Return-Path: Delivered-To: apmail-incubator-felix-commits-archive@www.apache.org Received: (qmail 14061 invoked from network); 5 Dec 2005 19:37:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 5 Dec 2005 19:37:01 -0000 Received: (qmail 28501 invoked by uid 500); 5 Dec 2005 19:37:01 -0000 Delivered-To: apmail-incubator-felix-commits-archive@incubator.apache.org Received: (qmail 28455 invoked by uid 500); 5 Dec 2005 19:37:01 -0000 Mailing-List: contact felix-commits-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: felix-dev@incubator.apache.org Delivered-To: mailing list felix-commits@incubator.apache.org Received: (qmail 28443 invoked by uid 99); 5 Dec 2005 19:37:01 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Dec 2005 11:37:01 -0800 X-ASF-Spam-Status: No, hits=-9.4 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [209.237.227.194] (HELO minotaur.apache.org) (209.237.227.194) by apache.org (qpsmtpd/0.29) with SMTP; Mon, 05 Dec 2005 11:37:00 -0800 Received: (qmail 13879 invoked by uid 65534); 5 Dec 2005 19:36:40 -0000 Message-ID: <20051205193640.13807.qmail@minotaur.apache.org> Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r354144 - in /incubator/felix/trunk/framework/src/org/apache/felix/framework: URLHandlers.java util/SecureAction.java Date: Mon, 05 Dec 2005 19:36:38 -0000 To: felix-commits@incubator.apache.org From: rickhall@apache.org X-Mailer: svnmailer-1.0.5 X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Author: rickhall Date: Mon Dec 5 11:36:35 2005 New Revision: 354144 URL: http://svn.apache.org/viewcvs?rev=354144&view=rev Log: Added some doPrivileged() blocks to URL Handlers. The new SecureAction class is intended to be used framework-wide for code that needs to perform privileged actions; the goal is to consolidate similar security code into one place and eliminate the need for many different PrivilegedAction classes. Added: incubator/felix/trunk/framework/src/org/apache/felix/framework/util/SecureAction.java (with props) Modified: incubator/felix/trunk/framework/src/org/apache/felix/framework/URLHandlers.java Modified: incubator/felix/trunk/framework/src/org/apache/felix/framework/URLHandlers.java URL: http://svn.apache.org/viewcvs/incubator/felix/trunk/framework/src/org/apache/felix/framework/URLHandlers.java?rev=354144&r1=354143&r2=354144&view=diff ============================================================================== --- incubator/felix/trunk/framework/src/org/apache/felix/framework/URLHandlers.java (original) +++ incubator/felix/trunk/framework/src/org/apache/felix/framework/URLHandlers.java Mon Dec 5 11:36:35 2005 @@ -19,8 +19,7 @@ import java.net.*; import java.util.*; -import org.apache.felix.framework.util.FelixConstants; -import org.apache.felix.framework.util.SecurityManagerEx; +import org.apache.felix.framework.util.*; import org.apache.felix.moduleloader.ModuleClassLoader; import org.osgi.framework.BundleContext; @@ -78,6 +77,8 @@ private static Map m_streamHandlerCache = null; private static Map m_contentHandlerCache = null; + private final static SecureAction m_secureAction = new SecureAction(); + /** *

* Only one instance of this class is created in a static initializer @@ -136,9 +137,7 @@ if (handler == null) { // Check for built-in handlers for the protocol. -// TODO: NEED TO DO A "DO PRIVILEGED" TO GET PROPERTY. -// TODO: USE CONFIG. - String pkgs = System.getProperty(STREAM_HANDLER_PACKAGE_PROP, ""); + String pkgs = m_secureAction.getProperty(STREAM_HANDLER_PACKAGE_PROP, ""); pkgs = (pkgs.equals("")) ? DEFAULT_STREAM_HANDLER_PACKAGE : pkgs + "|" + DEFAULT_STREAM_HANDLER_PACKAGE; @@ -153,8 +152,7 @@ { // If a built-in handler is found then let the // JRE handle it. -// TODO: USE DO PRIVILEGED. - if (Class.forName(className) != null) + if (m_secureAction.forName(className) != null) { return null; } @@ -205,9 +203,7 @@ if (handler == null) { // Check for built-in handlers for the mime type. -// TODO: NEED TO DO A "DO PRIVILEGED" TO GET PROPERTY. -// TODO: USE CONFIG. - String pkgs = System.getProperty(CONTENT_HANDLER_PACKAGE_PROP, ""); + String pkgs = m_secureAction.getProperty(CONTENT_HANDLER_PACKAGE_PROP, ""); pkgs = (pkgs.equals("")) ? DEFAULT_CONTENT_HANDLER_PACKAGE : pkgs + "|" + DEFAULT_CONTENT_HANDLER_PACKAGE; @@ -225,8 +221,7 @@ { // If a built-in handler is found then let the // JRE handle it. -// TODO: USE DO PRIVILEGED. - if (Class.forName(className) != null) + if (m_secureAction.forName(className) != null) { return null; } Added: incubator/felix/trunk/framework/src/org/apache/felix/framework/util/SecureAction.java URL: http://svn.apache.org/viewcvs/incubator/felix/trunk/framework/src/org/apache/felix/framework/util/SecureAction.java?rev=354144&view=auto ============================================================================== --- incubator/felix/trunk/framework/src/org/apache/felix/framework/util/SecureAction.java (added) +++ incubator/felix/trunk/framework/src/org/apache/felix/framework/util/SecureAction.java Mon Dec 5 11:36:35 2005 @@ -0,0 +1,109 @@ +/* + * Copyright 2005 The Apache Software Foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ +package org.apache.felix.framework.util; + +import java.security.*; + +public class SecureAction +{ + private AccessControlContext m_acc = null; + + public SecureAction() + { + m_acc = AccessController.getContext(); + } + + public String getProperty(String name, String def) + { + if (System.getSecurityManager() != null) + { + try + { + return (String) AccessController.doPrivileged( + new Actions(Actions.GET_PROPERTY_ACTION, name, def), m_acc); + } + catch (PrivilegedActionException ex) + { + throw (RuntimeException) ex.getException(); + } + } + else + { + return System.getProperty(name, def); + } + } + + public Class forName(String name) throws ClassNotFoundException + { + if (System.getSecurityManager() != null) + { + try + { + return (Class) AccessController.doPrivileged( + new Actions(Actions.FOR_NAME_ACTION, name), m_acc); + } + catch (PrivilegedActionException ex) + { + if (ex.getException() instanceof ClassNotFoundException) + { + throw (ClassNotFoundException) ex.getException(); + } + throw (RuntimeException) ex.getException(); + } + } + else + { + return Class.forName(name); + } + } + + private static class Actions implements PrivilegedExceptionAction + { + public static final int GET_PROPERTY_ACTION = 0; + public static final int FOR_NAME_ACTION = 1; + + private int m_action = -1; + private Object m_arg1 = null; + private Object m_arg2 = null; + + public Actions(int action, Object arg1) + { + m_action = action; + m_arg1 = arg1; + } + + public Actions(int action, Object arg1, Object arg2) + { + m_action = action; + m_arg1 = arg1; + m_arg2 = arg2; + } + + public Object run() throws Exception + { + if (m_action == GET_PROPERTY_ACTION) + { + return System.getProperty((String) m_arg1, (String) m_arg2); + } + else if (m_action ==FOR_NAME_ACTION) + { + return Class.forName((String) m_arg1); + } + return null; + } + } +} \ No newline at end of file Propchange: incubator/felix/trunk/framework/src/org/apache/felix/framework/util/SecureAction.java ------------------------------------------------------------------------------ svn:eol-style = native