Fixes #21905: Using Hibernate 5.x and Oracle driver throws IllegalAcc…

…essException (#22142)

* use setAccessible(true) in doPrivileged block

appserver/jdbc/jdbc-ra/jdbc-core/src/main/java/com/sun/gjc/util/MethodExecutor.java

@@ -47,6 +47,10 @@
 import javax.resource.ResourceException;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.Vector;
 import java.util.Properties;
 import java.util.logging.Level;
@@ -87,28 +91,38 @@ public void runJavaBeanMethod(String value, Method method, Object obj) throws Re
  if (value == null || value.trim().equals("")) {
  return;
  }
- try {
- Class[] parameters = method.getParameterTypes();
- if (parameters.length == 1) {
- Object[] values = new Object[1];
- values[0] = convertType(parameters[0], value);
- method.invoke(obj, values);
+
+ Class[] parameters = method.getParameterTypes();
+ if (parameters.length == 1) {
+ Object[] values = new Object[1];
+ values[0] = convertType(parameters[0], value);
+
+ final ResourceException[] exception = new ResourceException[1];
+ AccessController
+ .doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ try {
+ method.setAccessible(true);
+ method.invoke(obj, values);
+ } catch (IllegalAccessException | InvocationTargetException | SecurityException iae) {
+ _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value);
+ _logger.log(Level.SEVERE, "", iae);
+ String msg = sm.getString("me.access_denied",
+ method.getName());
+ exception[0] = new ResourceException(msg);
+ } catch (IllegalArgumentException ie) {
+ _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value);
+ _logger.log(Level.SEVERE, "", ie);
+ String msg = sm
+ .getString("me.illegal_args", method.getName());
+ exception[0] = new ResourceException(msg);
+ }
+ return null;
+ }
+ });
+ if( exception[0] != null){
+ throw exception[0];
  }
- } catch (IllegalAccessException iae) {
- _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value);
- _logger.log(Level.SEVERE, "", iae);
- String msg = sm.getString("me.access_denied", method.getName());
- throw new ResourceException(msg);
- } catch (IllegalArgumentException ie) {
- _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value);
- _logger.log(Level.SEVERE, "", ie);
- String msg = sm.getString("me.illegal_args", method.getName());
- throw new ResourceException(msg);
- } catch (InvocationTargetException ite) {
- _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value);
- _logger.log(Level.SEVERE, "", ite);
- String msg = sm.getString("me.access_denied", method.getName());
- throw new ResourceException(msg);
  }
  }
 
@@ -123,7 +137,6 @@ public void runJavaBeanMethod(String value, Method method, Object obj) throws Re
  * a security violation.
  */
  public void runMethod(Method method, Object obj, Vector values) throws ResourceException {
- try {
  Class[] parameters = method.getParameterTypes();
  if (values.size() != parameters.length) {
  return;
@@ -137,22 +150,30 @@ public void runMethod(Method method, Object obj, Vector values) throws ResourceE
  actualValues[i] = convertType(parameters[i], val);
  }
  }
- method.invoke(obj, actualValues);
- } catch (IllegalAccessException iae) {
- _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values);
- _logger.log(Level.SEVERE, "", iae);
- String msg = sm.getString("me.access_denied", method.getName());
- throw new ResourceException(msg);
- } catch (IllegalArgumentException ie) {
- _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values);
- _logger.log(Level.SEVERE, "", ie);
- String msg = sm.getString("me.illegal_args", method.getName());
- throw new ResourceException(msg);
- } catch (InvocationTargetException ite) {
- _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values);
- _logger.log(Level.SEVERE, "", ite);
- String msg = sm.getString("me.access_denied", method.getName());
- throw new ResourceException(msg);
+ final ResourceException[] exception = new ResourceException[1];
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ try {
+ method.setAccessible(true);
+ method.invoke(obj, actualValues);
+ } catch (IllegalAccessException | InvocationTargetException | SecurityException iae) {
+ _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values);
+ _logger.log(Level.SEVERE, "", iae);
+ String msg = sm
+ .getString("me.access_denied", method.getName());
+ exception[0] = new ResourceException(msg);
+ } catch (IllegalArgumentException ie) {
+ _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values);
+ _logger.log(Level.SEVERE, "", ie);
+ String msg = sm
+ .getString("me.illegal_args", method.getName());
+ exception[0] = new ResourceException(msg);
+ }
+ return null;
+ }
+ });
+ if( exception[0] != null){
+ throw exception[0];
  }
  }
 
@@ -225,7 +246,7 @@ private Object convertType(Class type, String parameter) throws ResourceExceptio
  public Object invokeMethod(Object object, String methodName, 
  Class<?>[] valueTypes, Object... values) throws ResourceException {
  Object returnValue = null;
- Method actualMethod = null;
+ Method actualMethod ;
  try {
  actualMethod = object.getClass().getMethod(methodName, valueTypes);
  } catch (NoSuchMethodException ex) {
@@ -235,13 +256,17 @@ public Object invokeMethod(Object object, String methodName,
  }
  if (actualMethod != null) {
  try {
- returnValue = actualMethod.invoke(object, values);
- } catch (IllegalAccessException ex) {
- throw new ResourceException(ex);
- } catch (IllegalArgumentException ex) {
- throw new ResourceException(ex);
- } catch (InvocationTargetException ex) {
- throw new ResourceException(ex);
+ returnValue = AccessController.doPrivileged(
+ (PrivilegedExceptionAction<Object>) () -> {
+ actualMethod.setAccessible(true);
+ return actualMethod.invoke(object, values);
+ });
+ } catch (PrivilegedActionException e) {
+ if(e.getException() != null){
+ throw new ResourceException(e.getException());
+ }else{
+ throw new ResourceException(e);
+ }
  }
  }
  return returnValue;