root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

+ add security manager checks to avoid the creation of inner privileged action classes

This commit is contained in:
Costin Leau 2009-08-24 15:53:48 +00:00
parent 04b619ebfb
commit 0179c66d2a
1 changed files with 22 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
org.springframework.beans/src/main/java/org/springframework/beans/factory/support/SimpleInstantiationStrategy.java
View File

@ -54,12 +54,15 @@ public class SimpleInstantiationStrategy implements InstantiationStrategy {
throw new BeanInstantiationException(clazz, "Specified class is an interface");
}
try {
if (System.getSecurityManager() != null) {
constructorToUse = AccessController.doPrivileged(new PrivilegedExceptionAction<Constructor>() {
public Constructor run() throws Exception {
return clazz.getDeclaredConstructor((Class[]) null);
}
});
} else {
constructorToUse = clazz.getDeclaredConstructor((Class[]) null);
}
beanDefinition.resolvedConstructorOrFactoryMethod = constructorToUse;
}
catch (Exception ex) {
@ -127,14 +130,19 @@ public class SimpleInstantiationStrategy implements InstantiationStrategy {
Object factoryBean, final Method factoryMethod, Object[] args) {
try {
// It's a static method if the target is null.
if (System.getSecurityManager() != null) {
AccessController.doPrivileged(new PrivilegedAction<Object>() {
public Object run() {
ReflectionUtils.makeAccessible(factoryMethod);
return null;
}
});
}
else {
ReflectionUtils.makeAccessible(factoryMethod);
}
// It's a static method if the target is null.
return factoryMethod.invoke(factoryBean, args);
}
catch (IllegalArgumentException ex) {
@ -151,5 +159,4 @@ public class SimpleInstantiationStrategy implements InstantiationStrategy {
"Factory method [" + factoryMethod + "] threw exception", ex.getTargetException());
}
}
}