You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by mu...@apache.org on 2022/04/25 19:15:01 UTC
[santuario-xml-security-java] branch 2.1.x-fixes updated: Replace calls to deprecated Class.newInstance() API with Class.getDeclaredConstructor().newInstance().
This is an automated email from the ASF dual-hosted git repository.
mullan pushed a commit to branch 2.1.x-fixes
in repository https://gitbox.apache.org/repos/asf/santuario-xml-security-java.git
The following commit(s) were added to refs/heads/2.1.x-fixes by this push:
new 5c27c53e Replace calls to deprecated Class.newInstance() API with Class.getDeclaredConstructor().newInstance().
5c27c53e is described below
commit 5c27c53eae4164f38e8e8f47f0885081292b93b8
Author: Sean Mullan <se...@oracle.com>
AuthorDate: Mon Apr 25 15:13:40 2022 -0400
Replace calls to deprecated Class.newInstance() API with Class.getDeclaredConstructor().newInstance().
---
.../security/algorithms/SignatureAlgorithm.java | 2 +-
.../apache/xml/security/c14n/Canonicalizer.java | 2 +-
.../xml/security/keys/keyresolver/KeyResolver.java | 11 ++++++-----
.../stax/config/ResourceResolverMapper.java | 3 ++-
.../xml/security/stax/ext/XMLSecurityUtils.java | 3 ++-
.../stax/securityToken/SecurityTokenFactory.java | 3 ++-
.../apache/xml/security/transforms/Transform.java | 4 ++--
.../org/apache/xml/security/utils/JavaUtils.java | 22 ++++++++++++++++++++++
.../security/utils/resolver/ResourceResolver.java | 4 ++--
9 files changed, 40 insertions(+), 14 deletions(-)
diff --git a/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java b/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
index 05259d71..90a263c7 100644
--- a/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
+++ b/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
@@ -148,7 +148,7 @@ public class SignatureAlgorithm extends Algorithm {
Object exArgs[] = { algorithmURI };
throw new XMLSignatureException("algorithms.NoSuchAlgorithmNoEx", exArgs);
}
- return implementingClass.newInstance();
+ return JavaUtils.newInstanceWithEmptyConstructor(implementingClass);
} catch (IllegalAccessException | InstantiationException | NullPointerException ex) {
Object exArgs[] = { algorithmURI, ex.getMessage() };
throw new XMLSignatureException(ex, "algorithms.NoSuchAlgorithm", exArgs);
diff --git a/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java b/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java
index dd89d96f..f58f9ae9 100644
--- a/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java
+++ b/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java
@@ -110,7 +110,7 @@ public class Canonicalizer {
Class<? extends CanonicalizerSpi> implementingClass =
canonicalizerHash.get(algorithmURI);
- canonicalizerSpi = implementingClass.newInstance();
+ canonicalizerSpi = JavaUtils.newInstanceWithEmptyConstructor(implementingClass);
canonicalizerSpi.reset = true;
} catch (Exception e) {
Object exArgs[] = { algorithmURI };
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java
index e123a0c2..5190e17b 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java
@@ -175,8 +175,8 @@ public class KeyResolver {
public static void register(String className, boolean globalResolver)
throws ClassNotFoundException, IllegalAccessException, InstantiationException {
JavaUtils.checkRegisterPermission();
- KeyResolverSpi keyResolverSpi =
- (KeyResolverSpi) ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
+ KeyResolverSpi keyResolverSpi = (KeyResolverSpi)
+ JavaUtils.newInstanceWithEmptyConstructor(ClassLoaderUtils.loadClass(className, KeyResolver.class));
keyResolverSpi.setGlobalResolver(globalResolver);
register(keyResolverSpi, false);
}
@@ -200,7 +200,8 @@ public class KeyResolver {
KeyResolverSpi keyResolverSpi = null;
Exception ex = null;
try {
- keyResolverSpi = (KeyResolverSpi) ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
+ keyResolverSpi = (KeyResolverSpi)
+ JavaUtils.newInstanceWithEmptyConstructor(ClassLoaderUtils.loadClass(className, KeyResolver.class));
keyResolverSpi.setGlobalResolver(globalResolver);
register(keyResolverSpi, true);
} catch (ClassNotFoundException e) {
@@ -265,8 +266,8 @@ public class KeyResolver {
JavaUtils.checkRegisterPermission();
List<KeyResolver> keyResolverList = new ArrayList<>(classNames.size());
for (String className : classNames) {
- KeyResolverSpi keyResolverSpi =
- (KeyResolverSpi)ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
+ KeyResolverSpi keyResolverSpi = (KeyResolverSpi)
+ JavaUtils.newInstanceWithEmptyConstructor(ClassLoaderUtils.loadClass(className, KeyResolver.class));
keyResolverSpi.setGlobalResolver(false);
keyResolverList.add(new KeyResolver(keyResolverSpi));
}
diff --git a/src/main/java/org/apache/xml/security/stax/config/ResourceResolverMapper.java b/src/main/java/org/apache/xml/security/stax/config/ResourceResolverMapper.java
index 93d63e69..5af43638 100644
--- a/src/main/java/org/apache/xml/security/stax/config/ResourceResolverMapper.java
+++ b/src/main/java/org/apache/xml/security/stax/config/ResourceResolverMapper.java
@@ -22,6 +22,7 @@ import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.ResourceResolver;
import org.apache.xml.security.stax.ext.ResourceResolverLookup;
import org.apache.xml.security.utils.ClassLoaderUtils;
+import org.apache.xml.security.utils.JavaUtils;
import org.apache.xml.security.configuration.ResolverType;
import org.apache.xml.security.configuration.ResourceResolversType;
@@ -44,7 +45,7 @@ public class ResourceResolverMapper {
for (int i = 0; i < handlerList.size(); i++) {
ResolverType uriResolverType = handlerList.get(i);
resourceResolvers.add((ResourceResolverLookup)
- ClassLoaderUtils.loadClass(uriResolverType.getJAVACLASS(), callingClass).newInstance());
+ JavaUtils.newInstanceWithEmptyConstructor(ClassLoaderUtils.loadClass(uriResolverType.getJAVACLASS(), callingClass)));
}
}
diff --git a/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java b/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java
index 8c31311f..c1d72b43 100644
--- a/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java
+++ b/src/main/java/org/apache/xml/security/stax/ext/XMLSecurityUtils.java
@@ -32,6 +32,7 @@ import org.apache.xml.security.stax.securityEvent.*;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.utils.ClassLoaderUtils;
+import org.apache.xml.security.utils.JavaUtils;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.ls.LSInput;
import org.w3c.dom.ls.LSResourceResolver;
@@ -126,7 +127,7 @@ public class XMLSecurityUtils {
Transformer childTransformer = null;
try {
- childTransformer = transformerClass.newInstance();
+ childTransformer = JavaUtils.newInstanceWithEmptyConstructor(transformerClass);
if (properties != null) {
childTransformer.setProperties(properties);
}
diff --git a/src/main/java/org/apache/xml/security/stax/securityToken/SecurityTokenFactory.java b/src/main/java/org/apache/xml/security/stax/securityToken/SecurityTokenFactory.java
index 871e137c..977cc7e4 100644
--- a/src/main/java/org/apache/xml/security/stax/securityToken/SecurityTokenFactory.java
+++ b/src/main/java/org/apache/xml/security/stax/securityToken/SecurityTokenFactory.java
@@ -24,6 +24,7 @@ import org.apache.xml.security.stax.config.ConfigurationProperties;
import org.apache.xml.security.stax.ext.InboundSecurityContext;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.utils.ClassLoaderUtils;
+import org.apache.xml.security.utils.JavaUtils;
/**
* Factory to create SecurityToken Objects from keys in XML
@@ -49,7 +50,7 @@ public abstract class SecurityTokenFactory {
@SuppressWarnings("unchecked")
Class<SecurityTokenFactory> securityTokenFactoryClass =
(Class<SecurityTokenFactory>) ClassLoaderUtils.loadClass(stf, callingClass);
- securityTokenFactory = securityTokenFactoryClass.newInstance();
+ securityTokenFactory = JavaUtils.newInstanceWithEmptyConstructor(securityTokenFactoryClass);
} catch (ClassNotFoundException e) {
throw new XMLSecurityException(e, "algorithm.ClassDoesNotExist", new Object[]{stf});
} catch (InstantiationException e) {
diff --git a/src/main/java/org/apache/xml/security/transforms/Transform.java b/src/main/java/org/apache/xml/security/transforms/Transform.java
index 3200dfb7..4a8b941a 100644
--- a/src/main/java/org/apache/xml/security/transforms/Transform.java
+++ b/src/main/java/org/apache/xml/security/transforms/Transform.java
@@ -156,7 +156,7 @@ public final class Transform extends SignatureElementProxy {
throw new InvalidTransformException("signature.Transform.UnknownTransform", exArgs);
}
try {
- transformSpi = transformSpiClass.newInstance();
+ transformSpi = JavaUtils.newInstanceWithEmptyConstructor(transformSpiClass);
} catch (InstantiationException ex) {
Object exArgs[] = { algorithmURI };
throw new InvalidTransformException(
@@ -342,7 +342,7 @@ public final class Transform extends SignatureElementProxy {
}
TransformSpi newTransformSpi = null;
try {
- newTransformSpi = transformSpiClass.newInstance();
+ newTransformSpi = JavaUtils.newInstanceWithEmptyConstructor(transformSpiClass);
} catch (InstantiationException ex) {
Object exArgs[] = { algorithmURI };
throw new InvalidTransformException(
diff --git a/src/main/java/org/apache/xml/security/utils/JavaUtils.java b/src/main/java/org/apache/xml/security/utils/JavaUtils.java
index a7ca00db..0727d0ba 100644
--- a/src/main/java/org/apache/xml/security/utils/JavaUtils.java
+++ b/src/main/java/org/apache/xml/security/utils/JavaUtils.java
@@ -22,6 +22,7 @@ import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.lang.reflect.InvocationTargetException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.SecurityPermission;
@@ -218,4 +219,25 @@ public final class JavaUtils {
sm.checkPermission(REGISTER_PERMISSION);
}
}
+
+ /**
+ * Creates a new instance of this class with the empty constructor.
+ *
+ * @param clazz the class
+ * @param <T> the type of the class
+ * @return the new instance
+ * @throws InstantiationException
+ * @throws IllegalAccessException
+ */
+ public static <T> T newInstanceWithEmptyConstructor(Class<T> clazz)
+ throws InstantiationException, IllegalAccessException {
+ try {
+ return clazz.getDeclaredConstructor().newInstance();
+ } catch (NoSuchMethodException | InvocationTargetException e) {
+ // wrap exception to preserve compatibility with APIs
+ // that call this method
+ throw (InstantiationException)
+ new InstantiationException(clazz.getName()).initCause(e);
+ }
+ }
}
diff --git a/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java b/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java
index 6ef694d7..2118bc9b 100644
--- a/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java
+++ b/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java
@@ -88,7 +88,7 @@ public class ResourceResolver {
if (!resolver.resolverSpi.engineIsThreadSafe()) {
try {
resolverTmp =
- new ResourceResolver(resolver.resolverSpi.getClass().newInstance());
+ new ResourceResolver(JavaUtils.newInstanceWithEmptyConstructor(resolver.resolverSpi.getClass()));
} catch (InstantiationException e) {
throw new ResourceResolverException(e, context.uriToResolve, context.baseUri, "");
} catch (IllegalAccessException e) {
@@ -228,7 +228,7 @@ public class ResourceResolver {
public static void register(Class<? extends ResourceResolverSpi> className, boolean start) {
JavaUtils.checkRegisterPermission();
try {
- ResourceResolverSpi resourceResolverSpi = className.newInstance();
+ ResourceResolverSpi resourceResolverSpi = JavaUtils.newInstanceWithEmptyConstructor(className);
register(resourceResolverSpi, start);
} catch (IllegalAccessException e) {
LOG.warn("Error loading resolver " + className + " disabling it");