You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@deltaspike.apache.org by st...@apache.org on 2019/10/15 19:55:35 UTC

[deltaspike] branch master updated: DELTASPIKE-1386 check SecurityAccess when accessing user home dir

This is an automated email from the ASF dual-hosted git repository.

struberg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/deltaspike.git


The following commit(s) were added to refs/heads/master by this push:
     new 0eff953  DELTASPIKE-1386 check SecurityAccess when accessing user home dir
0eff953 is described below

commit 0eff953a7e5a4df01ab8ded7a1737fd9278178a3
Author: Mark Struberg <st...@apache.org>
AuthorDate: Tue Oct 15 21:54:28 2019 +0200

    DELTASPIKE-1386 check SecurityAccess when accessing user home dir
    
    txs to Thomas Frühbeck for the report!
---
 .../impl/config/DefaultConfigSourceProvider.java   | 27 ++++++++++++++--------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git a/deltaspike/core/impl/src/main/java/org/apache/deltaspike/core/impl/config/DefaultConfigSourceProvider.java b/deltaspike/core/impl/src/main/java/org/apache/deltaspike/core/impl/config/DefaultConfigSourceProvider.java
index fa80e54..3f43c74 100644
--- a/deltaspike/core/impl/src/main/java/org/apache/deltaspike/core/impl/config/DefaultConfigSourceProvider.java
+++ b/deltaspike/core/impl/src/main/java/org/apache/deltaspike/core/impl/config/DefaultConfigSourceProvider.java
@@ -78,19 +78,26 @@ public class DefaultConfigSourceProvider implements ConfigSourceProvider
         if (userHome != null && !userHome.isEmpty())
         {
             File dsHome = new File(userHome, PROPERTY_FILE_HOME_NAME);
-            if (dsHome.exists())
+            try
             {
-                try
+                if (dsHome.exists())
                 {
-                    ConfigSource dsHomeConfigSource = new PropertyFileConfigSource(dsHome.toURI().toURL());
-                    configSources.add(dsHomeConfigSource);
-                    LOG.log(Level.INFO, "Reading configuration from {}", dsHome.getAbsolutePath());
-                }
-                catch (MalformedURLException e)
-                {
-                    LOG.log(Level.WARNING, "Could not read configuration from " + dsHome.getAbsolutePath(), e);
-                }
+                    try
+                    {
+                        ConfigSource dsHomeConfigSource = new PropertyFileConfigSource(dsHome.toURI().toURL());
+                        configSources.add(dsHomeConfigSource);
+                        LOG.log(Level.INFO, "Reading configuration from {}", dsHome.getAbsolutePath());
+                    }
+                    catch (MalformedURLException e)
+                    {
+                        LOG.log(Level.WARNING, "Could not read configuration from " + dsHome.getAbsolutePath(), e);
+                    }
 
+                }
+            }
+            catch (SecurityException se)
+            {
+                LOG.log(Level.INFO, "Not allowed to check if directory {} exists", dsHome.getPath());
             }
         }
     }