0 Replies Latest reply on Sep 5, 2008 11:10 AM by Adrian Brock

    AccessControlException ReflectionUtils.findMethod

    Adrian Brock Master

      Updating the MC to use the latest jboss-reflection shows the
      change to ReflectionUtils.findMethod() to use getDeclaredMethod()
      is breaking code that doesn't have permission to getDeclaredMethods

      Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.167 sec <<< FAILURE!
      testContainerInjection(org.jboss.test.kernel.deployment.test.BeanContainerInjectionTestCase) Time elapsed: 0.03 sec <<< ERROR!
      java.security.AccessControlException: access denied (java.lang.RuntimePermission accessDeclaredMembers)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
       at java.security.AccessController.checkPermission(AccessController.java:427)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
       at java.lang.SecurityManager.checkMemberAccess(SecurityManager.java:1662)
       at java.lang.Class.checkMemberAccess(Class.java:2125)
       at java.lang.Class.getDeclaredMethods(Class.java:1762)
       at org.jboss.reflect.plugins.introspection.ReflectionUtils.findMethod(ReflectionUtils.java:230)
       at org.jboss.reflect.plugins.introspection.ReflectionUtils.findMethod(ReflectionUtils.java:248)
       at org.jboss.metadata.plugins.loader.reflection.AnnotatedElementMetaDataLoader.getComponentMetaDataRetrieval(AnnotatedElementMetaDataLoader.java:148)
       at org.jboss.metadata.spi.retrieval.MetaDataRetrievalToMetaDataBridge.getComponentMetaData(MetaDataRetrievalToMetaDataBridge.java:160)
       at org.jboss.kernel.plugins.annotations.CommonAnnotationAdapter.handleMethod(CommonAnnotationAdapter.java:352)
       at org.jboss.kernel.plugins.annotations.CommonAnnotationAdapter.handleAnnotations(CommonAnnotationAdapter.java:258)
       at org.jboss.kernel.plugins.annotations.AbstractMetaDataAnnotationAdapter.applyAnnotations(AbstractMetaDataAnnotationAdapter.java:39)
       at org.jboss.kernel.spi.annotations.AnnotationToBeanMetaDataFactory.fillBeanMetaData(AnnotationToBeanMetaDataFactory.java:248)
       at org.jboss.kernel.spi.annotations.AnnotationToBeanMetaDataFactory.createBeanMetaData(AnnotationToBeanMetaDataFactory.java:123)
       at org.jboss.test.kernel.deployment.test.BeanContainerInjectionTestCase.testContainerInjection(BeanContainerInjectionTestCase.java:49)
      


      We obviously don't want to leak this permission by putting privileged blocks
      in ReflectionUtils so we need to introduce privileged blocks in
      AnnotatedElementMetaDataLoader.

      Where else uses ReflectionUtils.findXXX() ?