incubator-bval-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From allee8...@apache.org
Subject svn commit: r1239676 - in /incubator/bval/trunk: bval-core/src/main/java/org/apache/bval/util/ bval-jsr303/src/main/java/org/apache/bval/jsr303/ bval-jsr303/src/main/java/org/apache/bval/jsr303/resolver/ bval-jsr303/src/main/java/org/apache/bval/jsr303...
Date Thu, 02 Feb 2012 15:39:36 GMT
Author: allee8285
Date: Thu Feb  2 15:39:35 2012
New Revision: 1239676

URL: http://svn.apache.org/viewvc?rev=1239676&view=rev
Log:
BVAL-100 Guard more Java 2 security required invocations with doPriv()

Modified:
    incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/PrivilegedActions.java
    incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/ConfigurationImpl.java
    incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java
    incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/ConstraintDefinitionValidator.java
    incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/SecureActions.java

Modified: incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/PrivilegedActions.java
URL: http://svn.apache.org/viewvc/incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/PrivilegedActions.java?rev=1239676&r1=1239675&r2=1239676&view=diff
==============================================================================
--- incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/PrivilegedActions.java
(original)
+++ incubator/bval/trunk/bval-core/src/main/java/org/apache/bval/util/PrivilegedActions.java
Thu Feb  2 15:39:35 2012
@@ -21,6 +21,10 @@ import java.lang.reflect.InvocationTarge
 import java.lang.reflect.Method;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+import org.apache.commons.lang3.ClassUtils;
 
 /**
  * Description: utility methods to perform actions with AccessController or without. <br/>
@@ -68,7 +72,7 @@ public class PrivilegedActions {
     }
 
     /**
-     * Perform action with AccessController.doPrivileged() if possible.
+     * Perform action with AccessController.doPrivileged() if security if enabled.
      *
      * @param action - the action to run
      * @return result of running the action
@@ -82,6 +86,34 @@ public class PrivilegedActions {
     }
 
     /**
+     * Perform action with AccessController.doPrivileged() if security if enabled.
+     *
+     * @param action - the action to run
+     * @return result of running the action
+     */
+    public static <T> T run(final PrivilegedExceptionAction<T> action) throws
PrivilegedActionException, Exception {
+        if (System.getSecurityManager() != null) {
+            return AccessController.doPrivileged(action);
+        } else {
+            return action.run();
+        }
+    }
+
+    /**
+     * Perform AccessController.doPrivileged() action for ClassUtil.getClass()
+     * 
+     * @return Class
+     * @exception Exception
+     */
+    public static Class<?> getUtilClass(final ClassLoader classLoader, final String
className) throws Exception {
+        return PrivilegedActions.run(new PrivilegedExceptionAction<Class<?>>()
{
+            public Class<?> run() throws Exception {
+                return ClassUtils.getClass(classLoader, className, true);
+            }
+        });
+    }
+
+    /**
      * Return a PrivilegedAction object for clazz.getDeclaredMethod().invoke().
      * 
      * Requires security policy
@@ -93,7 +125,7 @@ public class PrivilegedActions {
      */
     public static Object getAnnotationValue(final Annotation annotation, final String name)
           throws IllegalAccessException, InvocationTargetException {
-        return doPrivileged(new PrivilegedAction<Object>() {
+        return run(new PrivilegedAction<Object>() {
             public Object run() {
                 Method valueMethod;
                 try {
@@ -124,7 +156,7 @@ public class PrivilegedActions {
      * @return Classloader
      */
     public static ClassLoader getClassLoader(final Class<?> clazz) {
-        return doPrivileged(new PrivilegedAction<ClassLoader>() {
+        return run(new PrivilegedAction<ClassLoader>() {
             public ClassLoader run() {
                 ClassLoader cl = Thread.currentThread().getContextClassLoader();
                 if (cl == null) {
@@ -151,21 +183,5 @@ public class PrivilegedActions {
         });
     }
 
-
-
-    /**
-     * Perform action with AccessController.doPrivileged() if possible.
-     *
-     * @param action - the action to run
-     * @return result of running the action
-     */
-    private static <T> T doPrivileged(final PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
-        }
-    }
-
 }
 

Modified: incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/ConfigurationImpl.java
URL: http://svn.apache.org/viewvc/incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/ConfigurationImpl.java?rev=1239676&r1=1239675&r2=1239676&view=diff
==============================================================================
--- incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/ConfigurationImpl.java
(original)
+++ incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/ConfigurationImpl.java
Thu Feb  2 15:39:35 2012
@@ -20,6 +20,7 @@ package org.apache.bval.jsr303;
 
 
 import org.apache.bval.jsr303.resolver.DefaultTraversableResolver;
+import org.apache.bval.jsr303.util.SecureActions;
 import org.apache.bval.jsr303.xml.ValidationParser;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -239,6 +240,10 @@ public class ConfigurationImpl implement
      * @throws ValidationException if the ValidatorFactory cannot be built
      */
     public ValidatorFactory buildValidatorFactory() {
+        return SecureActions.run(SecureActions.doPrivBuildValidatorFactory(this));
+    }
+
+    public ValidatorFactory doPrivBuildValidatorFactory() {
         prepare();
         if (provider != null) {
             return provider.buildValidatorFactory(this);

Modified: incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java
URL: http://svn.apache.org/viewvc/incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java?rev=1239676&r1=1239675&r2=1239676&view=diff
==============================================================================
--- incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java
(original)
+++ incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/resolver/DefaultTraversableResolver.java
Thu Feb  2 15:39:35 2012
@@ -19,12 +19,12 @@ package org.apache.bval.jsr303.resolver;
 import java.lang.annotation.ElementType;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
-import java.security.PrivilegedExceptionAction;
 
 import javax.validation.Path;
 import javax.validation.TraversableResolver;
 
 import org.apache.bval.jsr303.util.ClassHelper;
+import org.apache.bval.util.PrivilegedActions;
 import org.apache.commons.lang3.ClassUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -76,7 +76,7 @@ public class DefaultTraversableResolver 
     private void initJpa() {
         final ClassLoader classLoader = getClassLoader();
         try {
-            getUtilClass(classLoader);
+            PrivilegedActions.getUtilClass(classLoader, PERSISTENCE_UTIL_CLASSNAME);
             log.debug("Found {} on classpath.", PERSISTENCE_UTIL_CLASSNAME);
         } catch (Exception e) {
             log.debug("Cannot find {} on classpath. All properties will per default be traversable.",
PERSISTENCE_UTIL_CLASSNAME);
@@ -119,18 +119,4 @@ public class DefaultTraversableResolver 
       final ClassLoader loader = Thread.currentThread().getContextClassLoader();
       return (loader != null) ? loader : ClassHelper.class.getClassLoader();
     }
-
-    private static Class<?> getUtilClass(final ClassLoader classLoader) throws Exception
{
-        return (System.getSecurityManager() == null) 
-            ? getUtilClass0(classLoader)
-            : AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>()
{
-                    public Class<?> run() throws Exception {
-                        return getUtilClass0(classLoader);
-                    }
-                });
-    }
-
-    private static Class<?> getUtilClass0(ClassLoader classLoader) throws Exception
{
-        return ClassUtils.getClass(classLoader, PERSISTENCE_UTIL_CLASSNAME, true);
-    }
 }

Modified: incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/ConstraintDefinitionValidator.java
URL: http://svn.apache.org/viewvc/incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/ConstraintDefinitionValidator.java?rev=1239676&r1=1239675&r2=1239676&view=diff
==============================================================================
--- incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/ConstraintDefinitionValidator.java
(original)
+++ incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/ConstraintDefinitionValidator.java
Thu Feb  2 15:39:35 2012
@@ -57,7 +57,7 @@ public class ConstraintDefinitionValidat
      *            The annotation to check.
      */
     private static void validAttributes(final Annotation annotation) {
-        final Method[] methods = SecureActions.doPrivileged(
+        final Method[] methods = SecureActions.run(
             SecureActions.getDeclaredMethods(annotation.annotationType())
         );
         for (Method method : methods ){

Modified: incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/SecureActions.java
URL: http://svn.apache.org/viewvc/incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/SecureActions.java?rev=1239676&r1=1239675&r2=1239676&view=diff
==============================================================================
--- incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/SecureActions.java
(original)
+++ incubator/bval/trunk/bval-jsr303/src/main/java/org/apache/bval/jsr303/util/SecureActions.java
Thu Feb  2 15:39:35 2012
@@ -22,9 +22,11 @@ import java.lang.reflect.AccessibleObjec
 import java.lang.reflect.Field;
 import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
-import java.security.AccessController;
 import java.security.PrivilegedAction;
 
+import javax.validation.ValidatorFactory;
+
+import org.apache.bval.jsr303.ConfigurationImpl;
 import org.apache.bval.util.PrivilegedActions;
 
 /**
@@ -120,12 +122,15 @@ public class SecureActions extends Privi
         }
     }
 
-    static <T> T doPrivileged(final PrivilegedAction<T> action) {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(action);
-        } else {
-            return action.run();
-        }
+    /**
+     * Create a privileged action for ConfigurationImpl.buildValidatorFactory.
+     */
+    public static PrivilegedAction<ValidatorFactory> doPrivBuildValidatorFactory(final
ConfigurationImpl config) {
+        return new PrivilegedAction<ValidatorFactory>() {
+            public ValidatorFactory run() {
+                return config.doPrivBuildValidatorFactory();
+            }
+        };
     }
 
     private static final class GetContextClassLoader extends Object implements PrivilegedAction<ClassLoader>
{



Mime
View raw message