You are viewing a plain text version of this content. The canonical link for it is here.
Posted to scm@geronimo.apache.org by ga...@apache.org on 2009/07/22 22:11:18 UTC
svn commit: r796863 - in
/geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint:
./ container/ utils/
Author: gawor
Date: Wed Jul 22 20:11:18 2009
New Revision: 796863
URL: http://svn.apache.org/viewvc?rev=796863&view=rev
Log:
more security checks
Modified:
geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/ExtendedBlueprintContainer.java
geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/AggregateConverter.java
geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BeanRecipe.java
geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BlueprintContainerImpl.java
geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/utils/ReflectionUtils.java
Modified: geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/ExtendedBlueprintContainer.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/ExtendedBlueprintContainer.java?rev=796863&r1=796862&r2=796863&view=diff
==============================================================================
--- geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/ExtendedBlueprintContainer.java (original)
+++ geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/ExtendedBlueprintContainer.java Wed Jul 22 20:11:18 2009
@@ -16,6 +16,7 @@
*/
package org.apache.geronimo.blueprint;
+import java.security.AccessControlContext;
import java.util.Dictionary;
import java.util.List;
@@ -55,5 +56,7 @@
ServiceRegistration registerService(String[] classes, Object service, Dictionary properties);
Object getService(ServiceReference reference);
+
+ AccessControlContext getAccessControlContext();
}
Modified: geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/AggregateConverter.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/AggregateConverter.java?rev=796863&r1=796862&r2=796863&view=diff
==============================================================================
--- geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/AggregateConverter.java (original)
+++ geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/AggregateConverter.java Wed Jul 22 20:11:18 2009
@@ -40,6 +40,8 @@
import org.apache.geronimo.blueprint.ExtendedBlueprintContainer;
import org.apache.geronimo.blueprint.di.CollectionRecipe;
import org.apache.geronimo.blueprint.di.MapRecipe;
+import org.apache.geronimo.blueprint.utils.ReflectionUtils;
+
import static org.apache.geronimo.blueprint.utils.ReflectionUtils.getRealCause;
import org.osgi.service.blueprint.container.ReifiedType;
import org.osgi.service.blueprint.container.Converter;
@@ -244,7 +246,7 @@
}
}
- private static Object createObject(String value, Class type) throws Exception {
+ private Object createObject(String value, Class type) throws Exception {
if (type.isInterface() || Modifier.isAbstract(type.getModifiers())) {
throw new Exception("Unable to convert value " + value + " to type " + type + ". Type " + type + " is an interface or an abstract class");
}
@@ -255,15 +257,16 @@
throw new RuntimeException("Unable to convert to " + type);
}
try {
- return constructor.newInstance(value);
+ return ReflectionUtils.newInstance(blueprintContainer.getAccessControlContext(), constructor, value);
} catch (Exception e) {
throw new Exception("Unable to convert ", getRealCause(e));
}
}
-
+
private Object convertToCollection(Object obj, ReifiedType type) throws Exception {
ReifiedType valueType = type.getActualTypeArgument(0);
- Collection newCol = (Collection) CollectionRecipe.getCollection(toClass(type)).newInstance();
+ Collection newCol = (Collection) ReflectionUtils.newInstance(blueprintContainer.getAccessControlContext(),
+ CollectionRecipe.getCollection(toClass(type)));
if (obj.getClass().isArray()) {
for (int i = 0; i < Array.getLength(obj); i++) {
try {
@@ -313,7 +316,8 @@
private Object convertToMap(Object obj, ReifiedType type) throws Exception {
ReifiedType keyType = type.getActualTypeArgument(0);
ReifiedType valueType = type.getActualTypeArgument(1);
- Map newMap = (Map) MapRecipe.getMap(toClass(type)).newInstance();
+ Map newMap = (Map) ReflectionUtils.newInstance(blueprintContainer.getAccessControlContext(),
+ MapRecipe.getMap(toClass(type)));
if (obj instanceof Dictionary) {
Dictionary dic = (Dictionary) obj;
for (Enumeration keyEnum = dic.keys(); keyEnum.hasMoreElements();) {
@@ -370,7 +374,7 @@
Class u = primitives.get(c);
return u != null ? u : c;
}
-
+
private static final Map<Class, Class> primitives;
static {
primitives = new HashMap<Class, Class>();
Modified: geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BeanRecipe.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BeanRecipe.java?rev=796863&r1=796862&r2=796863&view=diff
==============================================================================
--- geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BeanRecipe.java (original)
+++ geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BeanRecipe.java Wed Jul 22 20:11:18 2009
@@ -197,7 +197,7 @@
if (matches.size() == 1) {
try {
Map.Entry<Method, List<Object>> match = matches.entrySet().iterator().next();
- instance = match.getKey().invoke(factoryObj, match.getValue().toArray());
+ instance = invoke(match.getKey(), factoryObj, match.getValue().toArray());
} catch (Throwable e) {
throw new ComponentDefinitionException("Error when instanciating bean " + getName() + " of class " + getType(), getRealCause(e));
}
@@ -212,7 +212,7 @@
if (matches.size() == 1) {
try {
Map.Entry<Method, List<Object>> match = matches.entrySet().iterator().next();
- instance = match.getKey().invoke(null, match.getValue().toArray());
+ instance = invoke(match.getKey(), null, match.getValue().toArray());
} catch (Throwable e) {
throw new ComponentDefinitionException("Error when instanciating bean " + getName() + " of class " + getType(), getRealCause(e));
}
@@ -230,7 +230,7 @@
if (matches.size() == 1) {
try {
Map.Entry<Constructor, List<Object>> match = matches.entrySet().iterator().next();
- instance = match.getKey().newInstance(match.getValue().toArray());
+ instance = newInstance(match.getKey(), match.getValue().toArray());
} catch (Throwable e) {
throw new ComponentDefinitionException("Error when instanciating bean " + getName() + " of class " + getType(), getRealCause(e));
}
@@ -507,7 +507,7 @@
// call init method
if (initMethod != null) {
try {
- initMethod.invoke(obj);
+ invoke(initMethod, obj, null);
} catch (Throwable t) {
LOGGER.info("Error invoking init method", getRealCause(t));
throw new ComponentDefinitionException("Unable to intialize bean " + getName(), getRealCause(t));
@@ -524,7 +524,7 @@
try {
Method method = getDestroyMethod(obj);
if (method != null) {
- method.invoke(obj);
+ invoke(method, obj, null);
}
} catch (Exception e) {
LOGGER.info("Error invoking destroy method", getRealCause(e));
@@ -539,7 +539,7 @@
Method method = getDestroyMethod(instance);
if (method != null) {
try {
- method.invoke(instance);
+ invoke(method, instance, null);
} catch (Throwable e) {
LOGGER.info("Error destroying bean " + getName(), getRealCause(e));
}
@@ -579,7 +579,7 @@
Method getter = getPropertyDescriptor(clazz, names[i]).getGetter();
if (getter != null) {
try {
- instance = getter.invoke(instance);
+ instance = invoke(getter, instance, null);
clazz = instance.getClass();
} catch (Exception e) {
throw new ComponentDefinitionException("Error getting property: " + names[i] + " on bean " + getName() + " when setting property " + propertyName + " on class " + clazz.getName(), getRealCause(e));
@@ -608,7 +608,7 @@
}
try {
// set value
- setter.invoke(instance, propertyValue);
+ invoke(setter, instance, propertyValue);
} catch (Exception e) {
throw new ComponentDefinitionException("Error setting property: " + setter, getRealCause(e));
}
@@ -625,7 +625,15 @@
}
throw new ComponentDefinitionException("Unable to find property descriptor " + name + " on class " + clazz.getName());
}
-
+
+ private Object invoke(Method method, Object instance, Object... args) throws Exception {
+ return ReflectionUtils.invoke(blueprintContainer.getAccessControlContext(), method, instance, args);
+ }
+
+ private Object newInstance(Constructor constructor, Object... args) throws Exception {
+ return ReflectionUtils.newInstance(blueprintContainer.getAccessControlContext(), constructor, args);
+ }
+
private static Object UNMATCHED = new Object();
private class ArgumentMatcher {
Modified: geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BlueprintContainerImpl.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BlueprintContainerImpl.java?rev=796863&r1=796862&r2=796863&view=diff
==============================================================================
--- geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BlueprintContainerImpl.java (original)
+++ geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/container/BlueprintContainerImpl.java Wed Jul 22 20:11:18 2009
@@ -149,7 +149,7 @@
this.executors = executors;
this.processors = new ArrayList<Processor>();
if (System.getSecurityManager() != null) {
- this.accessControlContext = getAccessControlContext();
+ this.accessControlContext = createAccessControlContext();
}
}
@@ -398,7 +398,7 @@
}
}
- private AccessControlContext getAccessControlContext() {
+ private AccessControlContext createAccessControlContext() {
return new AccessControlContext(AccessController.getContext(),
new DomainCombiner() {
public ProtectionDomain[] combine(ProtectionDomain[] arg0,
@@ -413,6 +413,10 @@
});
}
+ public AccessControlContext getAccessControlContext() {
+ return accessControlContext;
+ }
+
public BlueprintRepository getRepository() {
if (repository == null) {
repository = new RecipeBuilder(this).createRepository();
Modified: geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/utils/ReflectionUtils.java
URL: http://svn.apache.org/viewvc/geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/utils/ReflectionUtils.java?rev=796863&r1=796862&r2=796863&view=diff
==============================================================================
--- geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/utils/ReflectionUtils.java (original)
+++ geronimo/sandbox/blueprint/blueprint-core/src/main/java/org/apache/geronimo/blueprint/utils/ReflectionUtils.java Wed Jul 22 20:11:18 2009
@@ -25,6 +25,10 @@
import java.lang.reflect.Type;
import java.lang.ref.Reference;
import java.lang.ref.SoftReference;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -197,6 +201,54 @@
return new String(chars);
}
+ public static Object invoke(AccessControlContext acc, final Method method, final Object instance, final Object... args) throws Exception {
+ if (acc == null) {
+ return method.invoke(instance, args);
+ } else {
+ try {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+ public Object run() throws Exception {
+ return method.invoke(instance, args);
+ }
+ }, acc);
+ } catch (PrivilegedActionException e) {
+ throw e.getException();
+ }
+ }
+ }
+
+ public static Object newInstance(AccessControlContext acc, final Class clazz) throws Exception {
+ if (acc == null) {
+ return clazz.newInstance();
+ } else {
+ try {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+ public Object run() throws Exception {
+ return clazz.newInstance();
+ }
+ }, acc);
+ } catch (PrivilegedActionException e) {
+ throw e.getException();
+ }
+ }
+ }
+
+ public static Object newInstance(AccessControlContext acc, final Constructor constructor, final Object... args) throws Exception {
+ if (acc == null) {
+ return constructor.newInstance(args);
+ } else {
+ try {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+ public Object run() throws Exception {
+ return constructor.newInstance(args);
+ }
+ }, acc);
+ } catch (PrivilegedActionException e) {
+ throw e.getException();
+ }
+ }
+ }
+
public static class PropertyDescriptor {
private String name;
private Class type;