You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@xalan.apache.org by mk...@apache.org on 2002/11/25 19:04:51 UTC
cvs commit: xml-xalan/java/src/org/apache/xalan/templates OutputProperties.java
mkwan 2002/11/25 10:04:51
Modified: java/src/org/apache/xalan/templates OutputProperties.java
Log:
Commit Ramesh Mandava's (ramesh.mandava@sun.com) patch to allow xalan to read
property files without opening upcontainer permissions when Xalan is used as
part of a secure container, such as J2EE RI.
The change makes use of the PrivilegedAction interface in JDK 1.2+. It was
written with JDK 1.1.8 compatibility in mind so that it will do the same
thing as before in JDK 1.1.8.
Revision Changes Path
1.23 +61 -7 xml-xalan/java/src/org/apache/xalan/templates/OutputProperties.java
Index: OutputProperties.java
===================================================================
RCS file: /home/cvs/xml-xalan/java/src/org/apache/xalan/templates/OutputProperties.java,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -r1.22 -r1.23
--- OutputProperties.java 3 Oct 2002 19:08:44 -0000 1.22
+++ OutputProperties.java 25 Nov 2002 18:04:51 -0000 1.23
@@ -189,7 +189,7 @@
* @param resourceName non-null reference to resource name.
* @param defaults Default properties, which may be null.
*/
- static private Properties loadPropertiesFile(String resourceName, Properties defaults)
+ static private Properties loadPropertiesFile(final String resourceName, Properties defaults)
throws IOException
{
@@ -201,19 +201,73 @@
InputStream is = null;
BufferedInputStream bis = null;
+ Class accessControllerClass = null;
try {
try {
- java.lang.reflect.Method getCCL = Thread.class.getMethod("getContextClassLoader", NO_CLASSES);
- if (getCCL != null) {
- ClassLoader contextClassLoader = (ClassLoader) getCCL.invoke(Thread.currentThread(), NO_OBJS);
- is = contextClassLoader.getResourceAsStream("org/apache/xalan/templates/" + resourceName);
- }
+ try {
+
+ // This Class was introduced in JDK 1.2. With the re-architecture of
+ // security mechanism ( starting in JDK 1.2 ), we have option of
+ // giving privileges to certain part of code using doPrivileged block.
+ // In JDK1.1.X applications won't be having security manager and if
+ // there is security manager ( in applets ), code need to be signed
+ // and trusted for having access to resources.
+
+ accessControllerClass=Class.forName("java.security.AccessController");
+
+ // If we are here means user is using JDK >= 1.2.
+ // Using doPrivileged to be able to read property file without opening
+ // up secured container permissions like J2EE container
+
+ is =(InputStream)java.security.AccessController.doPrivileged (
+ new java.security.PrivilegedAction() {
+
+ public Object run() {
+ try {
+ java.lang.reflect.Method getCCL = Thread.class.getMethod(
+ "getContextClassLoader", NO_CLASSES);
+ if (getCCL != null) {
+ ClassLoader contextClassLoader = (ClassLoader)
+ getCCL.invoke(Thread.currentThread(), NO_OBJS);
+ return ( contextClassLoader.getResourceAsStream (
+ "org/apache/xalan/templates/" + resourceName) );
+ }
+ } catch ( Exception e ) { }
+
+ return null;
+
+ }
+ });
+ } catch ( ClassNotFoundException e ) {
+ //User may be using older JDK ( JDK <1.2 ). Allow him/her to use it.
+ // But don't try to use doPrivileged
+ try {
+ java.lang.reflect.Method getCCL = Thread.class.getMethod(
+ "getContextClassLoader", NO_CLASSES);
+ if (getCCL != null) {
+ ClassLoader contextClassLoader = (ClassLoader)
+ getCCL.invoke(Thread.currentThread(), NO_OBJS);
+ is = contextClassLoader.getResourceAsStream (
+ "org/apache/xalan/templates/" + resourceName );
+ }
+ } catch ( Exception exception ) { }
+ }
}
catch (Exception e) {}
if ( is == null ) {
- is = OutputProperties.class.getResourceAsStream(resourceName);
+ if ( accessControllerClass != null ) {
+ is=(InputStream)java.security.AccessController.doPrivileged(
+ new java.security.PrivilegedAction(){
+ public Object run() {
+ return OutputProperties.class.getResourceAsStream(resourceName);
+ }
+ });
+ } else {
+ // User may be using older JDK ( JDK < 1.2 )
+ is = OutputProperties.class.getResourceAsStream(resourceName);
+ }
}
bis = new BufferedInputStream(is);
---------------------------------------------------------------------
To unsubscribe, e-mail: xalan-cvs-unsubscribe@xml.apache.org
For additional commands, e-mail: xalan-cvs-help@xml.apache.org