PersistenceUtilHelper calls clazz.getDeclaredField/Method without doPrivileged(). Because of this, deployments in EE needs to have RuntimePermission("accessDeclaredMembers") when using Hibernate Validator and running with Security Manager enabled.
It would be nice if getDeclaredField/Method calling can be done inside of doPrivileged() block.
I am not sure if the component assigned to this Jira is correct. PersistenceUtilHelper is located at Hibernate EntityManager, but I hit this issue through Hibernate Validator used by a deployment in WildFly server, see the following stacktrace:
Fixed in master and 5.0 branches.