You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xerces.apache.org by mr...@apache.org on 2013/02/25 05:21:15 UTC
svn commit: r1449590 - in
/xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src:
javax/xml/datatype/ javax/xml/parsers/ javax/xml/transform/
javax/xml/validation/ javax/xml/xpath/ org/w3c/dom/bootstrap/
org/xml/sax/helpers/
Author: mrglavas
Date: Mon Feb 25 04:21:15 2013
New Revision: 1449590
URL: http://svn.apache.org/r1449590
Log:
Align JAXP API factory code with ObjectFactory classes in Xerces and Xalan which make explicit calls to checkPackageAccess() before loading classes.
Modified:
xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/datatype/FactoryFinder.java
xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/parsers/FactoryFinder.java
xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/transform/FactoryFinder.java
xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/validation/SchemaFactoryFinder.java
xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/xpath/XPathFactoryFinder.java
xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java
xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/org/xml/sax/helpers/NewInstance.java
Modified: xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/datatype/FactoryFinder.java
URL: http://svn.apache.org/viewvc/xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/datatype/FactoryFinder.java?rev=1449590&r1=1449589&r2=1449590&view=diff
==============================================================================
--- xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/datatype/FactoryFinder.java (original)
+++ xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/datatype/FactoryFinder.java Mon Feb 25 04:21:15 2013
@@ -147,6 +147,16 @@ final class FactoryFinder {
throws ConfigurationError {
try {
+ // throw security exception if the calling thread is not allowed to access the package
+ // restrict the access to package as specified in java.security policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
Class spiClass;
if (classLoader == null) {
spiClass = Class.forName(className);
Modified: xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/parsers/FactoryFinder.java
URL: http://svn.apache.org/viewvc/xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/parsers/FactoryFinder.java?rev=1449590&r1=1449589&r2=1449590&view=diff
==============================================================================
--- xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/parsers/FactoryFinder.java (original)
+++ xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/parsers/FactoryFinder.java Mon Feb 25 04:21:15 2013
@@ -100,6 +100,16 @@ final class FactoryFinder {
// assert(className != null);
try {
+ // throw security exception if the calling thread is not allowed to access the package
+ // restrict the access to package as specified in java.security policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
Class providerClass;
if (cl == null) {
// If classloader is null Use the bootstrap ClassLoader.
Modified: xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/transform/FactoryFinder.java
URL: http://svn.apache.org/viewvc/xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/transform/FactoryFinder.java?rev=1449590&r1=1449589&r2=1449590&view=diff
==============================================================================
--- xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/transform/FactoryFinder.java (original)
+++ xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/transform/FactoryFinder.java Mon Feb 25 04:21:15 2013
@@ -100,6 +100,16 @@ final class FactoryFinder {
// assert(className != null);
try {
+ // throw security exception if the calling thread is not allowed to access the package
+ // restrict the access to package as specified in java.security policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
Class providerClass;
if (cl == null) {
// If classloader is null Use the bootstrap ClassLoader.
Modified: xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/validation/SchemaFactoryFinder.java
URL: http://svn.apache.org/viewvc/xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/validation/SchemaFactoryFinder.java?rev=1449590&r1=1449589&r2=1449590&view=diff
==============================================================================
--- xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/validation/SchemaFactoryFinder.java (original)
+++ xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/validation/SchemaFactoryFinder.java Mon Feb 25 04:21:15 2013
@@ -290,6 +290,16 @@ final class SchemaFactoryFinder {
*/
private SchemaFactory createInstance( String className ) {
try {
+ // throw security exception if the calling thread is not allowed to access the package
+ // restrict the access to package as specified in java.security policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
if (debug) debugPrintln("instanciating "+className);
Class clazz;
if( classLoader!=null )
Modified: xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/xpath/XPathFactoryFinder.java
URL: http://svn.apache.org/viewvc/xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/xpath/XPathFactoryFinder.java?rev=1449590&r1=1449589&r2=1449590&view=diff
==============================================================================
--- xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/xpath/XPathFactoryFinder.java (original)
+++ xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/javax/xml/xpath/XPathFactoryFinder.java Mon Feb 25 04:21:15 2013
@@ -268,6 +268,16 @@ final class XPathFactoryFinder {
*/
private XPathFactory createInstance( String className ) {
try {
+ // throw security exception if the calling thread is not allowed to access the package
+ // restrict the access to package as specified in java.security policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
if (debug) debugPrintln("instanciating "+className);
Class clazz;
if( classLoader!=null )
Modified: xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java
URL: http://svn.apache.org/viewvc/xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java?rev=1449590&r1=1449589&r2=1449590&view=diff
==============================================================================
--- xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java (original)
+++ xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java Mon Feb 25 04:21:15 2013
@@ -138,6 +138,16 @@ public final class DOMImplementationRegi
StringTokenizer st = new StringTokenizer(p);
while (st.hasMoreTokens()) {
String sourceName = st.nextToken();
+ // throw security exception if the calling thread is not allowed to access the package
+ // restrict the access to package as specified in java.security policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = sourceName.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = sourceName.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
// Use context class loader, falling back to Class.forName
// if and only if this fails...
Class sourceClass = null;
Modified: xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/org/xml/sax/helpers/NewInstance.java
URL: http://svn.apache.org/viewvc/xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/org/xml/sax/helpers/NewInstance.java?rev=1449590&r1=1449589&r2=1449590&view=diff
==============================================================================
--- xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/org/xml/sax/helpers/NewInstance.java (original)
+++ xerces/xml-commons/branches/tck-jaxp-1_3_0/java/external/src/org/xml/sax/helpers/NewInstance.java Mon Feb 25 04:21:15 2013
@@ -50,6 +50,16 @@ class NewInstance {
throws ClassNotFoundException, IllegalAccessException,
InstantiationException
{
+ // throw security exception if the calling thread is not allowed to access the package
+ // restrict the access to package as specified in java.security policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
Class driverClass;
if (classLoader == null) {
// XXX Use the bootstrap ClassLoader. There is no way to
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@xerces.apache.org
For additional commands, e-mail: commits-help@xerces.apache.org