[deltaspike] branch master updated: DELTASPIKE-1386 check SecurityAccess when accessing user home dir

Tue, 15 Oct 2019 12:56:00 -0700 

This is an automated email from the ASF dual-hosted git repository.

struberg pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/deltaspike.git


The following commit(s) were added to refs/heads/master by this push:
     new 0eff953  DELTASPIKE-1386 check SecurityAccess when accessing user home 
dir
0eff953 is described below

commit 0eff953a7e5a4df01ab8ded7a1737fd9278178a3
Author: Mark Struberg <[email protected]>
AuthorDate: Tue Oct 15 21:54:28 2019 +0200

    DELTASPIKE-1386 check SecurityAccess when accessing user home dir
    
    txs to Thomas Frühbeck for the report!
---
 .../impl/config/DefaultConfigSourceProvider.java   | 27 ++++++++++++++--------
 1 file changed, 17 insertions(+), 10 deletions(-)

diff --git 
a/deltaspike/core/impl/src/main/java/org/apache/deltaspike/core/impl/config/DefaultConfigSourceProvider.java
 
b/deltaspike/core/impl/src/main/java/org/apache/deltaspike/core/impl/config/DefaultConfigSourceProvider.java
index fa80e54..3f43c74 100644
--- 
a/deltaspike/core/impl/src/main/java/org/apache/deltaspike/core/impl/config/DefaultConfigSourceProvider.java
+++ 
b/deltaspike/core/impl/src/main/java/org/apache/deltaspike/core/impl/config/DefaultConfigSourceProvider.java
@@ -78,19 +78,26 @@ public class DefaultConfigSourceProvider implements 
ConfigSourceProvider
         if (userHome != null && !userHome.isEmpty())
         {
             File dsHome = new File(userHome, PROPERTY_FILE_HOME_NAME);
-            if (dsHome.exists())
+            try
             {
-                try
+                if (dsHome.exists())
                 {
-                    ConfigSource dsHomeConfigSource = new 
PropertyFileConfigSource(dsHome.toURI().toURL());
-                    configSources.add(dsHomeConfigSource);
-                    LOG.log(Level.INFO, "Reading configuration from {}", 
dsHome.getAbsolutePath());
-                }
-                catch (MalformedURLException e)
-                {
-                    LOG.log(Level.WARNING, "Could not read configuration from 
" + dsHome.getAbsolutePath(), e);
-                }
+                    try
+                    {
+                        ConfigSource dsHomeConfigSource = new 
PropertyFileConfigSource(dsHome.toURI().toURL());
+                        configSources.add(dsHomeConfigSource);
+                        LOG.log(Level.INFO, "Reading configuration from {}", 
dsHome.getAbsolutePath());
+                    }
+                    catch (MalformedURLException e)
+                    {
+                        LOG.log(Level.WARNING, "Could not read configuration 
from " + dsHome.getAbsolutePath(), e);
+                    }
 
+                }
+            }
+            catch (SecurityException se)
+            {
+                LOG.log(Level.INFO, "Not allowed to check if directory {} 
exists", dsHome.getPath());
             }
         }
     }

Reply via email to