You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@myfaces.apache.org by pa...@apache.org on 2023/01/04 01:05:49 UTC
[myfaces] branch main updated: MYFACES-4540: add doPriv for url.openStream()
This is an automated email from the ASF dual-hosted git repository.
paulnicolucci pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/myfaces.git
The following commit(s) were added to refs/heads/main by this push:
new ab819fe89 MYFACES-4540: add doPriv for url.openStream()
new 42a3abef1 Merge pull request #470 from pnicolucci/MYFACES-4540
ab819fe89 is described below
commit ab819fe892b1bc3d665b9fd15e06819d57efca8f
Author: Paul Nicolucci <pn...@gmail.com>
AuthorDate: Tue Jan 3 19:10:05 2023 -0500
MYFACES-4540: add doPriv for url.openStream()
---
impl/src/main/java/org/apache/myfaces/util/WebXmlParser.java | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/impl/src/main/java/org/apache/myfaces/util/WebXmlParser.java b/impl/src/main/java/org/apache/myfaces/util/WebXmlParser.java
index d6ebb9c40..2e94d0046 100755
--- a/impl/src/main/java/org/apache/myfaces/util/WebXmlParser.java
+++ b/impl/src/main/java/org/apache/myfaces/util/WebXmlParser.java
@@ -23,6 +23,8 @@ import java.io.IOException;
import java.io.InputStream;
import java.net.URISyntaxException;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedExceptionAction;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
@@ -189,7 +191,15 @@ public class WebXmlParser
return null;
}
- is = url.openStream();
+ if (System.getSecurityManager() != null)
+ {
+ is = AccessController.doPrivileged(
+ (PrivilegedExceptionAction<InputStream>) () -> url.openStream());
+ }
+ else
+ {
+ is = url.openStream();
+ }
if (is == null)
{