diff --git a/appserver/jdbc/jdbc-ra/jdbc-core/src/main/java/com/sun/gjc/util/MethodExecutor.java b/appserver/jdbc/jdbc-ra/jdbc-core/src/main/java/com/sun/gjc/util/MethodExecutor.java index fed58ae5932..4db6423c62d 100644 --- a/appserver/jdbc/jdbc-ra/jdbc-core/src/main/java/com/sun/gjc/util/MethodExecutor.java +++ b/appserver/jdbc/jdbc-ra/jdbc-core/src/main/java/com/sun/gjc/util/MethodExecutor.java @@ -47,6 +47,10 @@ import javax.resource.ResourceException; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.Vector; import java.util.Properties; import java.util.logging.Level; @@ -87,28 +91,38 @@ public void runJavaBeanMethod(String value, Method method, Object obj) throws Re if (value == null || value.trim().equals("")) { return; } - try { - Class[] parameters = method.getParameterTypes(); - if (parameters.length == 1) { - Object[] values = new Object[1]; - values[0] = convertType(parameters[0], value); - method.invoke(obj, values); + + Class[] parameters = method.getParameterTypes(); + if (parameters.length == 1) { + Object[] values = new Object[1]; + values[0] = convertType(parameters[0], value); + + final ResourceException[] exception = new ResourceException[1]; + AccessController + .doPrivileged(new PrivilegedAction() { + public Object run() { + try { + method.setAccessible(true); + method.invoke(obj, values); + } catch (IllegalAccessException | InvocationTargetException | SecurityException iae) { + _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value); + _logger.log(Level.SEVERE, "", iae); + String msg = sm.getString("me.access_denied", + method.getName()); + exception[0] = new ResourceException(msg); + } catch (IllegalArgumentException ie) { + _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value); + _logger.log(Level.SEVERE, "", ie); + String msg = sm + .getString("me.illegal_args", method.getName()); + exception[0] = new ResourceException(msg); + } + return null; + } + }); + if( exception[0] != null){ + throw exception[0]; } - } catch (IllegalAccessException iae) { - _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value); - _logger.log(Level.SEVERE, "", iae); - String msg = sm.getString("me.access_denied", method.getName()); - throw new ResourceException(msg); - } catch (IllegalArgumentException ie) { - _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value); - _logger.log(Level.SEVERE, "", ie); - String msg = sm.getString("me.illegal_args", method.getName()); - throw new ResourceException(msg); - } catch (InvocationTargetException ite) { - _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value); - _logger.log(Level.SEVERE, "", ite); - String msg = sm.getString("me.access_denied", method.getName()); - throw new ResourceException(msg); } } @@ -123,7 +137,6 @@ public void runJavaBeanMethod(String value, Method method, Object obj) throws Re * a security violation. */ public void runMethod(Method method, Object obj, Vector values) throws ResourceException { - try { Class[] parameters = method.getParameterTypes(); if (values.size() != parameters.length) { return; @@ -137,22 +150,30 @@ public void runMethod(Method method, Object obj, Vector values) throws ResourceE actualValues[i] = convertType(parameters[i], val); } } - method.invoke(obj, actualValues); - } catch (IllegalAccessException iae) { - _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values); - _logger.log(Level.SEVERE, "", iae); - String msg = sm.getString("me.access_denied", method.getName()); - throw new ResourceException(msg); - } catch (IllegalArgumentException ie) { - _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values); - _logger.log(Level.SEVERE, "", ie); - String msg = sm.getString("me.illegal_args", method.getName()); - throw new ResourceException(msg); - } catch (InvocationTargetException ite) { - _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values); - _logger.log(Level.SEVERE, "", ite); - String msg = sm.getString("me.access_denied", method.getName()); - throw new ResourceException(msg); + final ResourceException[] exception = new ResourceException[1]; + AccessController.doPrivileged(new PrivilegedAction() { + public Object run() { + try { + method.setAccessible(true); + method.invoke(obj, actualValues); + } catch (IllegalAccessException | InvocationTargetException | SecurityException iae) { + _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values); + _logger.log(Level.SEVERE, "", iae); + String msg = sm + .getString("me.access_denied", method.getName()); + exception[0] = new ResourceException(msg); + } catch (IllegalArgumentException ie) { + _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values); + _logger.log(Level.SEVERE, "", ie); + String msg = sm + .getString("me.illegal_args", method.getName()); + exception[0] = new ResourceException(msg); + } + return null; + } + }); + if( exception[0] != null){ + throw exception[0]; } } @@ -225,7 +246,7 @@ private Object convertType(Class type, String parameter) throws ResourceExceptio public Object invokeMethod(Object object, String methodName, Class[] valueTypes, Object... values) throws ResourceException { Object returnValue = null; - Method actualMethod = null; + Method actualMethod ; try { actualMethod = object.getClass().getMethod(methodName, valueTypes); } catch (NoSuchMethodException ex) { @@ -235,13 +256,17 @@ public Object invokeMethod(Object object, String methodName, } if (actualMethod != null) { try { - returnValue = actualMethod.invoke(object, values); - } catch (IllegalAccessException ex) { - throw new ResourceException(ex); - } catch (IllegalArgumentException ex) { - throw new ResourceException(ex); - } catch (InvocationTargetException ex) { - throw new ResourceException(ex); + returnValue = AccessController.doPrivileged( + (PrivilegedExceptionAction) () -> { + actualMethod.setAccessible(true); + return actualMethod.invoke(object, values); + }); + } catch (PrivilegedActionException e) { + if(e.getException() != null){ + throw new ResourceException(e.getException()); + }else{ + throw new ResourceException(e); + } } } return returnValue;