This is an automated email from the ASF dual-hosted git repository.
dkulp pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git
commit 58539be7c6367b0e7db354cd90467fe006ddef57
Author: Andy McCright <j.andrew.mccright@gmail.com>
AuthorDate: Thu Oct 1 16:58:26 2020 -0500
Avoid Java 2 security issue in RefAuthenticator
Signed-off-by: Andy McCright <j.andrew.mccright@gmail.com>
(cherry picked from commit b38cf61354380fef8b23e44623a290daf67297fc)
---
.../java/org/apache/cxf/transport/http/ReferencingAuthenticator.java | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/ReferencingAuthenticator.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/ReferencingAuthenticator.java
index 8ee0282..547f7df 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/ReferencingAuthenticator.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/ReferencingAuthenticator.java
@@ -26,6 +26,8 @@ import java.lang.reflect.Modifier;
import java.net.Authenticator;
import java.net.PasswordAuthentication;
+import org.apache.cxf.common.util.ReflectionUtil;
+
public class ReferencingAuthenticator extends Authenticator {
final Reference<Authenticator> auth;
final Authenticator wrapped;
@@ -120,7 +122,7 @@ public class ReferencingAuthenticator extends Authenticator {
if (a == null) {
return null;
}
- for (final Field f : Authenticator.class.getDeclaredFields()) {
+ for (final Field f : ReflectionUtil.getDeclaredFields(Authenticator.class)) {
if (!Modifier.isStatic(f.getModifiers())) {
f.setAccessible(true);
Object o = f.get(this);
|