4.3.2.final patch

[hferentschik]

For 4.3.2 I only applied the HV-912 changes. I did not move ConstraintMapping as on master (part of the "reducing accessibility of some classes and methhods". I think it is technically not necessary and it could break existing clients. @gunnarmorling, wdyt?

[hferentschik]

@gunnarmorling any chance you can run this version with a security manager enabled?

[cloudbees-pull-request-builder]

HV-5-MASTER #514 FAILURE
Looks like there's a problem with this pull request

[gunnarmorling]

This should not be public.

[gunnarmorling]

I think it is technically not necessary and it could break existing clients.

Makes sense. I had moved it to reduce some visibilities but we cannot do it in 4.3 as we don't have the IF/class split for it there.

[gunnarmorling]

Interesting, was this part of the original change? Not that it does harm, just wondering.

[hferentschik]

it was directly added by your changes, but the version on 4.3 did not have an equals at all. I thought it would not harm. On the other hand hashCode is missing, so I probably just get rid of it altogether.

[gunnarmorling]

@gunnarmorling any chance you can run this version with a security manager enabled?

Yes, I'll give it a try.

[gunnarmorling]

I'm seeing one permission issue, but I'm not totally clear about the cause. ValidationXmlParser cannot access the XML mapping files in the TCK JAR. I need to assign the following permission to the HV code base:

permission java.io.FilePermission "/path/to/jsr303-tck-1.0.6.GA.jar", "read";

That's not required on master. I'm wondering whether it's related to that special classloader which is used in the 1.0 TCK. Does this ring a bell in any way?

[hferentschik]

Pushed a forced update to apply review comments

[cloudbees-pull-request-builder]

HV-5-MASTER #517 FAILURE
Looks like there's a problem with this pull request

[gunnarmorling]

One more test is failing when running with a security manager, ConstraintDefinitionsTest. This is due to annotation methods not being set to accessible before invoking them which has been fixed upstream with HV-843. For the sake of completeness, we should backport this fix I guess. Relevance in practice is rather low as it only is a problem for package-private constraint types, so we could also ignore that one test failure. WDYT?

[hferentschik]

That's not required on master. I'm wondering whether it's related to that special classloader which is used in the 1.0 TCK. Does this ring a bell in any way?

Not really. Obviously the harness is executed differently. On the 4.3 branch is was something homegrown and on master it is Arquillian. How do you run the tests? In container or not?

[hferentschik]

One more test is failing when running with a security manager, ConstraintDefinitionsTest. This is due to annotation methods not being set to accessible before invoking them which has been fixed upstream with HV-843.

I remember vaguely.

For the sake of completeness, we should backport this fix I guess.

I see how hard it is to apply.

Relevance in practice is rather low as it only is a problem for package-private constraint types

Sure. Let me have a quick look.

[hferentschik]

I added a commit with the HV-843 backport. @gunnarmorling, could you check again?

[cloudbees-pull-request-builder]

HV-5-MASTER #518 FAILURE
Looks like there's a problem with this pull request

[gunnarmorling]

@hferentschik, Ah you pushed another update with the JAXB fix already, right?

[hferentschik]

Ah you pushed another update with the JAXB fix already, right?

yes

[cloudbees-pull-request-builder]

HV-5-MASTER #521 FAILURE
Looks like there's a problem with this pull request

[hferentschik]

thanks.