myfaces-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mconc...@apache.org
Subject svn commit: r814741 - in /myfaces/core/trunk/api/src/main/java/javax/faces: ./ component/ convert/ validator/ webapp/
Date Mon, 14 Sep 2009 17:23:11 GMT
Author: mconcini
Date: Mon Sep 14 17:23:10 2009
New Revision: 814741

URL: http://svn.apache.org/viewvc?rev=814741&view=rev
Log:
MYFACES-2354 - update API classes with better handling of java2 security.

Modified:
    myfaces/core/trunk/api/src/main/java/javax/faces/FactoryFinder.java
    myfaces/core/trunk/api/src/main/java/javax/faces/component/UIComponent.java
    myfaces/core/trunk/api/src/main/java/javax/faces/component/_ClassUtils.java
    myfaces/core/trunk/api/src/main/java/javax/faces/component/_MessageUtils.java
    myfaces/core/trunk/api/src/main/java/javax/faces/component/_MethodBindingToListener.java
    myfaces/core/trunk/api/src/main/java/javax/faces/convert/_MessageUtils.java
    myfaces/core/trunk/api/src/main/java/javax/faces/validator/_MessageUtils.java
    myfaces/core/trunk/api/src/main/java/javax/faces/webapp/_ErrorPageWriter.java

Modified: myfaces/core/trunk/api/src/main/java/javax/faces/FactoryFinder.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/api/src/main/java/javax/faces/FactoryFinder.java?rev=814741&r1=814740&r2=814741&view=diff
==============================================================================
--- myfaces/core/trunk/api/src/main/java/javax/faces/FactoryFinder.java (original)
+++ myfaces/core/trunk/api/src/main/java/javax/faces/FactoryFinder.java Mon Sep 14 17:23:10
2009
@@ -20,6 +20,7 @@
 
 import java.lang.reflect.Constructor;
 import java.lang.reflect.InvocationTargetException;
+import java.security.AccessController;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -358,7 +359,18 @@
     {
         try
         {
-            ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
+            ClassLoader classLoader = null;
+            if (System.getSecurityManager() != null) {                
+                classLoader = (ClassLoader) AccessController.doPrivileged(new java.security.PrivilegedExceptionAction()
{
+                    public Object run() {
+                        return Thread.currentThread().getContextClassLoader();
+                    }
+                });
+            }
+            else {
+                classLoader = Thread.currentThread().getContextClassLoader();
+            }
+            
             if (classLoader == null)
             {
                 throw new FacesException("web application class loader cannot be identified",
null);

Modified: myfaces/core/trunk/api/src/main/java/javax/faces/component/UIComponent.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/api/src/main/java/javax/faces/component/UIComponent.java?rev=814741&r1=814740&r2=814741&view=diff
==============================================================================
--- myfaces/core/trunk/api/src/main/java/javax/faces/component/UIComponent.java (original)
+++ myfaces/core/trunk/api/src/main/java/javax/faces/component/UIComponent.java Mon Sep 14
17:23:10 2009
@@ -430,7 +430,7 @@
         if (_resourceBundleMap == null) {
             FacesContext context = getFacesContext();
             Locale locale = context.getViewRoot().getLocale();
-            ClassLoader loader = Thread.currentThread().getContextClassLoader();
+            ClassLoader loader = _ClassUtils.getContextClassLoader();
 
             try {
                 // looks for a ResourceBundle with a base name equal to the fully qualified
class

Modified: myfaces/core/trunk/api/src/main/java/javax/faces/component/_ClassUtils.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/api/src/main/java/javax/faces/component/_ClassUtils.java?rev=814741&r1=814740&r2=814741&view=diff
==============================================================================
--- myfaces/core/trunk/api/src/main/java/javax/faces/component/_ClassUtils.java (original)
+++ myfaces/core/trunk/api/src/main/java/javax/faces/component/_ClassUtils.java Mon Sep 14
17:23:10 2009
@@ -22,6 +22,9 @@
 import java.io.InputStream;
 import java.lang.reflect.Array;
 import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Enumeration;
@@ -137,7 +140,7 @@
         {
             // Try WebApp ClassLoader first
             return Class.forName(type, false, // do not initialize for faster startup
-                Thread.currentThread().getContextClassLoader());
+                getContextClassLoader());
         }
         catch (ClassNotFoundException ignore)
         {
@@ -231,7 +234,7 @@
 
     public static InputStream getResourceAsStream(String resource)
     {
-        InputStream stream = Thread.currentThread().getContextClassLoader().getResourceAsStream(resource);
+        InputStream stream = getContextClassLoader().getResourceAsStream(resource);
         if (stream == null)
         {
             // fallback
@@ -351,11 +354,35 @@
      */
     protected static ClassLoader getCurrentLoader(Object defaultObject)
     {
-        ClassLoader loader = Thread.currentThread().getContextClassLoader();
+        ClassLoader loader = getContextClassLoader();
+        
         if (loader == null)
         {
             loader = defaultObject.getClass().getClassLoader();
         }
         return loader;
     }
-}
+    
+    /**
+     * Gets the ClassLoader associated with the current thread. Returns the class loader
associated with the specified
+     * default object if no context loader is associated with the current thread.
+     * 
+     * @return ClassLoader
+     */
+    protected static ClassLoader getContextClassLoader(){
+        if (System.getSecurityManager() != null) {
+            try {
+                Object cl = AccessController.doPrivileged(new PrivilegedExceptionAction()
{
+                            public Object run() throws PrivilegedActionException {
+                                return Thread.currentThread().getContextClassLoader();
+                            }
+                        });
+                return (ClassLoader) cl;
+            } catch (PrivilegedActionException pae) {
+                throw new FacesException(pae);
+            }
+        }else{
+            return Thread.currentThread().getContextClassLoader();
+        }
+    }   
+}
\ No newline at end of file

Modified: myfaces/core/trunk/api/src/main/java/javax/faces/component/_MessageUtils.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/api/src/main/java/javax/faces/component/_MessageUtils.java?rev=814741&r1=814740&r2=814741&view=diff
==============================================================================
--- myfaces/core/trunk/api/src/main/java/javax/faces/component/_MessageUtils.java (original)
+++ myfaces/core/trunk/api/src/main/java/javax/faces/component/_MessageUtils.java Mon Sep
14 17:23:10 2009
@@ -154,7 +154,7 @@
                 try
                 {
                     // Last resort is the context class loader
-                    return ResourceBundle.getBundle(bundleName, locale, Thread.currentThread().getContextClassLoader());
+                    return ResourceBundle.getBundle(bundleName, locale, _ClassUtils.getContextClassLoader());
                 }
                 catch (MissingResourceException damned)
                 {

Modified: myfaces/core/trunk/api/src/main/java/javax/faces/component/_MethodBindingToListener.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/api/src/main/java/javax/faces/component/_MethodBindingToListener.java?rev=814741&r1=814740&r2=814741&view=diff
==============================================================================
--- myfaces/core/trunk/api/src/main/java/javax/faces/component/_MethodBindingToListener.java
(original)
+++ myfaces/core/trunk/api/src/main/java/javax/faces/component/_MethodBindingToListener.java
Mon Sep 14 17:23:10 2009
@@ -74,8 +74,7 @@
     public void restoreState(FacesContext context, Object state) {
         Object[] stateArray = (Object[])state;
         try {
-            methodBinding = (MethodBinding)Thread.currentThread()
-                                                 .getContextClassLoader()
+            methodBinding = (MethodBinding)_ClassUtils.getContextClassLoader()
                                                  .loadClass((String)stateArray[0])
                                                  .newInstance();
         } catch (Exception e) {

Modified: myfaces/core/trunk/api/src/main/java/javax/faces/convert/_MessageUtils.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/api/src/main/java/javax/faces/convert/_MessageUtils.java?rev=814741&r1=814740&r2=814741&view=diff
==============================================================================
--- myfaces/core/trunk/api/src/main/java/javax/faces/convert/_MessageUtils.java (original)
+++ myfaces/core/trunk/api/src/main/java/javax/faces/convert/_MessageUtils.java Mon Sep 14
17:23:10 2009
@@ -19,10 +19,14 @@
 package javax.faces.convert;
 
 import javax.el.ValueExpression;
+import javax.faces.FacesException;
 import javax.faces.application.FacesMessage;
 import javax.faces.component.UIComponent;
 import javax.faces.context.FacesContext;
 
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.text.MessageFormat;
 import java.util.Locale;
 import java.util.MissingResourceException;
@@ -136,15 +140,15 @@
     }
 
     private static ResourceBundle getBundle(FacesContext facesContext,
-                                            Locale locale,
-                                            String bundleName)
+            Locale locale,
+            String bundleName)
     {
         try
         {
             //First we try the JSF implementation class loader
             return ResourceBundle.getBundle(bundleName,
-                                            locale,
-                                            facesContext.getClass().getClassLoader());
+                    locale,
+                    facesContext.getClass().getClassLoader());
         }
         catch (MissingResourceException ignore1)
         {
@@ -152,24 +156,32 @@
             {
                 //Next we try the JSF API class loader
                 return ResourceBundle.getBundle(bundleName,
-                                                locale,
-                                                _MessageUtils.class.getClassLoader());
+                        locale,
+                        _MessageUtils.class.getClassLoader());
             }
             catch (MissingResourceException ignore2)
             {
                 try
                 {
                     //Last resort is the context class loader
-                    return ResourceBundle.getBundle(bundleName,
-                                                    locale,
-                                                    Thread.currentThread().getContextClassLoader());
-                }
-                catch (MissingResourceException damned)
-                {
+                    if (System.getSecurityManager() != null) {
+                        Object cl = AccessController.doPrivileged(new PrivilegedExceptionAction()
{
+                            public Object run() throws PrivilegedActionException {
+                                return Thread.currentThread().getContextClassLoader();
+                            }
+                        });
+                        return ResourceBundle.getBundle(bundleName,locale,(ClassLoader)cl);
+
+                    }else{
+                        return ResourceBundle.getBundle(bundleName,locale, Thread.currentThread().getContextClassLoader());

+                    }                   
+                }catch(PrivilegedActionException pae){
+                    throw new FacesException(pae);
+                }catch (MissingResourceException damned){
                     facesContext.getExternalContext().log("resource bundle " + bundleName
+ " could not be found");
                     return null;
                 }
-            }
+            }             
         }
     }
     

Modified: myfaces/core/trunk/api/src/main/java/javax/faces/validator/_MessageUtils.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/api/src/main/java/javax/faces/validator/_MessageUtils.java?rev=814741&r1=814740&r2=814741&view=diff
==============================================================================
--- myfaces/core/trunk/api/src/main/java/javax/faces/validator/_MessageUtils.java (original)
+++ myfaces/core/trunk/api/src/main/java/javax/faces/validator/_MessageUtils.java Mon Sep
14 17:23:10 2009
@@ -18,12 +18,16 @@
  */
 package javax.faces.validator;
 
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.text.MessageFormat;
 import java.util.Locale;
 import java.util.MissingResourceException;
 import java.util.ResourceBundle;
 
 import javax.el.ValueExpression;
+import javax.faces.FacesException;
 import javax.faces.application.FacesMessage;
 import javax.faces.component.UIComponent;
 import javax.faces.context.FacesContext;
@@ -142,15 +146,15 @@
     }
 
     private static ResourceBundle getBundle(FacesContext facesContext,
-                                            Locale locale,
-                                            String bundleName)
+            Locale locale,
+            String bundleName)
     {
         try
         {
             //First we try the JSF implementation class loader
             return ResourceBundle.getBundle(bundleName,
-                                            locale,
-                                            facesContext.getClass().getClassLoader());
+                    locale,
+                    facesContext.getClass().getClassLoader());
         }
         catch (MissingResourceException ignore1)
         {
@@ -158,20 +162,28 @@
             {
                 //Next we try the JSF API class loader
                 return ResourceBundle.getBundle(bundleName,
-                                                locale,
-                                                _MessageUtils.class.getClassLoader());
+                        locale,
+                        _MessageUtils.class.getClassLoader());
             }
             catch (MissingResourceException ignore2)
             {
                 try
                 {
                     //Last resort is the context class loader
-                    return ResourceBundle.getBundle(bundleName,
-                                                    locale,
-                                                    Thread.currentThread().getContextClassLoader());
-                }
-                catch (MissingResourceException damned)
-                {
+                    if (System.getSecurityManager() != null) {
+                        Object cl = AccessController.doPrivileged(new PrivilegedExceptionAction()
{
+                            public Object run() throws PrivilegedActionException {
+                                return Thread.currentThread().getContextClassLoader();
+                            }
+                        });
+                        return ResourceBundle.getBundle(bundleName,locale,(ClassLoader)cl);
+
+                    }else{
+                        return ResourceBundle.getBundle(bundleName,locale, Thread.currentThread().getContextClassLoader());

+                    }                   
+                }catch(PrivilegedActionException pae){
+                    throw new FacesException(pae);
+                }catch (MissingResourceException damned){
                     facesContext.getExternalContext().log("resource bundle " + bundleName
+ " could not be found");
                     return null;
                 }

Modified: myfaces/core/trunk/api/src/main/java/javax/faces/webapp/_ErrorPageWriter.java
URL: http://svn.apache.org/viewvc/myfaces/core/trunk/api/src/main/java/javax/faces/webapp/_ErrorPageWriter.java?rev=814741&r1=814740&r2=814741&view=diff
==============================================================================
--- myfaces/core/trunk/api/src/main/java/javax/faces/webapp/_ErrorPageWriter.java (original)
+++ myfaces/core/trunk/api/src/main/java/javax/faces/webapp/_ErrorPageWriter.java Mon Sep
14 17:23:10 2009
@@ -21,6 +21,7 @@
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 
+import javax.faces.FacesException;
 import javax.faces.context.FacesContext;
 import javax.faces.context.ExternalContext;
 import javax.faces.component.UIComponent;
@@ -33,6 +34,9 @@
 import java.beans.PropertyDescriptor;
 import java.io.*;
 import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.text.DateFormat;
 import java.util.*;
 import java.util.regex.Pattern;
@@ -102,7 +106,23 @@
 
     private static String[] splitTemplate(String rsc) throws IOException
     {
-        InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(rsc);
+        InputStream is = null;
+
+        if(System.getSecurityManager()!=null){
+            try{
+                Object cl = AccessController.doPrivileged(new PrivilegedExceptionAction()
{
+                    public Object run() throws PrivilegedActionException {
+                        return Thread.currentThread().getContextClassLoader();
+                    }
+                });
+                is = ((ClassLoader)cl).getResourceAsStream(rsc);
+            }catch(PrivilegedActionException pae){
+                throw new FacesException(pae);
+            }
+        }else{
+            is = Thread.currentThread().getContextClassLoader().getResourceAsStream(rsc);
+        }
+
         if (is == null)
         {
             throw new FileNotFoundException(rsc);



Mime
View raw message