cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dk...@apache.org
Subject [cxf] 09/16: Avoid Java 2 security issue in RefAuthenticator
Date Tue, 03 Nov 2020 16:48:45 GMT
This is an automated email from the ASF dual-hosted git repository.

dkulp pushed a commit to branch 3.3.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit 58539be7c6367b0e7db354cd90467fe006ddef57
Author: Andy McCright <j.andrew.mccright@gmail.com>
AuthorDate: Thu Oct 1 16:58:26 2020 -0500

    Avoid Java 2 security issue in RefAuthenticator
    
    Signed-off-by: Andy McCright <j.andrew.mccright@gmail.com>
    (cherry picked from commit b38cf61354380fef8b23e44623a290daf67297fc)
---
 .../java/org/apache/cxf/transport/http/ReferencingAuthenticator.java  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/ReferencingAuthenticator.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/ReferencingAuthenticator.java
index 8ee0282..547f7df 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/ReferencingAuthenticator.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/ReferencingAuthenticator.java
@@ -26,6 +26,8 @@ import java.lang.reflect.Modifier;
 import java.net.Authenticator;
 import java.net.PasswordAuthentication;
 
+import org.apache.cxf.common.util.ReflectionUtil;
+
 public class ReferencingAuthenticator extends Authenticator {
     final Reference<Authenticator> auth;
     final Authenticator wrapped;
@@ -120,7 +122,7 @@ public class ReferencingAuthenticator extends Authenticator {
         if (a == null) {
             return null;
         }
-        for (final Field f : Authenticator.class.getDeclaredFields()) {
+        for (final Field f : ReflectionUtil.getDeclaredFields(Authenticator.class)) {
             if (!Modifier.isStatic(f.getModifiers())) {
                 f.setAccessible(true);
                 Object o = f.get(this);


Mime
View raw message