You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwebbeans.apache.org by st...@apache.org on 2011/03/21 22:47:17 UTC
svn commit: r1083977 -
/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java
Author: struberg
Date: Mon Mar 21 21:47:17 2011
New Revision: 1083977
URL: http://svn.apache.org/viewvc?rev=1083977&view=rev
Log:
OWB-545 add security handling for SecurityService creation
We only allow creation of the ManagedSecurityService from
within the WebBeansContext!
Modified:
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java
Modified: openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java
URL: http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java?rev=1083977&r1=1083976&r2=1083977&view=diff
==============================================================================
--- openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java (original)
+++ openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java Mon Mar 21 21:47:17 2011
@@ -18,6 +18,7 @@
*/
package org.apache.webbeans.corespi.security;
+import org.apache.webbeans.config.WebBeansContext;
import org.apache.webbeans.exception.WebBeansException;
import org.apache.webbeans.spi.SecurityService;
@@ -52,7 +53,16 @@ public class ManagedSecurityService impl
private static final PrivilegedActionGetSystemProperties SYSTEM_PROPERTY_ACTION = new PrivilegedActionGetSystemProperties();
-
+ public ManagedSecurityService()
+ {
+ // we need to make sure that only WebBeansContext gets used to create us!
+ StackTraceElement[] stackTrace = Thread.currentThread().getStackTrace();
+ String declaringClass = stackTrace[6].getClassName();
+ if (!declaringClass.equals(WebBeansContext.class.getName()))
+ {
+ throw new SecurityException("ManagedSecurityService must directly get created by WebBeansContext!");
+ }
+ }
@Override
public Principal getCurrentPrincipal()