commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From skitch...@apache.org
Subject svn commit: r424066 - /jakarta/commons/proper/logging/trunk/src/java/org/apache/commons/logging/impl/LogFactoryImpl.java
Date Thu, 20 Jul 2006 21:08:49 GMT
Author: skitching
Date: Thu Jul 20 14:08:49 2006
New Revision: 424066

URL: http://svn.apache.org/viewvc?rev=424066&view=rev
Log:
* Add method getSystemProperty which fetches system properties using an AccessController,
so they are accessable by a trusted JCL lib called from untrusted code.
* Add method getContextClassLoaderInternal to fetch context classloader using an
AccessController, as the parent LogFactory class no longer exposes this (restricted)
object for any subclass to access.

Modified:
    jakarta/commons/proper/logging/trunk/src/java/org/apache/commons/logging/impl/LogFactoryImpl.java

Modified: jakarta/commons/proper/logging/trunk/src/java/org/apache/commons/logging/impl/LogFactoryImpl.java
URL: http://svn.apache.org/viewvc/jakarta/commons/proper/logging/trunk/src/java/org/apache/commons/logging/impl/LogFactoryImpl.java?rev=424066&r1=424065&r2=424066&view=diff
==============================================================================
--- jakarta/commons/proper/logging/trunk/src/java/org/apache/commons/logging/impl/LogFactoryImpl.java
(original)
+++ jakarta/commons/proper/logging/trunk/src/java/org/apache/commons/logging/impl/LogFactoryImpl.java
Thu Jul 20 14:08:49 2006
@@ -21,6 +21,8 @@
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.Enumeration;
 import java.util.Hashtable;
 import java.util.Vector;
@@ -639,6 +641,53 @@
     //  ------------------------------------------------------ Private Methods
     
     /**
+     * Calls LogFactory.directGetContextClassLoader under the control of an
+     * AccessController class. This means that java code running under a
+     * security manager that forbids access to ClassLoaders will still work
+     * if this class is given appropriate privileges, even when the caller
+     * doesn't have such privileges. Without using an AccessController, the
+     * the entire call stack must have the privilege before the call is
+     * allowed.
+     *  
+     * @return the context classloader associated with the current thread,
+     * or null if security doesn't allow it.
+     * 
+     * @throws LogConfigurationException if there was some weird error while
+     * attempting to get the context classloader.
+     * 
+     * @throws SecurityException if the current java security policy doesn't
+     * allow this class to access the context classloader.
+     */
+    private static ClassLoader getContextClassLoaderInternal()
+    throws LogConfigurationException {
+        return (ClassLoader)AccessController.doPrivileged(
+            new PrivilegedAction() {
+                public Object run() {
+                    return LogFactory.directGetContextClassLoader();
+                }
+            });
+    }
+
+    /**
+     * Read the specified system property, using an AccessController so that 
+     * the property can be read if JCL has been granted the appropriate
+     * security rights even if the calling code has not.
+     * <p>
+     * Take care not to expose the value returned by this method to the
+     * calling application in any way; otherwise the calling app can use that
+     * info to access data that should not be available to it.
+     */
+    private static String getSystemProperty(final String key, final String def)
+    throws SecurityException {
+        return (String) AccessController.doPrivileged(
+                new PrivilegedAction() {
+                    public Object run() {
+                        return System.getProperty(key, def);
+                    }
+                });
+    }
+
+    /**
      * Utility method to check whether a particular logging library is
      * present and available for use. Note that this does <i>not</i>
      * affect the future behaviour of this class.
@@ -701,7 +750,11 @@
         }
 
         try {
-            String value = System.getProperty(property);
+            // warning: minor security hole here, in that we potentially read a system
+            // property that the caller cannot, then output it in readable form as a
+            // diagnostic message. However it's only ever JCL-specific properties
+            // involved here, so the harm is truly trivial. 
+            String value = getSystemProperty(property, null);
             if (value != null) {
                 if (isDiagnosticsEnabled()) {
                     logDiagnostic("[ENV] Found system property [" + value + "] for " + property);
@@ -901,7 +954,7 @@
                           LOG_PROPERTY + "'");
             }
             try {
-                specifiedClass = System.getProperty(LOG_PROPERTY);
+                specifiedClass = getSystemProperty(LOG_PROPERTY, null);
             } catch (SecurityException e) {
                 if (isDiagnosticsEnabled()) {
                     logDiagnostic("No access allowed to system property '" + 
@@ -916,7 +969,7 @@
                           LOG_PROPERTY_OLD + "'");
             }
             try {
-                specifiedClass = System.getProperty(LOG_PROPERTY_OLD);
+                specifiedClass = getSystemProperty(LOG_PROPERTY_OLD, null);
             } catch (SecurityException e) {
                 if (isDiagnosticsEnabled()) {
                     logDiagnostic("No access allowed to system property '" + 
@@ -1165,7 +1218,7 @@
             return thisClassLoader;
         }
 
-        ClassLoader contextClassLoader = getContextClassLoader();
+        ClassLoader contextClassLoader = getContextClassLoaderInternal();
 
         ClassLoader baseClassLoader = getLowestClassLoader(
                 contextClassLoader, thisClassLoader);



---------------------------------------------------------------------
To unsubscribe, e-mail: commons-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-dev-help@jakarta.apache.org


Mime
View raw message