root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

+ add security manager checks to avoid the creation of inner privileged action classes

This commit is contained in:
Costin Leau 2009-08-24 15:53:48 +00:00
parent 04b619ebfb
commit 0179c66d2a
1 changed files with 22 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
org.springframework.beans/src/main/java/org/springframework/beans/factory/support/SimpleInstantiationStrategy.java
View File

@ -54,12 +54,15 @@ public class SimpleInstantiationStrategy implements InstantiationStrategy {
throw new BeanInstantiationException(clazz, "Specified class is an interface"); throw new BeanInstantiationException(clazz, "Specified class is an interface");
} }
try { try {
if (System.getSecurityManager() != null) {
constructorToUse = AccessController.doPrivileged(new PrivilegedExceptionAction<Constructor>() { constructorToUse = AccessController.doPrivileged(new PrivilegedExceptionAction<Constructor>() {
public Constructor run() throws Exception { public Constructor run() throws Exception {
return clazz.getDeclaredConstructor((Class[]) null); return clazz.getDeclaredConstructor((Class[]) null);
} }
}); });
} else {
constructorToUse = clazz.getDeclaredConstructor((Class[]) null);
}
beanDefinition.resolvedConstructorOrFactoryMethod = constructorToUse; beanDefinition.resolvedConstructorOrFactoryMethod = constructorToUse;
} }
catch (Exception ex) { catch (Exception ex) {
@ -127,14 +130,19 @@ public class SimpleInstantiationStrategy implements InstantiationStrategy {
Object factoryBean, final Method factoryMethod, Object[] args) { Object factoryBean, final Method factoryMethod, Object[] args) {
try { try {
// It's a static method if the target is null. if (System.getSecurityManager() != null) {
AccessController.doPrivileged(new PrivilegedAction<Object>() { AccessController.doPrivileged(new PrivilegedAction<Object>() {
public Object run() { public Object run() {
ReflectionUtils.makeAccessible(factoryMethod); ReflectionUtils.makeAccessible(factoryMethod);
return null; return null;
} }
}); });
}
else {
ReflectionUtils.makeAccessible(factoryMethod);
}
// It's a static method if the target is null.
return factoryMethod.invoke(factoryBean, args); return factoryMethod.invoke(factoryBean, args);
} }
catch (IllegalArgumentException ex) { catch (IllegalArgumentException ex) {
@ -151,5 +159,4 @@ public class SimpleInstantiationStrategy implements InstantiationStrategy {
"Factory method [" + factoryMethod + "] threw exception", ex.getTargetException()); "Factory method [" + factoryMethod + "] threw exception", ex.getTargetException());
} }
} }
} }