Author: timothyjward
Date: Thu Feb 10 16:36:55 2011
New Revision: 1069458
URL: http://svn.apache.org/viewvc?rev=1069458&view=rev
Log:
ARIES-568: Fix up Java 2 Security problem for field injection introduced in
#1067234
Modified:
aries/trunk/blueprint/blueprint-core/src/main/java/org/apache/aries/blueprint/utils/ReflectionUtils.java
Modified:
aries/trunk/blueprint/blueprint-core/src/main/java/org/apache/aries/blueprint/utils/ReflectionUtils.java
URL:
http://svn.apache.org/viewvc/aries/trunk/blueprint/blueprint-core/src/main/java/org/apache/aries/blueprint/utils/ReflectionUtils.java?rev=1069458&r1=1069457&r2=1069458&view=diff
==============================================================================
---
aries/trunk/blueprint/blueprint-core/src/main/java/org/apache/aries/blueprint/utils/ReflectionUtils.java
(original)
+++
aries/trunk/blueprint/blueprint-core/src/main/java/org/apache/aries/blueprint/utils/ReflectionUtils.java
Thu Feb 10 16:36:55 2011
@@ -414,19 +414,21 @@ public class ReflectionUtils {
}
protected void internalSet(final ExtendedBlueprintContainer container,
final Object instance, final Object value) throws Exception {
- if (useContainersPermission(container)) {
- try {
- AccessController.doPrivileged(new
PrivilegedExceptionAction<Object>() {
- public Object run() throws Exception {
- doInternalSet(container, instance, value);
- return null;
- }
- });
- } catch (PrivilegedActionException pae) {
- throw pae.getException();
+ try {
+ Boolean wasSet = AccessController.doPrivileged(new
PrivilegedExceptionAction<Boolean>() {
+ public Boolean run() throws Exception {
+ if (useContainersPermission(container)) {
+ doInternalSet(container, instance, value);
+ return Boolean.TRUE;
+ }
+ return Boolean.FALSE;
+ }
+ });
+ if(!!!wasSet) {
+ doInternalSet(container, instance, value);
}
- } else {
- doInternalSet(container, instance, value);
+ } catch (PrivilegedActionException pae) {
+ throw pae.getException();
}
}
