Fixes #21905: Using Hibernate 5.x and Oracle driver throws IllegalAccessException (#22142)

* use setAccessible(true) in doPrivileged block

Author: h2002044

appserver/jdbc/jdbc-ra/jdbc-core/src/main/java/com/sun/gjc/util/MethodExecutor.java

@@ -47,6 +47,10 @@
 import javax.resource.ResourceException;
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.Vector;
 import java.util.Properties;
 import java.util.logging.Level;
@@ -87,28 +91,38 @@ public void runJavaBeanMethod(String value, Method method, Object obj) throws Re
         if (value == null || value.trim().equals("")) {
             return;
         }
-        try {
-            Class[] parameters = method.getParameterTypes();
-            if (parameters.length == 1) {
-                Object[] values = new Object[1];
-                values[0] = convertType(parameters[0], value);
-                method.invoke(obj, values);
+
+        Class[] parameters = method.getParameterTypes();
+        if (parameters.length == 1) {
+            Object[] values = new Object[1];
+            values[0] = convertType(parameters[0], value);
+
+            final ResourceException[] exception = new ResourceException[1];
+            AccessController
+                .doPrivileged(new PrivilegedAction() {
+                    public Object run() {
+                        try {
+                            method.setAccessible(true);
+                            method.invoke(obj, values);
+                        } catch (IllegalAccessException | InvocationTargetException | SecurityException iae) {
+                            _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value);
+                            _logger.log(Level.SEVERE, "", iae);
+                            String msg = sm.getString("me.access_denied",
+                                method.getName());
+                            exception[0] = new ResourceException(msg);
+                        } catch (IllegalArgumentException ie) {
+                            _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value);
+                            _logger.log(Level.SEVERE, "", ie);
+                            String msg = sm
+                                .getString("me.illegal_args", method.getName());
+                            exception[0] = new ResourceException(msg);
+                        }
+                        return null;
+                    }
+                });
+            if( exception[0] != null){
+                throw exception[0];
             }
-        } catch (IllegalAccessException iae) {
-            _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value);
-            _logger.log(Level.SEVERE, "", iae);
-            String msg = sm.getString("me.access_denied", method.getName());
-            throw new ResourceException(msg);
-        } catch (IllegalArgumentException ie) {
-            _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value);
-            _logger.log(Level.SEVERE, "", ie);
-            String msg = sm.getString("me.illegal_args", method.getName());
-            throw new ResourceException(msg);
-        } catch (InvocationTargetException ite) {
-            _logger.log(Level.SEVERE, "jdbc.exc_jb_val", value);
-            _logger.log(Level.SEVERE, "", ite);
-            String msg = sm.getString("me.access_denied", method.getName());
-            throw new ResourceException(msg);
         }
     }
 
@@ -123,7 +137,6 @@ public void runJavaBeanMethod(String value, Method method, Object obj) throws Re
      *          a security violation.
      */
     public void runMethod(Method method, Object obj, Vector values) throws ResourceException {
-        try {
             Class[] parameters = method.getParameterTypes();
             if (values.size() != parameters.length) {
                 return;
@@ -137,22 +150,30 @@ public void runMethod(Method method, Object obj, Vector values) throws ResourceE
                     actualValues[i] = convertType(parameters[i], val);
                 }
             }
-            method.invoke(obj, actualValues);
-        } catch (IllegalAccessException iae) {
-            _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values);
-            _logger.log(Level.SEVERE, "", iae);
-            String msg = sm.getString("me.access_denied", method.getName());
-            throw new ResourceException(msg);
-        } catch (IllegalArgumentException ie) {
-            _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values);
-            _logger.log(Level.SEVERE, "", ie);
-            String msg = sm.getString("me.illegal_args", method.getName());
-            throw new ResourceException(msg);
-        } catch (InvocationTargetException ite) {
-            _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values);
-            _logger.log(Level.SEVERE, "", ite);
-            String msg = sm.getString("me.access_denied", method.getName());
-            throw new ResourceException(msg);
+        final ResourceException[] exception = new ResourceException[1];
+         AccessController.doPrivileged(new PrivilegedAction() {
+            public Object run() {
+                try {
+                    method.setAccessible(true);
+                    method.invoke(obj, actualValues);
+                } catch (IllegalAccessException | InvocationTargetException | SecurityException iae) {
+                    _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values);
+                    _logger.log(Level.SEVERE, "", iae);
+                    String msg = sm
+                        .getString("me.access_denied", method.getName());
+                    exception[0] = new ResourceException(msg);
+                } catch (IllegalArgumentException ie) {
+                    _logger.log(Level.SEVERE, "jdbc.exc_jb_val", values);
+                    _logger.log(Level.SEVERE, "", ie);
+                    String msg = sm
+                        .getString("me.illegal_args", method.getName());
+                    exception[0] = new ResourceException(msg);
+                }
+                return null;
+            }
+        });
+        if( exception[0] != null){
+            throw exception[0];
         }
     }
 
@@ -225,7 +246,7 @@ private Object convertType(Class type, String parameter) throws ResourceExceptio
     public Object invokeMethod(Object object, String methodName, 
             Class<?>[] valueTypes, Object... values) throws ResourceException {
         Object returnValue = null;
-        Method actualMethod = null;
+        Method actualMethod ;
         try {
             actualMethod = object.getClass().getMethod(methodName, valueTypes);
         } catch (NoSuchMethodException ex) {
@@ -235,13 +256,17 @@ public Object invokeMethod(Object object, String methodName,
         }
         if (actualMethod != null) {
             try {
-                returnValue = actualMethod.invoke(object, values);
-            } catch (IllegalAccessException ex) {
-                throw new ResourceException(ex);
-            } catch (IllegalArgumentException ex) {
-                throw new ResourceException(ex);
-            } catch (InvocationTargetException ex) {
-                throw new ResourceException(ex);
+                returnValue = AccessController.doPrivileged(
+                    (PrivilegedExceptionAction<Object>) () -> {
+                            actualMethod.setAccessible(true);
+                            return actualMethod.invoke(object, values);
+                    });
+            } catch (PrivilegedActionException e) {
+                if(e.getException() != null){
+                    throw new ResourceException(e.getException());
+                }else{
+                    throw new ResourceException(e);
+                }
             }
         }
         return returnValue;