You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@openwebbeans.apache.org by st...@apache.org on 2011/03/21 22:47:17 UTC

svn commit: r1083977 - /openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java

Author: struberg
Date: Mon Mar 21 21:47:17 2011
New Revision: 1083977

URL: http://svn.apache.org/viewvc?rev=1083977&view=rev
Log:
OWB-545 add security handling for SecurityService creation

We only allow creation of the ManagedSecurityService from
within the WebBeansContext!

Modified:
    openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java

Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java?rev=1083977&r1=1083976&r2=1083977&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java Mon Mar 21 21:47:17 2011
@@ -18,6 +18,7 @@
  */
 package org.apache.webbeans.corespi.security;
 
+import org.apache.webbeans.config.WebBeansContext;
 import org.apache.webbeans.exception.WebBeansException;
 import org.apache.webbeans.spi.SecurityService;
 
@@ -52,7 +53,16 @@ public class ManagedSecurityService impl
 
     private static final PrivilegedActionGetSystemProperties SYSTEM_PROPERTY_ACTION = new PrivilegedActionGetSystemProperties();
 
-
+    public ManagedSecurityService()
+    {
+        // we need to make sure that only WebBeansContext gets used to create us!
+        StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();
+        String declaringClass = stackTrace[6].getClassName();
+        if (!declaringClass.equals(WebBeansContext.class.getName()))
+        {
+            throw new SecurityException("ManagedSecurityService must directly get created by WebBeansContext!");
+        }
+    }
 
     @Override
     public Principal getCurrentPrincipal()