Skip to content
Snippets Groups Projects
Commit a2fbe9ef authored by Emmanuel Bourg's avatar Emmanuel Bourg
Browse files

New upstream version 5.3.6

parent 761f3cd0
No related branches found
No related tags found
No related merge requests found
Showing
with 223 additions and 13 deletions
# Hibernate Validator
*Version: 5.3.5.Final - 15-03-2017*
*Version: 5.3.6.Final - 19-10-2017*
## What is it?
......@@ -35,7 +35,7 @@ Logging will delegate any log requests to that provider.
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>5.3.5.Final</version>
<version>5.3.6.Final</version>
</dependency>
You also need an API and implementation of the Unified Expression Language. These dependencies must be explicitly added in an SE environment.
......@@ -59,7 +59,7 @@ extension by adding the following dependency:
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator-cdi</artifactId>
<version>5.3.5.Final</version>
<version>5.3.6.Final</version>
</dependency>
* _hibernate-validator-annotation-processor-&lt;version&gt;.jar_ is an optional jar which can be integrated with your build
......
......@@ -11,7 +11,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
<version>5.3.5.Final</version>
<version>5.3.6.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
......
......@@ -11,7 +11,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
<version>5.3.5.Final</version>
<version>5.3.6.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
......
......@@ -11,7 +11,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
<version>5.3.5.Final</version>
<version>5.3.6.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
......
Hibernate Validator Changelog
=============================
5.3.6.Final (19-10-2017)
-------------------------
** Bug
* HV-1498 - engine - Privilege escalation when running under the security manager
* HV-1494 - validators - Hibernate Validator specific @NotEmpty used on return type throws an exception
** Improvement
* HV-1454 - build - Support JDK 9 build 180
5.3.5.Final (15-03-2017)
-------------------------
......
......@@ -10,7 +10,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
<version>5.3.5.Final</version>
<version>5.3.6.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
......
......@@ -11,7 +11,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
<version>5.3.5.Final</version>
<version>5.3.6.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
......
......@@ -106,6 +106,8 @@ grant codeBase "file:path/to/hibernate-validator-{hvVersion}.jar" {
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.RuntimePermission "setContextClassLoader";
permission org.hibernate.validator.HibernateValidatorPermission "accessPrivateMembers";
// Only needed when working with XML descriptors (validation.xml or XML constraint mappings)
permission java.util.PropertyPermission "mapAnyUriToUri", "read";
};
......
......@@ -10,7 +10,7 @@
<parent>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator-parent</artifactId>
<version>5.3.5.Final</version>
<version>5.3.6.Final</version>
</parent>
<artifactId>hibernate-validator-engine-jdk8-tests</artifactId>
......
......@@ -11,7 +11,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
<version>5.3.5.Final</version>
<version>5.3.6.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
......
/*
* Hibernate Validator, declare and validate application constraints
*
* License: Apache License, Version 2.0
* See the license.txt file in the root directory or <http://www.apache.org/licenses/LICENSE-2.0>.
*/
package org.hibernate.validator;
import java.security.BasicPermission;
/**
* Our specific implementation of {@link BasicPermission} as we cannot define additional {@link RuntimePermission}.
* <p>
* {@code HibernateValidatorPermission} is thread-safe and immutable.
*
* @author Guillaume Smet
*/
public class HibernateValidatorPermission extends BasicPermission {
public static final HibernateValidatorPermission ACCESS_PRIVATE_MEMBERS = new HibernateValidatorPermission( "accessPrivateMembers" );
public HibernateValidatorPermission(String name) {
super( name );
}
public HibernateValidatorPermission(String name, String actions) {
super( name, actions );
}
}
......@@ -14,6 +14,8 @@
import javax.validation.ReportAsSingleViolation;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Size;
import javax.validation.constraintvalidation.SupportedValidationTarget;
import javax.validation.constraintvalidation.ValidationTarget;
import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
import static java.lang.annotation.ElementType.CONSTRUCTOR;
......@@ -30,6 +32,7 @@
*/
@Documented
@Constraint(validatedBy = { })
@SupportedValidationTarget(ValidationTarget.ANNOTATED_ELEMENT)
@Target({ METHOD, FIELD, ANNOTATION_TYPE, CONSTRUCTOR, PARAMETER })
@Retention(RUNTIME)
@ReportAsSingleViolation
......
......@@ -15,6 +15,8 @@
import javax.validation.ReportAsSingleViolation;
import javax.validation.constraints.Max;
import javax.validation.constraints.Min;
import javax.validation.constraintvalidation.SupportedValidationTarget;
import javax.validation.constraintvalidation.ValidationTarget;
import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
import static java.lang.annotation.ElementType.CONSTRUCTOR;
......@@ -31,6 +33,7 @@
*/
@Documented
@Constraint(validatedBy = { })
@SupportedValidationTarget(ValidationTarget.ANNOTATED_ELEMENT)
@Target({ METHOD, FIELD, ANNOTATION_TYPE, CONSTRUCTOR, PARAMETER })
@Retention(RUNTIME)
@Min(0)
......
......@@ -13,6 +13,8 @@
import javax.validation.Payload;
import javax.validation.ReportAsSingleViolation;
import javax.validation.constraints.Pattern;
import javax.validation.constraintvalidation.SupportedValidationTarget;
import javax.validation.constraintvalidation.ValidationTarget;
import org.hibernate.validator.constraints.Mod11Check;
import org.hibernate.validator.constraints.Mod11Check.List;
......@@ -42,6 +44,7 @@
@ReportAsSingleViolation
@Documented
@Constraint(validatedBy = { })
@SupportedValidationTarget(ValidationTarget.ANNOTATED_ELEMENT)
@Target({ METHOD, FIELD, ANNOTATION_TYPE, CONSTRUCTOR, PARAMETER })
@Retention(RUNTIME)
public @interface TituloEleitoral {
......
......@@ -40,6 +40,7 @@
import javax.validation.groups.Default;
import javax.validation.metadata.BeanDescriptor;
import org.hibernate.validator.HibernateValidatorPermission;
import org.hibernate.validator.internal.engine.ValidationContext.ValidationContextBuilder;
import org.hibernate.validator.internal.engine.constraintvalidation.ConstraintValidatorManager;
import org.hibernate.validator.internal.engine.groups.Group;
......@@ -1771,6 +1772,11 @@ private Member getAccessible(Member original) {
return member;
}
SecurityManager sm = System.getSecurityManager();
if ( sm != null ) {
sm.checkPermission( HibernateValidatorPermission.ACCESS_PRIVATE_MEMBERS );
}
Class<?> clazz = original.getDeclaringClass();
if ( original instanceof Field ) {
......
......@@ -25,6 +25,7 @@
import javax.validation.ElementKind;
import javax.validation.metadata.GroupConversionDescriptor;
import org.hibernate.validator.HibernateValidatorPermission;
import org.hibernate.validator.internal.engine.valuehandling.UnwrapMode;
import org.hibernate.validator.internal.metadata.core.ConstraintHelper;
import org.hibernate.validator.internal.metadata.core.MetaConstraint;
......@@ -119,6 +120,11 @@ private static Member getAccessible(Member original) {
return original;
}
SecurityManager sm = System.getSecurityManager();
if ( sm != null ) {
sm.checkPermission( HibernateValidatorPermission.ACCESS_PRIVATE_MEMBERS );
}
Class<?> clazz = original.getDeclaringClass();
Member member;
......
......@@ -31,7 +31,6 @@ private GetDeclaredField(Class<?> clazz, String fieldName) {
public Field run() {
try {
final Field field = clazz.getDeclaredField( fieldName );
field.setAccessible( true );
return field;
}
catch (NoSuchFieldException e) {
......
/*
* Hibernate Validator, declare and validate application constraints
*
* License: Apache License, Version 2.0
* See the license.txt file in the root directory or <http://www.apache.org/licenses/LICENSE-2.0>.
*/
package org.hibernate.validator.test.internal.engine.methodvalidation;
import static java.lang.annotation.ElementType.ANNOTATION_TYPE;
import static java.lang.annotation.ElementType.CONSTRUCTOR;
import static java.lang.annotation.ElementType.FIELD;
import static java.lang.annotation.ElementType.METHOD;
import static java.lang.annotation.ElementType.PARAMETER;
import static java.lang.annotation.ElementType.TYPE_USE;
import static java.lang.annotation.RetentionPolicy.RUNTIME;
import static org.hibernate.validator.testutil.ConstraintViolationAssert.assertCorrectConstraintTypes;
import static org.hibernate.validator.testutil.ConstraintViolationAssert.assertNumberOfViolations;
import java.lang.annotation.Documented;
import java.lang.annotation.Retention;
import java.lang.annotation.Target;
import java.util.Set;
import javax.validation.Constraint;
import javax.validation.ConstraintViolation;
import javax.validation.Payload;
import javax.validation.ReportAsSingleViolation;
import javax.validation.Validator;
import javax.validation.constraints.NotNull;
import javax.validation.constraints.Pattern;
import javax.validation.constraints.Size;
import javax.validation.constraintvalidation.SupportedValidationTarget;
import javax.validation.constraintvalidation.ValidationTarget;
import org.hibernate.validator.constraints.NotEmpty;
import org.hibernate.validator.testutil.TestForIssue;
import org.hibernate.validator.testutils.ValidatorUtil;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;
/**
* @author Marko Bekhta
*/
public class PureCompositeConstraintsOnReturnValueTest {
private Validator validator;
private Foo foo;
@BeforeMethod
public void setUp() throws Exception {
validator = ValidatorUtil.getValidator();
foo = new Foo( "" );
}
@Test
@TestForIssue( jiraKey = "HV-1494")
public void testHVSpecificNotEmpty() throws Exception {
Set<ConstraintViolation<Foo>> violations = validator.forExecutables()
.validateReturnValue(
foo,
Foo.class.getDeclaredMethod( "createBarString", String.class ),
""
);
assertCorrectConstraintTypes( violations, NotEmpty.class );
violations = validator.forExecutables()
.validateReturnValue(
foo,
Foo.class.getDeclaredMethod( "createBarString", String.class ),
" "
);
assertNumberOfViolations( violations, 0 );
}
@Test
@TestForIssue( jiraKey = "HV-1494")
public void testCustomComposingConstraintOnReturnValue() throws Exception {
Set<ConstraintViolation<Foo>> violations = validator.forExecutables()
.validateReturnValue(
foo,
Foo.class.getDeclaredMethod( "createCustomBarString", String.class ),
"a"
);
assertCorrectConstraintTypes( violations, CustomCompositeConstraint.class );
violations = validator.forExecutables()
.validateReturnValue(
foo,
Foo.class.getDeclaredMethod( "createCustomBarString", String.class ),
"1"
);
assertNumberOfViolations( violations, 0 );
}
@Test
@TestForIssue( jiraKey = "HV-1494")
public void testCustomComposingConstraintOnParameters() throws Exception {
Set<ConstraintViolation<Foo>> violations = validator.forExecutables()
.validateParameters(
foo,
Foo.class.getDeclaredMethod( "createCustomBarString", String.class ),
new String[] { "abc" }
);
assertCorrectConstraintTypes( violations, CustomCompositeConstraint.class );
violations = validator.forExecutables()
.validateParameters(
foo,
Foo.class.getDeclaredMethod( "createCustomBarString", String.class ),
new String[] { "1" }
);
assertNumberOfViolations( violations, 0 );
}
private static class Foo {
private String bar;
public Foo(String bar) {
this.bar = bar;
}
@NotEmpty
public String createBarString(String a) {
return bar;
}
@CustomCompositeConstraint
public String createCustomBarString(@CustomCompositeConstraint String a) {
return bar;
}
}
@Documented
@Constraint(validatedBy = { })
@SupportedValidationTarget(ValidationTarget.ANNOTATED_ELEMENT)
@Target({ METHOD, FIELD, ANNOTATION_TYPE, CONSTRUCTOR, PARAMETER, TYPE_USE })
@Retention(RUNTIME)
@ReportAsSingleViolation
@NotNull
@Size(min = 1)
@Pattern(regexp = "\\d*")
public @interface CustomCompositeConstraint {
String message() default "no message";
Class<?>[] groups() default { };
Class<? extends Payload>[] payload() default { };
}
}
......@@ -11,7 +11,7 @@
<parent>
<artifactId>hibernate-validator-parent</artifactId>
<groupId>org.hibernate</groupId>
<version>5.3.5.Final</version>
<version>5.3.6.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
......
......@@ -11,7 +11,7 @@
<parent>
<artifactId>hibernate-validator-osgi</artifactId>
<groupId>org.hibernate</groupId>
<version>5.3.5.Final</version>
<version>5.3.6.Final</version>
<relativePath>../pom.xml</relativePath>
</parent>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment