I understand that if we place Hibernate Validation annotations on the private fields, this won't work on the restrictive SecurityManager. The question is if I don't put them and only use annotations on public getters, does it still look at the private fields? I'd like my app be as much compliant as possible and don't want HV to access private members of classes.
PS: validator has several methods and we can, let's say, choose to work only with fields, but I don't access HV directly, it's done by Hibernate & Spring under the hood.

if your getter and setter don't do anything but returning and setting the field value respectively, then yes it will work fine to annotate your getter.