You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2020/11/25 06:25:33 UTC

[cxf] 01/02: [CXF-8378]:Fix NoClassDefFoundError: org/apache/cxf/common/util/Refle… (#728)

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch 3.4.x-fixes
in repository https://gitbox.apache.org/repos/asf/cxf.git

commit b2b31ec4519df505b7d9b5b4d2f34b440b04133c
Author: jimma <em...@apache.org>
AuthorDate: Wed Nov 25 08:59:56 2020 +0800

    [CXF-8378]:Fix NoClassDefFoundError: org/apache/cxf/common/util/Refle… (#728)
    
    * [CXF-8378]:Fix NoClassDefFoundError: org/apache/cxf/common/util/ReflectionUtil
    
    (cherry picked from commit 2acb47125c3ab36278648128f93e5ec456bcd713)
---
 .../transport/http/ReferencingAuthenticator.java   | 46 ++++++++++++++++++----
 1 file changed, 38 insertions(+), 8 deletions(-)

diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/ReferencingAuthenticator.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/ReferencingAuthenticator.java
index 547f7df..2b63316 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/ReferencingAuthenticator.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/ReferencingAuthenticator.java
@@ -25,12 +25,14 @@ import java.lang.reflect.Method;
 import java.lang.reflect.Modifier;
 import java.net.Authenticator;
 import java.net.PasswordAuthentication;
-
-import org.apache.cxf.common.util.ReflectionUtil;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 
 public class ReferencingAuthenticator extends Authenticator {
+    private static final boolean SKIPCHECK = System.getSecurityManager() == null;
     final Reference<Authenticator> auth;
     final Authenticator wrapped;
+
     public ReferencingAuthenticator(Authenticator cxfauth, Authenticator wrapped) {
         this.auth = new WeakReference<>(cxfauth);
         this.wrapped = wrapped;
@@ -78,13 +80,14 @@ public class ReferencingAuthenticator extends Authenticator {
             }
         }
     }
+
     private void remove() {
         try {
             for (final Field f : Authenticator.class.getDeclaredFields()) {
                 if (f.getType().equals(Authenticator.class)) {
                     try {
                         f.setAccessible(true);
-                        Authenticator o = (Authenticator)f.get(null);
+                        Authenticator o = (Authenticator) f.get(null);
                         if (o == this) {
                             //this is at the root of any chain of authenticators
                             Authenticator.setDefault(wrapped);
@@ -100,13 +103,14 @@ public class ReferencingAuthenticator extends Authenticator {
             //ignore
         }
     }
+
     private void removeFromChain(Authenticator a) {
         try {
             if (a.getClass().getName().equals(ReferencingAuthenticator.class.getName())) {
                 //multiple referencing authenticators, we can remove ourself
                 Field f2 = a.getClass().getDeclaredField("wrapped");
                 f2.setAccessible(true);
-                Authenticator a2 = (Authenticator)f2.get(a);
+                Authenticator a2 = (Authenticator) f2.get(a);
                 if (a2 == this) {
                     f2.set(a, wrapped);
                 } else {
@@ -122,15 +126,41 @@ public class ReferencingAuthenticator extends Authenticator {
         if (a == null) {
             return null;
         }
-        for (final Field f : ReflectionUtil.getDeclaredFields(Authenticator.class)) {
+        Field[] fields = null;
+        if (SKIPCHECK) {
+            fields = Authenticator.class.getDeclaredFields();
+        } else {
+            fields = AccessController.doPrivileged(
+                    (PrivilegedAction<Field[]>) () -> Authenticator.class.getDeclaredFields());
+
+        }
+
+        for (final Field f : fields) {
             if (!Modifier.isStatic(f.getModifiers())) {
                 f.setAccessible(true);
                 Object o = f.get(this);
                 f.set(a, o);
             }
         }
-        final Method m = Authenticator.class.getDeclaredMethod("getPasswordAuthentication");
-        m.setAccessible(true);
-        return (PasswordAuthentication)m.invoke(a);
+        Method method;
+        if (SKIPCHECK) {
+            method = Authenticator.class.getDeclaredMethod("getPasswordAuthentication");
+            method.setAccessible(true);
+        } else {
+            method = AccessController.doPrivileged(
+                    (PrivilegedAction<Method>) () -> {
+                try {
+                    return Authenticator.class.getDeclaredMethod("getPasswordAuthentication");
+                } catch (NoSuchMethodException e) {
+                    throw new RuntimeException(e);
+                }
+            });
+            AccessController.doPrivileged((PrivilegedAction<Object>) () -> {
+                method.setAccessible(true);
+                return null;
+            });
+        }
+
+        return (PasswordAuthentication) method.invoke(a);
     }
 }
\ No newline at end of file