager() == null)
-            ? instantiateValidatorFactory(validatorFactoryClass, configuration) : AccessController
-                .doPrivileged(new PrivilegedAction<ValidatorFactory>() {
-                    public ValidatorFactory run() {
-                        return instantiateValidatorFactory(validatorFactoryClass, configuration);
-                    }
-                });
+        return instantiateValidatorFactory(validatorFactoryClass, configuration);
     }
 
+    @Privileged
     private static ValidatorFactory instantiateValidatorFactory(
         final Class<? extends ValidatorFactory> validatorFactoryClass, final ConfigurationState configuration) {
         try {

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheValidatorFactory.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheValidatorFactory.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheValidatorFactory.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ApacheValidatorFactory.java Wed Nov  7 17:44:26 2012
@@ -20,8 +20,6 @@ package org.apache.bval.jsr303;
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Modifier;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
@@ -44,6 +42,8 @@ import org.apache.bval.util.AccessStrate
 import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.ClassUtils;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Description: a factory is a complete configurated object that can create
  * validators.<br/>
@@ -251,16 +251,13 @@ public class ApacheValidatorFactory impl
         throw new ValidationException("Type " + type + " not supported");
     }
 
+    @Privileged
     private <T> T newInstance(final Class<T> cls) {
-        return AccessController.doPrivileged(new PrivilegedAction<T>() {
-            public T run() {
-                try {
-                    return cls.newInstance();
-                } catch (final Exception ex) {
-                    throw new ValidationException("Cannot instantiate : " + cls, ex);
-                }
-            }
-        });
+        try {
+            return cls.newInstance();
+        } catch (final Exception ex) {
+            throw new ValidationException("Cannot instantiate : " + cls, ex);
+        }
     }
 
     /**

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConfigurationImpl.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConfigurationImpl.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConfigurationImpl.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConfigurationImpl.java Wed Nov  7 17:44:26 2012
@@ -20,7 +20,6 @@ package org.apache.bval.jsr303;
 
 
 import org.apache.bval.jsr303.resolver.DefaultTraversableResolver;
-import org.apache.bval.jsr303.util.SecureActions;
 import org.apache.bval.jsr303.xml.ValidationParser;
 
 import javax.validation.*;
@@ -28,11 +27,11 @@ import javax.validation.spi.BootstrapSta
 import javax.validation.spi.ConfigurationState;
 import javax.validation.spi.ValidationProvider;
 import java.io.InputStream;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.*;
 import java.util.logging.Logger;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Description: used to configure apache-validation for jsr303.
  * Implementation of Configuration that also implements ConfigurationState,
@@ -241,20 +240,22 @@ public class ConfigurationImpl implement
      * @throws ValidationException if the ValidatorFactory cannot be built
      */
     public ValidatorFactory buildValidatorFactory() {
-        return run(SecureActions.doPrivBuildValidatorFactory(this));
+        return doPrivBuildValidatorFactory();
     }
 
-    public ValidatorFactory doPrivBuildValidatorFactory() {
+    @Privileged
+    private ValidatorFactory doPrivBuildValidatorFactory() {
         prepare();
-        if (provider != null) {
-            return provider.buildValidatorFactory(this);
-        } else {
+        if (provider == null) {
             return findProvider().buildValidatorFactory(this);
         }
+        return provider.buildValidatorFactory(this);
     }
 
     private void prepare() {
-        if (prepared) return;
+        if (prepared) {
+            return;
+        }
         parseValidationXml();
         applyDefaults();
         prepared = true;
@@ -330,11 +331,4 @@ public class ConfigurationImpl implement
         this.providerClass = providerClass;
     }
 
-    private static <T> T run(PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
-        }
-    }
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConstraintAnnotationAttributes.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConstraintAnnotationAttributes.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConstraintAnnotationAttributes.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConstraintAnnotationAttributes.java Wed Nov  7 17:44:26 2012
@@ -20,8 +20,6 @@ import java.lang.annotation.Annotation;
 import java.lang.reflect.Array;
 import java.lang.reflect.Method;
 import java.lang.reflect.Type;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Locale;
 import java.util.Map;
 
@@ -30,9 +28,10 @@ import javax.validation.ConstraintDefini
 import javax.validation.Payload;
 import javax.validation.ValidationException;
 
-import org.apache.bval.jsr303.util.SecureActions;
 import org.apache.commons.lang3.reflect.TypeUtils;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Defines the well-known attributes of {@link Constraint} annotations.
  * 
@@ -183,14 +182,6 @@ public enum ConstraintAnnotationAttribut
         return result;
     }
 
-    private static <T> T doPrivileged(final PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
-        }
-    }
-
     private class Worker<C> {
         final Method method;
         final Object defaultValue;
@@ -214,7 +205,7 @@ public enum ConstraintAnnotationAttribut
             boolean _valid = true;
             Object _defaultValue = null;
             try {
-                method = doPrivileged(SecureActions.getPublicMethod(constraintType, getAttributeName()));
+                method = getPublicMethod(constraintType, getAttributeName());
                 if (method == null) {
                     if (quiet) {
                         _valid = false;
@@ -251,18 +242,28 @@ public enum ConstraintAnnotationAttribut
         }
 
         <T> T read(final C constraint) {
-            @SuppressWarnings("unchecked")
-            T result = (T) doPrivileged(new PrivilegedAction<Object>() {
-                public Object run() {
-                    try {
-                        method.setAccessible(true);
-                        return method.invoke(constraint);
-                    } catch (Exception e) {
-                        throw new RuntimeException(e);
-                    }
+            try {
+                @SuppressWarnings("unchecked")
+                final T result = (T) method.invoke(constraint);
+                return result;
+            } catch (RuntimeException e) {
+                throw e;
+            } catch (Exception e) {
+                throw new RuntimeException(e);
+            }
+        }
+
+        @Privileged
+        private Method getPublicMethod(Class<?> type, String name, Class<?>... argTypes) {
+            try {
+                Method result = type.getMethod(name, argTypes);
+                if (!result.isAccessible()) {
+                    result.setAccessible(true);
                 }
-            });
-            return result;
+                return result;
+            } catch (NoSuchMethodException e) {
+                return null;
+            }
         }
     }
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConstraintDefaults.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConstraintDefaults.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConstraintDefaults.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/ConstraintDefaults.java Wed Nov  7 17:44:26 2012
@@ -22,12 +22,12 @@ import javax.validation.ConstraintValida
 import java.io.IOException;
 import java.io.InputStream;
 import java.lang.annotation.Annotation;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.*;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Description: Provides access to the default constraints/validator implementation classes built into the framework.
  * These are configured in DefaultConstraints.properties.<br/>
@@ -71,7 +71,10 @@ public class ConstraintDefaults {
     @SuppressWarnings("unchecked")
     private Map<String, Class<? extends ConstraintValidator<?, ?>>[]> loadDefaultConstraints(String resource) {
         Properties constraintProperties = new Properties();
-        final ClassLoader classloader = getClassLoader();
+        ClassLoader classloader = contextClassLoader();
+        if (classloader == null) {
+            classloader = getClass().getClassLoader();
+        }
         InputStream stream = classloader.getResourceAsStream(resource);
         if (stream != null) {
             try {
@@ -92,18 +95,7 @@ public class ConstraintDefaults {
             while (tokens.hasMoreTokens()) {
                 final String eachClassName = tokens.nextToken();
 
-                Class<?> constraintValidatorClass =
-                      run(new PrivilegedAction<Class<?>>() {
-                          public Class<?> run() {
-                              try {
-                                  return Class.forName(eachClassName, true, classloader);
-                              } catch (ClassNotFoundException e) {
-                                  log.log(Level.SEVERE, String.format("Cannot find class %s", eachClassName), e);
-                                  return null;
-                              }
-                          }
-                      });
-
+                Class<?> constraintValidatorClass = loadClass(eachClassName, classloader);
                 if (constraintValidatorClass != null) classes.add(constraintValidatorClass);
 
             }
@@ -115,17 +107,22 @@ public class ConstraintDefaults {
         return loadedConstraints;
     }
 
-    private ClassLoader getClassLoader() {
-        ClassLoader classloader = Thread.currentThread().getContextClassLoader();
-        if (classloader == null) classloader = getClass().getClassLoader();
-        return classloader;
+    @Privileged
+    private ClassLoader contextClassLoader() {
+        try {
+            return Thread.currentThread().getContextClassLoader();
+        } catch (Exception e) {
+            return null;
+        }
     }
 
-    private static <T> T run(PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
+    private Class<?> loadClass(String name, ClassLoader classloader) {
+        try {
+            return Class.forName(name, true, classloader);
+        } catch (ClassNotFoundException e) {
+            log.log(Level.SEVERE, String.format("Cannot find class %s", name), e);
+            return null;
         }
     }
+
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/DefaultMessageInterpolator.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/DefaultMessageInterpolator.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/DefaultMessageInterpolator.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/DefaultMessageInterpolator.java Wed Nov  7 17:44:26 2012
@@ -16,8 +16,6 @@
  */
 package org.apache.bval.jsr303;
 
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Locale;
 import java.util.Map;
 import java.util.MissingResourceException;
@@ -30,9 +28,10 @@ import java.util.regex.Pattern;
 
 import javax.validation.MessageInterpolator;
 
-import org.apache.bval.jsr303.util.SecureActions;
 import org.apache.commons.lang3.ArrayUtils;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Description: Resource bundle backed message interpolator.
  * This message resolver resolve message descriptors
@@ -164,14 +163,12 @@ public class DefaultMessageInterpolator 
      */
     private ResourceBundle getFileBasedResourceBundle(Locale locale) {
         ResourceBundle rb = null;
-        final ClassLoader classLoader = doPrivileged(SecureActions.getContextClassLoader());
+        final ClassLoader classLoader = contextClassLoader();
         if (classLoader != null) {
             rb = loadBundle(classLoader, locale,
                   USER_VALIDATION_MESSAGES + " not found by thread local classloader");
         }
 
-        // 2011-03-27 jw: No privileged action required.
-        // A class can always access the classloader of itself and of subclasses.
         if (rb == null) {
             rb = loadBundle(
               getClass().getClassLoader(),
@@ -302,22 +299,12 @@ public class DefaultMessageInterpolator 
         return src.replace("\\", "\\\\").replace("$", "\\$");
     }
 
-
-
-    /**
-     * Perform action with AccessController.doPrivileged() if a security manager is installed.
-     *
-     * @param action
-     *  the action to run
-     * @return
-     *  result of the action
-     */
-    private static <T> T doPrivileged(final PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
+    @Privileged
+    private ClassLoader contextClassLoader() {
+        try {
+            return Thread.currentThread().getContextClassLoader();
+        } catch (Exception e) {
+            return null;
         }
     }
-
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/DefaultValidationProviderResolver.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/DefaultValidationProviderResolver.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/DefaultValidationProviderResolver.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/DefaultValidationProviderResolver.java Wed Nov  7 17:44:26 2012
@@ -16,7 +16,6 @@
  */
 package org.apache.bval.jsr303;
 
-
 import javax.validation.ValidationException;
 import javax.validation.ValidationProviderResolver;
 import javax.validation.spi.ValidationProvider;
@@ -24,12 +23,12 @@ import java.io.BufferedReader;
 import java.io.IOException;
 import java.io.InputStreamReader;
 import java.net.URL;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.List;
 
+import mbenson.privileged.Privileged;
+
 public class DefaultValidationProviderResolver implements ValidationProviderResolver {
 
     //TODO - Spec recommends caching per classloader
@@ -60,20 +59,10 @@ public class DefaultValidationProviderRe
                         if (!line.startsWith("#")) {
                             try {
                                 // try loading the specified class
-                                final Class<?> provider = cl.loadClass(line);
+                                final Class<? extends ValidationProvider> provider = cl.loadClass(line).asSubclass(ValidationProvider.class);
                                 // create an instance to return
-                                ValidationProvider<?> vp =
-                                        AccessController.doPrivileged(new PrivilegedAction<ValidationProvider<?>>() {
-                                            public ValidationProvider<?> run() {
-                                                try {
-                                                    return (ValidationProvider<?>) provider.newInstance();
-                                                } catch (final Exception ex) {
-                                                    throw new ValidationException("Cannot instantiate : " + provider, ex);
-                                                }
-                                            }
-                                        });
-                                 providers.add(vp);
-
+                                final ValidationProvider<?> vp = createInstance(provider);
+                                providers.add(vp);
                             } catch (ClassNotFoundException e) {
                                 throw new ValidationException("Failed to load provider " +
                                         line + " configured in file " + url, e);
@@ -95,4 +84,13 @@ public class DefaultValidationProviderRe
         // caller must handle the case of no providers found
         return providers;
     }
+
+    @Privileged
+    private static <T> T createInstance(Class<? extends T> type) {
+        try {
+            return type.newInstance();
+        } catch (final Exception ex) {
+            throw new ValidationException("Cannot instantiate : " + type, ex);
+        }
+    }
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/Jsr303MetaBeanFactory.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/Jsr303MetaBeanFactory.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/Jsr303MetaBeanFactory.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/Jsr303MetaBeanFactory.java Wed Nov  7 17:44:26 2012
@@ -19,11 +19,10 @@
 package org.apache.bval.jsr303;
 
 import java.lang.annotation.Annotation;
+import java.lang.reflect.AccessibleObject;
 import java.lang.reflect.Field;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.logging.Level;
@@ -38,7 +37,6 @@ import javax.validation.groups.Default;
 import org.apache.bval.MetaBeanFactory;
 import org.apache.bval.jsr303.groups.Group;
 import org.apache.bval.jsr303.util.ClassHelper;
-import org.apache.bval.jsr303.util.SecureActions;
 import org.apache.bval.jsr303.xml.MetaConstraint;
 import org.apache.bval.model.MetaBean;
 import org.apache.bval.model.MetaProperty;
@@ -46,6 +44,8 @@ import org.apache.bval.util.AccessStrate
 import org.apache.bval.util.FieldAccess;
 import org.apache.bval.util.MethodAccess;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Description: process the class annotations for JSR303 constraint validations to build the MetaBean with information
  * from annotations and JSR303 constraint mappings (defined in xml)<br/>
@@ -120,8 +120,7 @@ public class Jsr303MetaBeanFactory imple
                 metabean));
         }
 
-        final Field[] fields = doPrivileged(SecureActions.getDeclaredFields(beanClass));
-        for (Field field : fields) {
+        for (Field field : getDeclaredFields(beanClass)) {
             MetaProperty metaProperty = metabean.getProperty(field.getName());
             // create a property for those fields for which there is not yet a
             // MetaProperty
@@ -137,8 +136,7 @@ public class Jsr303MetaBeanFactory imple
                 }
             }
         }
-        final Method[] methods = doPrivileged(SecureActions.getDeclaredMethods(beanClass));
-        for (Method method : methods) {
+        for (Method method : getDeclaredMethods(beanClass)) {
             String propName = null;
             if (method.getParameterTypes().length == 0) {
                 propName = MethodAccess.getPropertyName(method);
@@ -296,22 +294,21 @@ public class Jsr303MetaBeanFactory imple
         return result;
     }
 
+    @Privileged
+    private static Field[] getDeclaredFields(Class<?> type) {
+        final Field[] result = type.getDeclaredFields();
+        if (result.length > 0) {
+            AccessibleObject.setAccessible(result, true);
+        }
+        return result;
+    }
 
-
-
-    /**
-     * Perform action with AccessController.doPrivileged() if a security manager is installed.
-     *
-     * @param action
-     *  the action to run
-     * @return
-     *  result of the action
-     */
-    private static <T> T doPrivileged(final PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
+    @Privileged
+    private static Method[] getDeclaredMethods(Class<?> type) {
+        final Method[] result = type.getDeclaredMethods();
+        if (result.length > 0) {
+            AccessibleObject.setAccessible(result, true);
         }
+        return result;
     }
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java Wed Nov  7 17:44:26 2012
@@ -17,8 +17,6 @@
 package org.apache.bval.jsr303.resolver;
 
 import java.lang.annotation.ElementType;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
@@ -26,8 +24,8 @@ import javax.validation.Path;
 import javax.validation.TraversableResolver;
 
 import org.apache.bval.jsr303.util.ClassHelper;
-import org.apache.bval.util.PrivilegedActions;
-import org.apache.commons.lang3.ClassUtils;
+
+import mbenson.privileged.Privileged;
 
 /** @see javax.validation.TraversableResolver */
 public class DefaultTraversableResolver implements TraversableResolver, CachingRelevant {
@@ -74,9 +72,13 @@ public class DefaultTraversableResolver 
     /** Tries to load detect and load JPA. */
     @SuppressWarnings("unchecked")
     private void initJpa() {
-        final ClassLoader classLoader = getClassLoader();
+        ClassLoader classLoader = contextClassLoader();
+        if (classLoader == null) {
+            classLoader = getClass().getClassLoader();
+        }
         try {
-            PrivilegedActions.getClass(classLoader, PERSISTENCE_UTIL_CLASSNAME);
+            // no security needed as classLoader should not be null:
+            Class.forName(PERSISTENCE_UTIL_CLASSNAME, true, classLoader);
             log.log(Level.FINEST, String.format("Found %s on classpath.", PERSISTENCE_UTIL_CLASSNAME));
         } catch (Exception e) {
             log.log(Level.FINEST, String.format("Cannot find %s on classpath. All properties will per default be traversable.", PERSISTENCE_UTIL_CLASSNAME));
@@ -85,8 +87,7 @@ public class DefaultTraversableResolver 
 
         try {
             Class<? extends TraversableResolver> jpaAwareResolverClass =
-              (Class<? extends TraversableResolver>)
-                ClassUtils.getClass(classLoader, JPA_AWARE_TRAVERSABLE_RESOLVER_CLASSNAME, true);
+                Class.forName(JPA_AWARE_TRAVERSABLE_RESOLVER_CLASSNAME, true, classLoader).asSubclass(TraversableResolver.class);
             jpaTR = jpaAwareResolverClass.newInstance();
             log.log(Level.FINEST, String.format("Instantiated an instance of %s.", JPA_AWARE_TRAVERSABLE_RESOLVER_CLASSNAME));
         } catch (Exception e) {
@@ -104,20 +105,12 @@ public class DefaultTraversableResolver 
         return jpaTR != null && CachingTraversableResolver.needsCaching(jpaTR);
     }
 
-    private static ClassLoader getClassLoader()
-    {
-      return (System.getSecurityManager() == null)
-        ? getClassLoader0()
-        : AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
-              public ClassLoader run() {
-                return getClassLoader0();
-              }
-          });
-    }
-
-    private static ClassLoader getClassLoader0()
-    {
-      final ClassLoader loader = Thread.currentThread().getContextClassLoader();
-      return (loader != null) ? loader : ClassHelper.class.getClassLoader();
+    @Privileged
+    private static ClassLoader contextClassLoader() {
+        try {
+            return Thread.currentThread().getContextClassLoader();
+        } catch (Exception e) {
+            return null;
+        }
     }
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/util/ClassHelper.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/util/ClassHelper.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/util/ClassHelper.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/util/ClassHelper.java Wed Nov  7 17:44:26 2012
@@ -18,20 +18,16 @@
  */
 package org.apache.bval.jsr303.util;
 
-import org.apache.commons.lang3.ClassUtils;
-
-import java.security.AccessController;
 import java.util.List;
 
 /**
- * Common operations on classes that do not require an {@link AccessController}.
+ * Common Class operations that do not involve Java security checks.
  * 
  * @author Carlos Vara
  */
 public class ClassHelper {
 
     private ClassHelper() {
-        // No instances please
     }
 
     /**
@@ -43,7 +39,7 @@ public class ClassHelper {
      * @param clazz
      *            The current class, root of the hierarchy to traverse.
      */
-    static public void fillFullClassHierarchyAsList(List<Class<?>> allClasses, Class<?> clazz) {
+    public static void fillFullClassHierarchyAsList(List<Class<?>> allClasses, Class<?> clazz) {
         if (clazz == null || clazz == Object.class) {
             return;
         }
@@ -57,26 +53,4 @@ public class ClassHelper {
         }
     }
 
-    /**
-     * @deprecated Will be removed for security reasons.
-     *
-     * Perform ClassUtils.getClass functions with Java 2 Security enabled.
-     */
-    @Deprecated
-    public static Class<?> getClass(String className) throws ClassNotFoundException {
-        return getClass(className, true);
-    }
-
-    /**
-     * @deprecated Will be removed for security reasons.
-     *
-     * Perform ClassUtils.getClass functions with Java 2 Security enabled.
-     */
-    @Deprecated
-    public static Class<?> getClass(String className, boolean initialize) throws ClassNotFoundException {
-        ClassLoader loader = Thread.currentThread().getContextClassLoader();
-        if (loader == null)
-          loader = ClassHelper.class.getClassLoader();
-        return ClassUtils.getClass(loader, className, initialize);
-    }
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/util/ConstraintDefinitionValidator.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/util/ConstraintDefinitionValidator.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/util/ConstraintDefinitionValidator.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/util/ConstraintDefinitionValidator.java Wed Nov  7 17:44:26 2012
@@ -25,10 +25,10 @@ import org.apache.bval.jsr303.Constraint
 
 import java.lang.annotation.Annotation;
 import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Locale;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Internal validator that ensures the correct definition of constraint
  * annotations.
@@ -59,8 +59,7 @@ public class ConstraintDefinitionValidat
      *            The annotation to check.
      */
     private static void validAttributes(final Annotation annotation) {
-        final Method[] methods = run(SecureActions.getDeclaredMethods(annotation.annotationType()));
-        for (Method method : methods ){
+        for (Method method : getDeclaredMethods(annotation.annotationType())) {
             // Currently case insensitive, the spec is unclear about this
             if (method.getName().toLowerCase(Locale.ENGLISH).startsWith("valid")) {
                 throw new ConstraintDefinitionException(
@@ -69,11 +68,8 @@ public class ConstraintDefinitionValidat
         }
     }
 
-    private static <T> T run(PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
-        }
+    @Privileged
+    private static Method[] getDeclaredMethods(Class<?> type) {
+        return type.getDeclaredMethods();
     }
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/AnnotationProxy.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/AnnotationProxy.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/AnnotationProxy.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/AnnotationProxy.java Wed Nov  7 17:44:26 2012
@@ -18,16 +18,15 @@ package org.apache.bval.jsr303.xml;
 
 import java.io.Serializable;
 import java.lang.annotation.Annotation;
+import java.lang.reflect.AccessibleObject;
 import java.lang.reflect.InvocationHandler;
 import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.SortedSet;
-import java.util.TreeSet;
+import java.util.TreeMap;
 
-import org.apache.bval.jsr303.util.SecureActions;
+import mbenson.privileged.Privileged;
 
 /**
  * Description: <br/>
@@ -56,13 +55,10 @@ class AnnotationProxy implements Annotat
         values = getAnnotationValues(descriptor);
     }
 
-    private <A extends Annotation> Map<String, Object> getAnnotationValues(AnnotationProxyBuilder<A> descriptor) {
-        Map<String, Object> result = new HashMap<String, Object>();
+    private static <A extends Annotation> Map<String, Object> getAnnotationValues(AnnotationProxyBuilder<A> descriptor) {
+        Map<String, Object> result = new TreeMap<String, Object>();
         int processedValuesFromDescriptor = 0;
-        final Method[] declaredMethods = doPrivileged(
-          SecureActions.getDeclaredMethods(annotationType)
-        );
-        for (Method m : declaredMethods) {
+        for (Method m : getDeclaredMethods(descriptor.getType())) {
             if (descriptor.contains(m.getName())) {
                 result.put(m.getName(), descriptor.getValue(m.getName()));
                 processedValuesFromDescriptor++;
@@ -73,7 +69,7 @@ class AnnotationProxy implements Annotat
             }
         }
         if (processedValuesFromDescriptor != descriptor.size()) {
-            throw new RuntimeException("Trying to instanciate " + annotationType + " with unknown paramters.");
+            throw new RuntimeException("Trying to instantiate " + descriptor.getType() + " with unknown paramters.");
         }
         return result;
     }
@@ -99,32 +95,26 @@ class AnnotationProxy implements Annotat
      * {@inheritDoc}
      */
     public String toString() {
-        StringBuilder result = new StringBuilder();
-        result.append('@').append(annotationType().getName()).append('(');
+        StringBuilder result = new StringBuilder().append('@').append(annotationType().getName()).append('(');
         boolean comma = false;
-        for (String m : getMethodsSorted()) {
-            if (comma)
+        for (Map.Entry<String, Object> e : values.entrySet()) {
+            if (comma) {
                 result.append(", ");
-            result.append(m).append('=').append(values.get(m));
-            comma = true;
+            } else {
+                comma = true;
+            }
+            result.append(e.getKey()).append('=').append(e.getValue());
         }
-        result.append(")");
-        return result.toString();
+        return result.append(")").toString();
     }
 
-    private SortedSet<String> getMethodsSorted() {
-        SortedSet<String> result = new TreeSet<String>();
-        result.addAll(values.keySet());
+    @Privileged
+    private static Method[] getDeclaredMethods(Class<?> type) {
+        Method[] result = type.getDeclaredMethods();
+        if (result.length > 0) {
+            AccessibleObject.setAccessible(result, true);
+        }
         return result;
     }
 
-
-
-    private static <T> T doPrivileged(final PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
-        }
-    }
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/AnnotationProxyBuilder.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/AnnotationProxyBuilder.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/AnnotationProxyBuilder.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/AnnotationProxyBuilder.java Wed Nov  7 17:44:26 2012
@@ -17,13 +17,10 @@
 package org.apache.bval.jsr303.xml;
 
 import java.lang.annotation.Annotation;
-import java.lang.reflect.Constructor;
+import java.lang.reflect.AccessibleObject;
 import java.lang.reflect.InvocationHandler;
-import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.lang.reflect.Proxy;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -31,7 +28,8 @@ import javax.validation.Payload;
 import javax.validation.ValidationException;
 
 import org.apache.bval.jsr303.ConstraintAnnotationAttributes;
-import org.apache.bval.jsr303.util.SecureActions;
+
+import mbenson.privileged.Privileged;
 
 /**
  * Description: Holds the information and creates an annotation proxy during xml
@@ -60,9 +58,7 @@ final public class AnnotationProxyBuilde
      */
     public AnnotationProxyBuilder(Class<A> annotationType, Map<String, Object> elements) {
         this(annotationType);
-        for (Map.Entry<String, Object> entry : elements.entrySet()) {
-            this.elements.put(entry.getKey(), entry.getValue());
-        }
+        this.elements.putAll(elements);
     }
 
     /**
@@ -75,21 +71,13 @@ final public class AnnotationProxyBuilde
     public AnnotationProxyBuilder(A annot) {
         this((Class<A>) annot.annotationType());
         // Obtain the "elements" of the annotation
-        final Method[] methods = doPrivileged(SecureActions.getDeclaredMethods(annot.annotationType()));
-        for (Method m : methods) {
-            if (!m.isAccessible()) {
-                m.setAccessible(true);
-            }
+        for (Method m : getDeclaredMethods(annot.annotationType())) {
             try {
                 Object value = m.invoke(annot);
                 this.elements.put(m.getName(), value);
-            } catch (IllegalArgumentException e) {
+            } catch (Exception e) {
                 // No args, so should not happen
-                throw new ValidationException("Cannot access annotation " + annot + " element: " + m.getName());
-            } catch (IllegalAccessException e) {
-                throw new ValidationException("Cannot access annotation " + annot + " element: " + m.getName());
-            } catch (InvocationTargetException e) {
-                throw new ValidationException("Cannot access annotation " + annot + " element: " + m.getName());
+                throw new ValidationException("Cannot access annotation " + annot + " element: " + m.getName(), e);
             }
         }
     }
@@ -176,27 +164,27 @@ final public class AnnotationProxyBuilde
      * @return {@link Annotation}
      */
     public A createAnnotation() {
-        ClassLoader classLoader = SecureActions.getClassLoader(getType());
+        return create();
+    }
+
+    @Privileged
+    private A create() {
+        ClassLoader cl = Thread.currentThread().getContextClassLoader();
+        if (cl == null) {
+            cl = type.getClassLoader();
+        }
         @SuppressWarnings("unchecked")
-        final Class<A> proxyClass = (Class<A>) Proxy.getProxyClass(classLoader, getType());
-        final InvocationHandler handler = new AnnotationProxy(this);
-        return doPrivileged(new PrivilegedAction<A>() {
-            public A run() {
-                try {
-                    Constructor<A> constructor = proxyClass.getConstructor(InvocationHandler.class);
-                    return constructor.newInstance(handler);
-                } catch (Exception e) {
-                    throw new ValidationException("Unable to create annotation for configured constraint", e);
-                }
-            }
-        });
+        final A result = (A) Proxy.newProxyInstance(cl, new Class[] { type }, new AnnotationProxy(this));
+        return result;
     }
 
-    private static <T> T doPrivileged(final PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
+    @Privileged
+    private static Method[] getDeclaredMethods(Class<?> type) {
+        Method[] result = type.getDeclaredMethods();
+        if (result.length > 0) {
+            AccessibleObject.setAccessible(result, true);
         }
+        return result;
     }
+
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/ValidationMappingParser.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/ValidationMappingParser.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/ValidationMappingParser.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/ValidationMappingParser.java Wed Nov  7 17:44:26 2012
@@ -16,7 +16,6 @@
  */
 package org.apache.bval.jsr303.xml;
 
-
 import java.io.InputStream;
 import java.io.Serializable;
 import java.lang.annotation.Annotation;
@@ -24,8 +23,6 @@ import java.lang.reflect.Array;
 import java.lang.reflect.Field;
 import java.lang.reflect.Member;
 import java.lang.reflect.Method;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -49,13 +46,13 @@ import org.apache.bval.jsr303.ApacheVali
 import org.apache.bval.jsr303.ConstraintAnnotationAttributes;
 import org.apache.bval.jsr303.util.EnumerationConverter;
 import org.apache.bval.jsr303.util.IOUtils;
-import org.apache.bval.jsr303.util.SecureActions;
 import org.apache.bval.util.FieldAccess;
 import org.apache.bval.util.MethodAccess;
 import org.apache.commons.beanutils.ConvertUtils;
 import org.apache.commons.beanutils.Converter;
 import org.apache.commons.lang3.StringUtils;
 
+import mbenson.privileged.Privileged;
 
 /**
  * Uses JAXB to parse constraints.xml based on validation-mapping-1.0.xsd.<br>
@@ -196,7 +193,7 @@ public class ValidationMappingParser {
 
     private <A extends Annotation> Class<?> getAnnotationParameterType(
           final Class<A> annotationClass, final String name) {
-        final Method m = doPrivileged(SecureActions.getPublicMethod(annotationClass, name));
+        final Method m = getMethod(annotationClass, name);
         if (m == null) {
             throw new ValidationException("Annotation of type " + annotationClass.getName() +
                   " does not contain a parameter " + name + ".");
@@ -365,7 +362,7 @@ public class ValidationMappingParser {
             } else {
                 fieldNames.add(fieldName);
             }
-            final Field field = doPrivileged(SecureActions.getDeclaredField(beanClass, fieldName));
+            final Field field = getDeclaredField(beanClass, fieldName);
             if (field == null) {
                 throw new ValidationException(
                       beanClass.getName() + " does not contain the fieldType  " + fieldName);
@@ -521,43 +518,21 @@ public class ValidationMappingParser {
         return clazz.contains(".");
     }
 
-
-
-    private static <T> T doPrivileged(final PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
-        }
-    }
-
-
-
     private static Method getGetter(final Class<?> clazz, final String propertyName) {
-        return doPrivileged(new PrivilegedAction<Method>() {
-            public Method run() {
-                try {
-                    final String p = StringUtils.capitalize(propertyName);
-                    try {
-                        return clazz.getMethod("get" + p);
-                    } catch (NoSuchMethodException e) {
-                        return clazz.getMethod("is" + p);
-                    }
-                } catch (NoSuchMethodException e) {
-                    return null;
-                }
-            }
-        });
-
+        final String p = StringUtils.capitalize(propertyName);
+        Method result = getMethod(clazz, "get" + p);
+        if (result == null) {
+            result = getMethod(clazz, "is" + p);
+        }
+        return result;
     }
 
-
-
     private Class<?> loadClass(final String className) {
-        ClassLoader loader = doPrivileged(SecureActions.getContextClassLoader());
-        if (loader == null)
-            loader = getClass().getClassLoader();
+        ClassLoader loader = contextClassLoader();
 
+        if (loader == null) {
+            loader = getClass().getClassLoader();
+        }
         try {
             return Class.forName(className, true, loader);
         } catch (ClassNotFoundException ex) {
@@ -565,4 +540,30 @@ public class ValidationMappingParser {
         }
     }
 
+    @Privileged
+    private static ClassLoader contextClassLoader() {
+        try {
+            return Thread.currentThread().getContextClassLoader();
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    @Privileged
+    private static Method getMethod(Class<?> host, String name, Class<?>... argTypes) {
+        try {
+            return host.getMethod(name, argTypes);
+        } catch (NoSuchMethodException e) {
+            return null;
+        }
+    }
+
+    @Privileged
+    private static Field getDeclaredField(Class<?> host, String name) {
+        try {
+            return host.getDeclaredField(name);
+        } catch (NoSuchFieldException e) {
+            return null;
+        }
+    }
 }

Modified: bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/ValidationParser.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/ValidationParser.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/ValidationParser.java (original)
+++ bval/branches/privileged2/src/main/java/org/apache/bval/jsr303/xml/ValidationParser.java Wed Nov  7 17:44:26 2012
@@ -18,11 +18,8 @@
  */
 package org.apache.bval.jsr303.xml;
 
-
 import org.apache.bval.jsr303.ConfigurationImpl;
 import org.apache.bval.jsr303.util.IOUtils;
-import org.apache.bval.jsr303.util.SecureActions;
-import org.apache.bval.util.PrivilegedActions;
 import org.xml.sax.SAXException;
 
 import javax.validation.ConstraintValidatorFactory;
@@ -41,12 +38,12 @@ import javax.xml.validation.SchemaFactor
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
-import java.security.AccessController;
-import java.security.PrivilegedAction;
 import java.util.Enumeration;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Description: uses jaxb to parse validation.xml<br/>
  */
@@ -83,6 +80,7 @@ public class ValidationParser {
         }
     }
 
+    @Privileged
     private ValidationConfigType parseXmlConfig() {
         InputStream inputStream = null;
         try {
@@ -112,7 +110,10 @@ public class ValidationParser {
     }
 
     protected InputStream getInputStream(String path) throws IOException {
-        ClassLoader loader = PrivilegedActions.getClassLoader(getClass());
+        ClassLoader loader = contextClassLoader();
+        if (loader == null) {
+            loader = getClass().getClassLoader();
+        }
         InputStream inputStream = loader.getResourceAsStream(path);
 
         if (inputStream != null) {
@@ -143,7 +144,10 @@ public class ValidationParser {
      * @return {@link Schema}
      */
     static Schema getSchema(String xsd) {
-        ClassLoader loader = PrivilegedActions.getClassLoader(ValidationParser.class);
+        ClassLoader loader = contextClassLoader();
+        if (loader == null) {
+            loader = classLoaderFor(ValidationParser.class);
+        }
         SchemaFactory sf = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
         URL schemaUrl = loader.getResource(xsd);
         try {
@@ -211,16 +215,13 @@ public class ValidationParser {
         }
     }
 
+    @Privileged
     private <T> T newInstance(final Class<T> cls) {
-        return AccessController.doPrivileged(new PrivilegedAction<T>() {
-            public T run() {
-                try {
-                    return cls.newInstance();
-                } catch (final Exception ex) {
-                    throw new ValidationException("Cannot instantiate : " + cls, ex);
-                }
-            }
-        });
+        try {
+            return cls.newInstance();
+        } catch (final Exception ex) {
+            throw new ValidationException("Cannot instantiate : " + cls, ex);
+        }
     }
 
     @SuppressWarnings("unchecked")
@@ -262,20 +263,11 @@ public class ValidationParser {
         }
     }
 
-
-    private static <T> T doPrivileged(final PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
-        }
-    }
-
     private Class<?> loadClass(final String className) {
-        ClassLoader loader = doPrivileged(SecureActions.getContextClassLoader());
-        if (loader == null)
+        ClassLoader loader = contextClassLoader();
+        if (loader == null) {
             loader = getClass().getClassLoader();
-
+        }
         try {
             return Class.forName(className, true, loader);
         } catch (ClassNotFoundException ex) {
@@ -283,4 +275,17 @@ public class ValidationParser {
         }
     }
 
+    @Privileged
+    private static ClassLoader contextClassLoader() {
+        try {
+            return Thread.currentThread().getContextClassLoader();
+        } catch (Exception e) {
+            return null;
+        }
+    }
+
+    @Privileged
+    private static ClassLoader classLoaderFor(Class<?> type) {
+        return type.getClassLoader();
+    }
 }

Modified: bval/branches/privileged2/src/test/java/org/apache/bval/jsr303/ConstraintValidatorContextTest.java
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/test/java/org/apache/bval/jsr303/ConstraintValidatorContextTest.java?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/test/java/org/apache/bval/jsr303/ConstraintValidatorContextTest.java (original)
+++ bval/branches/privileged2/src/test/java/org/apache/bval/jsr303/ConstraintValidatorContextTest.java Wed Nov  7 17:44:26 2012
@@ -32,6 +32,8 @@ import org.mockito.stubbing.Answer;
 import javax.validation.ConstraintValidatorContext;
 import javax.validation.ConstraintValidatorContext.ConstraintViolationBuilder;
 
+import mbenson.privileged.Privileged;
+
 /**
  * Checks to validate the correct implementation of
  * {@link ConstraintValidatorContext} and its sub-interfaces.
@@ -50,6 +52,7 @@ public class ConstraintValidatorContextT
      * {@inheritDoc}
      */
     @Override
+    @Privileged
     public void setUp() throws Exception {
         super.setUp();
         MockitoAnnotations.initMocks(this);

Modified: bval/branches/privileged2/src/test/resources/java.policy
URL: http://svn.apache.org/viewvc/bval/branches/privileged2/src/test/resources/java.policy?rev=1406733&r1=1405063&r2=1406733&view=diff
==============================================================================
--- bval/branches/privileged2/src/test/resources/java.policy (original)
+++ bval/branches/privileged2/src/test/resources/java.policy Wed Nov  7 17:44:26 2012
@@ -38,12 +38,6 @@ grant codeBase "file://${user.home}/.m2/
   permission java.security.AllPermission;
 };
 
-// junit;
-grant codeBase "file://${user.home}/.m2/repository/junit/-"
-{
-  permission java.security.AllPermission;
-};
-
 // mockito;
 grant codeBase "file://${user.home}/.m2/repository/org/mockito/-"
 {



Mime
View raw message