Author: dkulp Date: Fri Jan 17 21:59:51 2014 New Revision: 1559263 URL: http://svn.apache.org/r1559263 Log: Merged revisions 1559260 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/branches/2.7.x-fixes
........ r1559260 | dkulp | 2014-01-17 16:56:58 -0500 (Fri, 17 Jan 2014) | 10 lines Merged revisions 1559257 via git cherry-pick from https://svn.apache.org/repos/asf/cxf/trunk ........ r1559257 | dkulp | 2014-01-17 16:43:42 -0500 (Fri, 17 Jan 2014) | 2 lines [CXF-5442] Attempt to make sure no references are in place ........ ........ Modified: cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java Modified: cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java URL: http://svn.apache.org/viewvc/cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java?rev=1559263&r1=1559262&r2=1559263&view=diff ============================================================================== --- cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java (original) +++ cxf/branches/2.6.x-fixes/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java Fri Jan 17 21:59:51 2014 @@ -67,7 +67,13 @@ public class CXFAuthenticator extends Au } try { - ClassLoader loader = new URLClassLoader(new URL[0], ClassLoader.getSystemClassLoader()); + ClassLoader loader = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() { + public ClassLoader run() { + return new URLClassLoader(new URL[0], ClassLoader.getSystemClassLoader()); + } + }, null); + + Method m = ClassLoader.class.getDeclaredMethod("defineClass", String.class, byte[].class, Integer.TYPE, Integer.TYPE); @@ -81,10 +87,26 @@ public class CXFAuthenticator extends Au Authenticator auth = (Authenticator)cls.getConstructor(Authenticator.class, Authenticator.class) .newInstance(instance, wrapped); - Authenticator.setDefault(auth); + if (System.getSecurityManager() == null) { + Authenticator.setDefault(auth); + } else { + AccessController.doPrivileged(new PrivilegedAction<Boolean>() { + public Boolean run() { + Authenticator.setDefault(auth); + return true; + } + }); + + } + try { + //clear the acc field that can hold onto the webapp classloader + Field f = loader.getClass().getDeclaredField("acc"); + ReflectionUtil.setAccessible(f).set(loader, null); + } catch (Throwable t) { + //ignore + } } catch (Throwable t) { //ignore - t.printStackTrace(); } } }
