You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xerces.apache.org by mr...@apache.org on 2004/11/27 18:59:26 UTC
cvs commit: xml-xerces/java/samples/xni SecuritySupport.java SecuritySupport12.java
mrglavas 2004/11/27 09:59:26
Modified: java/samples/xni SecuritySupport.java
Removed: java/samples/xni SecuritySupport12.java
Log:
Cleaning up SecuritySupport. We no longer need both SecuritySupport and SecuritySupport12
because Xerces now only compiles and runs on J2SE 1.2 or higher. This allows us to tighten up
this class even more.
Revision Changes Path
1.3 +112 -79 xml-xerces/java/samples/xni/SecuritySupport.java
Index: SecuritySupport.java
===================================================================
RCS file: /home/cvs/xml-xerces/java/samples/xni/SecuritySupport.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SecuritySupport.java 24 Feb 2004 23:41:05 -0000 1.2
+++ SecuritySupport.java 27 Nov 2004 17:59:26 -0000 1.3
@@ -16,100 +16,133 @@
package xni;
-import java.io.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
/**
- * This class is duplicated for each JAXP subpackage so keep it in sync.
- * It is package private and therefore is not exposed as part of the JAXP
- * API.
- *
- * Base class with security related methods that work on JDK 1.1.
+ * This class is duplicated for each subpackage so keep it in sync.
+ * It is package private and therefore is not exposed as part of any API.
+ *
+ * @xerces.internal
*/
-class SecuritySupport {
+final class SecuritySupport {
- /*
- * Make this of type Object so that the verifier won't try to
- * prove its type, thus possibly trying to load the SecuritySupport12
- * class.
- */
- private static final Object securitySupport;
-
- static {
- SecuritySupport ss = null;
- try {
- Class c = Class.forName("java.security.AccessController");
- // if that worked, we're on 1.2.
- /*
- // don't reference the class explicitly so it doesn't
- // get dragged in accidentally.
- c = Class.forName("javax.mail.SecuritySupport12");
- Constructor cons = c.getConstructor(new Class[] { });
- ss = (SecuritySupport)cons.newInstance(new Object[] { });
- */
- /*
- * Unfortunately, we can't load the class using reflection
- * because the class is package private. And the class has
- * to be package private so the APIs aren't exposed to other
- * code that could use them to circumvent security. Thus,
- * we accept the risk that the direct reference might fail
- * on some JDK 1.1 JVMs, even though we would never execute
- * this code in such a case. Sigh...
- */
- ss = new SecuritySupport12();
- } catch (Exception ex) {
- // ignore it
- } finally {
- if (ss == null)
- ss = new SecuritySupport();
- securitySupport = ss;
- }
- }
+ private static final SecuritySupport securitySupport = new SecuritySupport();
/**
- * Return an appropriate instance of this class, depending on whether
- * we're on a JDK 1.1 or J2SE 1.2 (or later) system.
+ * Return an instance of this class.
*/
static SecuritySupport getInstance() {
- return (SecuritySupport)securitySupport;
+ return securitySupport;
}
ClassLoader getContextClassLoader() {
- return null;
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = Thread.currentThread().getContextClassLoader();
+ } catch (SecurityException ex) { }
+ return cl;
+ }
+ });
}
-
+
ClassLoader getSystemClassLoader() {
- return null;
- }
-
- ClassLoader getParentClassLoader(ClassLoader cl) {
- return null;
- }
-
- String getSystemProperty(String propName) {
- return System.getProperty(propName);
- }
-
- FileInputStream getFileInputStream(File file)
- throws FileNotFoundException
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = ClassLoader.getSystemClassLoader();
+ } catch (SecurityException ex) {}
+ return cl;
+ }
+ });
+ }
+
+ ClassLoader getParentClassLoader(final ClassLoader cl) {
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader parent = null;
+ try {
+ parent = cl.getParent();
+ } catch (SecurityException ex) {}
+
+ // eliminate loops in case of the boot
+ // ClassLoader returning itself as a parent
+ return (parent == cl) ? null : parent;
+ }
+ });
+ }
+
+ String getSystemProperty(final String propName) {
+ return (String)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty(propName);
+ }
+ });
+ }
+
+ FileInputStream getFileInputStream(final File file)
+ throws FileNotFoundException
{
- return new FileInputStream(file);
- }
-
- InputStream getResourceAsStream(ClassLoader cl, String name) {
- InputStream ris;
- if (cl == null) {
- ris = ClassLoader.getSystemResourceAsStream(name);
- } else {
- ris = cl.getResourceAsStream(name);
+ try {
+ return (FileInputStream)
+ AccessController.doPrivileged(new PrivilegedExceptionAction() {
+ public Object run() throws FileNotFoundException {
+ return new FileInputStream(file);
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (FileNotFoundException)e.getException();
}
- return ris;
}
-
- boolean getFileExists(File f) {
- return f.exists();
- }
-
- long getLastModified(File f) {
- return f.lastModified();
+
+ InputStream getResourceAsStream(final ClassLoader cl,
+ final String name)
+ {
+ return (InputStream)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ InputStream ris;
+ if (cl == null) {
+ ris = ClassLoader.getSystemResourceAsStream(name);
+ } else {
+ ris = cl.getResourceAsStream(name);
+ }
+ return ris;
+ }
+ });
+ }
+
+ boolean getFileExists(final File f) {
+ return ((Boolean)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Boolean(f.exists());
+ }
+ })).booleanValue();
+ }
+
+ long getLastModified(final File f) {
+ return ((Long)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Long(f.lastModified());
+ }
+ })).longValue();
}
+
+ private SecuritySupport () {}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: xerces-cvs-unsubscribe@xml.apache.org
For additional commands, e-mail: xerces-cvs-help@xml.apache.org