Return-Path: Delivered-To: apmail-geronimo-scm-archive@www.apache.org Received: (qmail 24491 invoked from network); 22 Jul 2009 20:10:48 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 22 Jul 2009 20:10:48 -0000 Received: (qmail 57655 invoked by uid 500); 22 Jul 2009 20:11:53 -0000 Delivered-To: apmail-geronimo-scm-archive@geronimo.apache.org Received: (qmail 57577 invoked by uid 500); 22 Jul 2009 20:11:53 -0000 Mailing-List: contact scm-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list scm@geronimo.apache.org Received: (qmail 57568 invoked by uid 99); 22 Jul 2009 20:11:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Jul 2009 20:11:53 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 22 Jul 2009 20:11:40 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id 0AC012388891; Wed, 22 Jul 2009 20:11:19 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r796863 - in /geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint: ./ container/ utils/ Date: Wed, 22 Jul 2009 20:11:18 -0000 To: scm@geronimo.apache.org From: gawor@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20090722201119.0AC012388891@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: gawor Date: Wed Jul 22 20:11:18 2009 New Revision: 796863 URL: http://svn.apache.org/viewvc?rev=796863&view=rev Log: more security checks Modified: geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/ExtendedBlueprintContainer.java geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/AggregateConverter.java geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BeanRecipe.java geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BlueprintContainerImpl.java geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/utils/ReflectionUtils.java Modified: geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/ExtendedBlueprintContainer.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/ExtendedBlueprintContainer.java?rev=796863&r1=796862&r2=796863&view=diff ============================================================================== --- geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/ExtendedBlueprintContainer.java (original) +++ geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/ExtendedBlueprintContainer.java Wed Jul 22 20:11:18 2009 @@ -16,6 +16,7 @@ */ package org.apache.geronimo.blueprint; +import java.security.AccessControlContext; import java.util.Dictionary; import java.util.List; @@ -55,5 +56,7 @@ ServiceRegistration registerService(String[] classes, Object service, Dictionary properties); Object getService(ServiceReference reference); + + AccessControlContext getAccessControlContext(); } Modified: geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/AggregateConverter.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/AggregateConverter.java?rev=796863&r1=796862&r2=796863&view=diff ============================================================================== --- geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/AggregateConverter.java (original) +++ geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/AggregateConverter.java Wed Jul 22 20:11:18 2009 @@ -40,6 +40,8 @@ import org.apache.geronimo.blueprint.ExtendedBlueprintContainer; import org.apache.geronimo.blueprint.di.CollectionRecipe; import org.apache.geronimo.blueprint.di.MapRecipe; +import org.apache.geronimo.blueprint.utils.ReflectionUtils; + import static org.apache.geronimo.blueprint.utils.ReflectionUtils.getRealCause; import org.osgi.service.blueprint.container.ReifiedType; import org.osgi.service.blueprint.container.Converter; @@ -244,7 +246,7 @@ } } - private static Object createObject(String value, Class type) throws Exception { + private Object createObject(String value, Class type) throws Exception { if (type.isInterface() || Modifier.isAbstract(type.getModifiers())) { throw new Exception("Unable to convert value " + value + " to type " + type + ". Type " + type + " is an interface or an abstract class"); } @@ -255,15 +257,16 @@ throw new RuntimeException("Unable to convert to " + type); } try { - return constructor.newInstance(value); + return ReflectionUtils.newInstance(blueprintContainer.getAccessControlContext(), constructor, value); } catch (Exception e) { throw new Exception("Unable to convert ", getRealCause(e)); } } - + private Object convertToCollection(Object obj, ReifiedType type) throws Exception { ReifiedType valueType = type.getActualTypeArgument(0); - Collection newCol = (Collection) CollectionRecipe.getCollection(toClass(type)).newInstance(); + Collection newCol = (Collection) ReflectionUtils.newInstance(blueprintContainer.getAccessControlContext(), + CollectionRecipe.getCollection(toClass(type))); if (obj.getClass().isArray()) { for (int i = 0; i < Array.getLength(obj); i++) { try { @@ -313,7 +316,8 @@ private Object convertToMap(Object obj, ReifiedType type) throws Exception { ReifiedType keyType = type.getActualTypeArgument(0); ReifiedType valueType = type.getActualTypeArgument(1); - Map newMap = (Map) MapRecipe.getMap(toClass(type)).newInstance(); + Map newMap = (Map) ReflectionUtils.newInstance(blueprintContainer.getAccessControlContext(), + MapRecipe.getMap(toClass(type))); if (obj instanceof Dictionary) { Dictionary dic = (Dictionary) obj; for (Enumeration keyEnum = dic.keys(); keyEnum.hasMoreElements();) { @@ -370,7 +374,7 @@ Class u = primitives.get(c); return u != null ? u : c; } - + private static final Map primitives; static { primitives = new HashMap(); Modified: geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BeanRecipe.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BeanRecipe.java?rev=796863&r1=796862&r2=796863&view=diff ============================================================================== --- geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BeanRecipe.java (original) +++ geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BeanRecipe.java Wed Jul 22 20:11:18 2009 @@ -197,7 +197,7 @@ if (matches.size() == 1) { try { Map.Entry> match = matches.entrySet().iterator().next(); - instance = match.getKey().invoke(factoryObj, match.getValue().toArray()); + instance = invoke(match.getKey(), factoryObj, match.getValue().toArray()); } catch (Throwable e) { throw new ComponentDefinitionException("Error when instanciating bean " + getName() + " of class " + getType(), getRealCause(e)); } @@ -212,7 +212,7 @@ if (matches.size() == 1) { try { Map.Entry> match = matches.entrySet().iterator().next(); - instance = match.getKey().invoke(null, match.getValue().toArray()); + instance = invoke(match.getKey(), null, match.getValue().toArray()); } catch (Throwable e) { throw new ComponentDefinitionException("Error when instanciating bean " + getName() + " of class " + getType(), getRealCause(e)); } @@ -230,7 +230,7 @@ if (matches.size() == 1) { try { Map.Entry> match = matches.entrySet().iterator().next(); - instance = match.getKey().newInstance(match.getValue().toArray()); + instance = newInstance(match.getKey(), match.getValue().toArray()); } catch (Throwable e) { throw new ComponentDefinitionException("Error when instanciating bean " + getName() + " of class " + getType(), getRealCause(e)); } @@ -507,7 +507,7 @@ // call init method if (initMethod != null) { try { - initMethod.invoke(obj); + invoke(initMethod, obj, null); } catch (Throwable t) { LOGGER.info("Error invoking init method", getRealCause(t)); throw new ComponentDefinitionException("Unable to intialize bean " + getName(), getRealCause(t)); @@ -524,7 +524,7 @@ try { Method method = getDestroyMethod(obj); if (method != null) { - method.invoke(obj); + invoke(method, obj, null); } } catch (Exception e) { LOGGER.info("Error invoking destroy method", getRealCause(e)); @@ -539,7 +539,7 @@ Method method = getDestroyMethod(instance); if (method != null) { try { - method.invoke(instance); + invoke(method, instance, null); } catch (Throwable e) { LOGGER.info("Error destroying bean " + getName(), getRealCause(e)); } @@ -579,7 +579,7 @@ Method getter = getPropertyDescriptor(clazz, names[i]).getGetter(); if (getter != null) { try { - instance = getter.invoke(instance); + instance = invoke(getter, instance, null); clazz = instance.getClass(); } catch (Exception e) { throw new ComponentDefinitionException("Error getting property: " + names[i] + " on bean " + getName() + " when setting property " + propertyName + " on class " + clazz.getName(), getRealCause(e)); @@ -608,7 +608,7 @@ } try { // set value - setter.invoke(instance, propertyValue); + invoke(setter, instance, propertyValue); } catch (Exception e) { throw new ComponentDefinitionException("Error setting property: " + setter, getRealCause(e)); } @@ -625,7 +625,15 @@ } throw new ComponentDefinitionException("Unable to find property descriptor " + name + " on class " + clazz.getName()); } - + + private Object invoke(Method method, Object instance, Object... args) throws Exception { + return ReflectionUtils.invoke(blueprintContainer.getAccessControlContext(), method, instance, args); + } + + private Object newInstance(Constructor constructor, Object... args) throws Exception { + return ReflectionUtils.newInstance(blueprintContainer.getAccessControlContext(), constructor, args); + } + private static Object UNMATCHED = new Object(); private class ArgumentMatcher { Modified: geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BlueprintContainerImpl.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BlueprintContainerImpl.java?rev=796863&r1=796862&r2=796863&view=diff ============================================================================== --- geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BlueprintContainerImpl.java (original) +++ geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BlueprintContainerImpl.java Wed Jul 22 20:11:18 2009 @@ -149,7 +149,7 @@ this.executors = executors; this.processors = new ArrayList(); if (System.getSecurityManager() != null) { - this.accessControlContext = getAccessControlContext(); + this.accessControlContext = createAccessControlContext(); } } @@ -398,7 +398,7 @@ } } - private AccessControlContext getAccessControlContext() { + private AccessControlContext createAccessControlContext() { return new AccessControlContext(AccessController.getContext(), new DomainCombiner() { public ProtectionDomain[] combine(ProtectionDomain[] arg0, @@ -413,6 +413,10 @@ }); } + public AccessControlContext getAccessControlContext() { + return accessControlContext; + } + public BlueprintRepository getRepository() { if (repository == null) { repository = new RecipeBuilder(this).createRepository(); Modified: geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/utils/ReflectionUtils.java URL: http://svn.apache.org/viewvc/geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/utils/ReflectionUtils.java?rev=796863&r1=796862&r2=796863&view=diff ============================================================================== --- geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/utils/ReflectionUtils.java (original) +++ geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/utils/ReflectionUtils.java Wed Jul 22 20:11:18 2009 @@ -25,6 +25,10 @@ import java.lang.reflect.Type; import java.lang.ref.Reference; import java.lang.ref.SoftReference; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -197,6 +201,54 @@ return new String(chars); } + public static Object invoke(AccessControlContext acc, final Method method, final Object instance, final Object... args) throws Exception { + if (acc == null) { + return method.invoke(instance, args); + } else { + try { + return AccessController.doPrivileged(new PrivilegedExceptionAction() { + public Object run() throws Exception { + return method.invoke(instance, args); + } + }, acc); + } catch (PrivilegedActionException e) { + throw e.getException(); + } + } + } + + public static Object newInstance(AccessControlContext acc, final Class clazz) throws Exception { + if (acc == null) { + return clazz.newInstance(); + } else { + try { + return AccessController.doPrivileged(new PrivilegedExceptionAction() { + public Object run() throws Exception { + return clazz.newInstance(); + } + }, acc); + } catch (PrivilegedActionException e) { + throw e.getException(); + } + } + } + + public static Object newInstance(AccessControlContext acc, final Constructor constructor, final Object... args) throws Exception { + if (acc == null) { + return constructor.newInstance(args); + } else { + try { + return AccessController.doPrivileged(new PrivilegedExceptionAction() { + public Object run() throws Exception { + return constructor.newInstance(args); + } + }, acc); + } catch (PrivilegedActionException e) { + throw e.getException(); + } + } + } + public static class PropertyDescriptor { private String name; private Class type;