root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

+ add security manager checks to avoid the creation of inner privileged action classes 

git-svn-id: https://src.springframework.org/svn/spring-framework/trunk@1753 50f2f4bb-b051-0410-bef5-90022cba6387
This commit is contained in:
Costin Leau 2009-08-24 15:53:48 +00:00
parent 5ff66e9757
commit 503c7d9faa
1 changed files with 22 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
org.springframework.beans/src/main/java/org/springframework/beans/factory/support/SimpleInstantiationStrategy.java
View File

@ -54,12 +54,15 @@ public class SimpleInstantiationStrategy implements InstantiationStrategy {
throw new BeanInstantiationException(clazz, "Specified class is an interface");
}
try {
constructorToUse = AccessController.doPrivileged(new PrivilegedExceptionAction<Constructor>() {
public Constructor run() throws Exception {
return clazz.getDeclaredConstructor((Class[]) null);
}
});
if (System.getSecurityManager() != null) {
constructorToUse = AccessController.doPrivileged(new PrivilegedExceptionAction<Constructor>() {
public Constructor run() throws Exception {
return clazz.getDeclaredConstructor((Class[]) null);
}
});
} else {
constructorToUse = clazz.getDeclaredConstructor((Class[]) null);
}
beanDefinition.resolvedConstructorOrFactoryMethod = constructorToUse;
}
catch (Exception ex) {
@ -127,14 +130,19 @@ public class SimpleInstantiationStrategy implements InstantiationStrategy {
Object factoryBean, final Method factoryMethod, Object[] args) {
try {
if (System.getSecurityManager() != null) {
AccessController.doPrivileged(new PrivilegedAction<Object>() {
public Object run() {
ReflectionUtils.makeAccessible(factoryMethod);
return null;
}
});
}
else {
ReflectionUtils.makeAccessible(factoryMethod);
}
// It's a static method if the target is null.
AccessController.doPrivileged(new PrivilegedAction<Object>() {
public Object run() {
ReflectionUtils.makeAccessible(factoryMethod);
return null;
}
});
return factoryMethod.invoke(factoryBean, args);
}
catch (IllegalArgumentException ex) {
@ -151,5 +159,4 @@ public class SimpleInstantiationStrategy implements InstantiationStrategy {
"Factory method [" + factoryMethod + "] threw exception", ex.getTargetException());
}
}
}
}