Return-Path: 
 <commits-return-7268-apmail-felix-commits-archive=felix.apache.org@felix.apache.org>
Delivered-To: apmail-felix-commits-archive@www.apache.org
Received: (qmail 90485 invoked from network); 19 Jun 2009 15:16:22 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 19 Jun 2009 15:16:22 -0000
Received: (qmail 74657 invoked by uid 500); 19 Jun 2009 15:16:32 -0000
Delivered-To: apmail-felix-commits-archive@felix.apache.org
Received: (qmail 74620 invoked by uid 500); 19 Jun 2009 15:16:32 -0000
Mailing-List: contact commits-help@felix.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:commits-help@felix.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@felix.apache.org>
List-Post: <mailto:commits@felix.apache.org>
List-Id: <commits.felix.apache.org>
Reply-To: dev@felix.apache.org
Delivered-To: mailing list commits@felix.apache.org
Received: (qmail 74582 invoked by uid 99); 19 Jun 2009 15:16:32 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Jun 2009 15:16:32 +0000
X-ASF-Spam-Status: No, hits=-2000.0 required=10.0
	tests=ALL_TRUSTED
X-Spam-Check-By: apache.org
Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4)
    by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 19 Jun 2009 15:16:29 +0000
Received: by eris.apache.org (Postfix, from userid 65534)
	id D8F152388892; Fri, 19 Jun 2009 15:16:07 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r786541 - in
 /felix/trunk/framework/src/main/java/org/apache/felix/framework/util:
 SecureAction.java ldap/Parser.java
Date: Fri, 19 Jun 2009 15:16:07 -0000
To: commits@felix.apache.org
From: rickhall@apache.org
X-Mailer: svnmailer-1.0.8
Message-Id: <20090619151607.D8F152388892@eris.apache.org>
X-Virus-Checked: Checked by ClamAV on apache.org

Author: rickhall
Date: Fri Jun 19 15:16:05 2009
New Revision: 786541

URL: http://svn.apache.org/viewvc?rev=786541&view=rev
Log:
Added support in LDAP evaluation for creating Comparable/unknown objects
with non-public constructors. (FELIX-1257)

Modified:
    felix/trunk/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java
    felix/trunk/framework/src/main/java/org/apache/felix/framework/util/ldap/Parser.java

Modified: felix/trunk/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java
URL: http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java?rev=786541&r1=786540&r2=786541&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java (original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/util/SecureAction.java Fri Jun 19 15:16:05 2009
@@ -25,7 +25,6 @@
 import java.util.Hashtable;
 import java.util.jar.JarFile;
 
-import org.apache.felix.framework.ModuleImpl;
 import org.osgi.framework.BundleActivator;
 import org.osgi.framework.BundleContext;
 
@@ -742,6 +741,27 @@
         }
     }
 
+    public void setAccesssible(Constructor ctor)
+    {
+        if (System.getSecurityManager() != null)
+        {
+            Actions actions = (Actions) m_actions.get();
+            actions.set(Actions.SET_ACCESSIBLE_ACTION, ctor);
+            try
+            {
+                AccessController.doPrivileged(actions, m_acc);
+            }
+            catch (PrivilegedActionException e)
+            {
+                throw (RuntimeException) e.getException();
+            }
+        }
+        else
+        {
+            ctor.setAccessible(true);
+        }
+    }
+
     public Object invoke(Method method, Object target, Object[] params) throws Exception
     {
         if (System.getSecurityManager() != null)
@@ -961,7 +981,8 @@
         public static final int GET_FIELD_ACTION = 31;
         public static final int GET_DECLAREDMETHOD_ACTION = 32;
         public static final int SET_ACCESSIBLE_ACTION = 33;
-        public static final int INVOKE_DIRECTMETHOD_ACTION = 34;
+        public static final int SET_ACCESSIBLE_CTOR_ACTION = 34;
+        public static final int INVOKE_DIRECTMETHOD_ACTION = 35;
 
         private int m_action = -1;
         private Object m_arg1 = null;
@@ -1188,6 +1209,10 @@
             {
                 ((Method) arg1).setAccessible(true);
             }
+            else if (action == SET_ACCESSIBLE_CTOR_ACTION)
+            {
+                ((Constructor) arg1).setAccessible(true);
+            }
 
             return null;
         }

Modified: felix/trunk/framework/src/main/java/org/apache/felix/framework/util/ldap/Parser.java
URL: http://svn.apache.org/viewvc/felix/trunk/framework/src/main/java/org/apache/felix/framework/util/ldap/Parser.java?rev=786541&r1=786540&r2=786541&view=diff
==============================================================================
--- felix/trunk/framework/src/main/java/org/apache/felix/framework/util/ldap/Parser.java (original)
+++ felix/trunk/framework/src/main/java/org/apache/felix/framework/util/ldap/Parser.java Fri Jun 19 15:16:05 2009
@@ -20,12 +20,17 @@
 
 import java.io.IOException;
 import java.io.PrintStream;
+import java.lang.reflect.Constructor;
 import java.math.BigDecimal;
 import java.math.BigInteger;
 import java.util.*;
+import org.apache.felix.framework.util.SecureAction;
 
 public class Parser
 {
+    // Secure action to make object constructors accessible.
+    private static final SecureAction m_secureAction = new SecureAction();
+
     //
     // Parser contants.
     //
@@ -1355,9 +1360,18 @@
                 }
                 else
                 {
-                    rhsComparable = (Comparable) lhs.getClass()
-                        .getConstructor(STRING_CLASS)
-                            .newInstance(new Object[] { rhs });
+                    // The constructor may not be public, so we need to make it
+                    // accessible in that case.
+                    Constructor ctor = lhs.getClass().getConstructor(STRING_CLASS);
+                    if (!ctor.isAccessible())
+                    {
+                        m_secureAction.setAccesssible(ctor);
+                    }
+                    // We don't invoke the constructor in a privileged block,
+                    // since we don't want to elevate the objects privileges.
+                    // If the object needs to, it should be doing a privileged
+                    // block internally.
+                    rhsComparable = (Comparable) ctor.newInstance(new Object[] { rhs });
                 }
             }
             catch (Exception ex)
@@ -1441,10 +1455,19 @@
             {
                 try
                 {
-                    Object rhsObject = lhsClass
-                        .getConstructor(STRING_CLASS)
-                            .newInstance(new Object[] { rhs });
-                        return lhs.equals(rhsObject);
+                    // The constructor may not be public, so we need to make it
+                    // accessible in that case.
+                    Constructor ctor = lhs.getClass().getConstructor(STRING_CLASS);
+                    if (!ctor.isAccessible())
+                    {
+                        m_secureAction.setAccesssible(ctor);
+                    }
+                    // We don't invoke the constructor in a privileged block,
+                    // since we don't want to elevate the objects privileges.
+                    // If the object needs to, it should be doing a privileged
+                    // block internally.
+                    Object rhsObject = ctor.newInstance(new Object[] { rhs });
+                    return lhs.equals(rhsObject);
                 }
                 catch (Exception ex)
                 {