You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@aries.apache.org by ti...@apache.org on 2011/02/10 17:36:55 UTC

svn commit: r1069458 - /aries/trunk/blueprint/blueprint-core/src/main/java/org/apache/aries/blueprint/utils/ReflectionUtils.java

Author: timothyjward
Date: Thu Feb 10 16:36:55 2011
New Revision: 1069458

URL: http://svn.apache.org/viewvc?rev=1069458&view=rev
Log:
ARIES-568: Fix up Java 2 Security problem for field injection introduced in #1067234

Modified:
    aries/trunk/blueprint/blueprint-core/src/main/java/org/apache/aries/blueprint/utils/ReflectionUtils.java

Modified: aries/trunk/blueprint/blueprint-core/src/main/java/org/apache/aries/blueprint/utils/ReflectionUtils.java
URL: http://svn.apache.org/viewvc/aries/trunk/blueprint/blueprint-core/src/main/java/org/apache/aries/blueprint/utils/ReflectionUtils.java?rev=1069458&r1=1069457&r2=1069458&view=diff
==============================================================================
--- aries/trunk/blueprint/blueprint-core/src/main/java/org/apache/aries/blueprint/utils/ReflectionUtils.java (original)
+++ aries/trunk/blueprint/blueprint-core/src/main/java/org/apache/aries/blueprint/utils/ReflectionUtils.java Thu Feb 10 16:36:55 2011
@@ -414,19 +414,21 @@ public class ReflectionUtils {
         }
 
         protected void internalSet(final ExtendedBlueprintContainer container, final Object instance, final Object value) throws Exception {
-            if (useContainersPermission(container)) {
-                try {
-                    AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
-                        public Object run() throws Exception {
-                            doInternalSet(container, instance, value);
-                            return null;
-                        }                        
-                    });
-                } catch (PrivilegedActionException pae) {
-                    throw pae.getException();
+            try {
+                Boolean wasSet = AccessController.doPrivileged(new PrivilegedExceptionAction<Boolean>() {
+                    public Boolean run() throws Exception {
+                      if (useContainersPermission(container)) {
+                        doInternalSet(container, instance, value);
+                        return Boolean.TRUE;
+                      }
+                      return Boolean.FALSE;
+                    }                        
+                });
+                if(!!!wasSet) {
+                  doInternalSet(container, instance, value);
                 }
-            } else {
-                doInternalSet(container, instance, value);
+            } catch (PrivilegedActionException pae) {
+                throw pae.getException();
             }
         }