root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 6 Packages Projects Releases Wiki Activity

Avoid sensitive Proxy.getInvocationHandler call in synthesizeAnnotation 

Issue: SPR-13829
This commit is contained in:
Juergen Hoeller 2015-12-29 21:39:43 +01:00
parent 74d3bceb19
commit aecb8b6c6b
1 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
spring-core/src/main/java/org/springframework/core/annotation/AnnotationUtils.java
View File

@ -495,8 +495,8 @@ public abstract class AnnotationUtils {
// Do NOT store result in the findAnnotationCache since doing so could break // Do NOT store result in the findAnnotationCache since doing so could break
// findAnnotation(Class, Class) and findAnnotation(Method, Class). // findAnnotation(Class, Class) and findAnnotation(Method, Class).
return synthesizeAnnotation( A ann = findAnnotation(annotatedElement, annotationType, new HashSet<Annotation>());
findAnnotation(annotatedElement, annotationType, new HashSet<Annotation>()), annotatedElement); return synthesizeAnnotation(ann, annotatedElement);
} }
/** /**
@ -1360,8 +1360,7 @@ public abstract class AnnotationUtils {
if (annotation == null) { if (annotation == null) {
return null; return null;
} }
if (annotation instanceof SynthesizedAnnotation || (Proxy.isProxyClass(annotation.getClass()) && if (annotation instanceof SynthesizedAnnotation) {
Proxy.getInvocationHandler(annotation) instanceof SynthesizedAnnotationInvocationHandler)) {
return annotation; return annotation;
} }
@ -1373,8 +1372,10 @@ public abstract class AnnotationUtils {
DefaultAnnotationAttributeExtractor attributeExtractor = DefaultAnnotationAttributeExtractor attributeExtractor =
new DefaultAnnotationAttributeExtractor(annotation, annotatedElement); new DefaultAnnotationAttributeExtractor(annotation, annotatedElement);
InvocationHandler handler = new SynthesizedAnnotationInvocationHandler(attributeExtractor); InvocationHandler handler = new SynthesizedAnnotationInvocationHandler(attributeExtractor);
Class<?>[] exposedInterfaces = (canExposeSynthesizedMarker(annotationType) ?
new Class<?>[] {annotationType, SynthesizedAnnotation.class} : new Class<?>[] {annotationType}); // Can always expose Spring's SynthesizedAnnotation marker since we explicitly check for a
// synthesizable annotation before (which needs to declare @AliasFor from the same package)
Class<?>[] exposedInterfaces = new Class<?>[] {annotationType, SynthesizedAnnotation.class};
return (A) Proxy.newProxyInstance(annotation.getClass().getClassLoader(), exposedInterfaces, handler); return (A) Proxy.newProxyInstance(annotation.getClass().getClassLoader(), exposedInterfaces, handler);
} }