Uploaded image for project: 'Hibernate ORM'
  1. HHH-11615

Envers integration tests fail when WildFly security manager is enabled

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.2.12, 5.1.14
    • Component/s: hibernate-envers
    • Labels:
      None
    • Bug Testcase Reminder (view):

      Bug reports should generally be accompanied by a test case!

    • Last commented by a user?:
      true

      Description

      See WFLY-8377 and JBEAP-9597 for details about WildFly integration test failures (linked).

      I've looked into this issue and found that Envers uses reflection at run time to obtain constructors, getters, and setters. The helper that is used to obtain these is org.hibernate.internal.util.ReflectHelper which is loaded in the Hibernate ClassLoader. By debugging, I can see that the security check fails because the ReflectHelper ClassLoader is not the TCCL.

      Most, if not all, of these constructors, getters, and setters are already stashed in Hibernate tuplizers at deployment time. We can avoid most, hopefully all, of the security exceptions by changing Envers to use the Hibernate tuplizers instead of reflection at run time.

      If there are any security exceptions that are left after making these changes, we will look into adding privileged blocks.

        Attachments

          Issue links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: