JAXBContextCache.java

rfeng Thu, 12 Feb 2009 15:16:52 -0800

Author: rfeng
Date: Thu Feb 12 23:16:29 2009
New Revision: 743922

URL: http://svn.apache.org/viewvc?rev=743922&view=rev
Log:
Fix J2 security issue as reported in TUSCANY-2846


Modified:
    
tuscany/java/sca/modules/databinding-jaxb/src/main/java/org/apache/tuscany/sca/databinding/jaxb/JAXBContextCache.java

Modified: 
tuscany/java/sca/modules/databinding-jaxb/src/main/java/org/apache/tuscany/sca/databinding/jaxb/JAXBContextCache.java
URL: 
http://svn.apache.org/viewvc/tuscany/java/sca/modules/databinding-jaxb/src/main/java/org/apache/tuscany/sca/databinding/jaxb/JAXBContextCache.java?rev=743922&r1=743921&r2=743922&view=diff
==============================================================================
--- 
tuscany/java/sca/modules/databinding-jaxb/src/main/java/org/apache/tuscany/sca/databinding/jaxb/JAXBContextCache.java
 (original)
+++ 
tuscany/java/sca/modules/databinding-jaxb/src/main/java/org/apache/tuscany/sca/databinding/jaxb/JAXBContextCache.java
 Thu Feb 12 23:16:29 2009
@@ -108,9 +108,34 @@
         defaultContext = getDefaultJAXBContext();
     }
     
+    private static JAXBContext newJAXBContext(final Class<?>... 
classesToBeBound) throws JAXBException {
+        try {
+            return AccessController.doPrivileged(new 
PrivilegedExceptionAction<JAXBContext>() {
+                public JAXBContext run() throws JAXBException {
+                    return JAXBContext.newInstance(classesToBeBound);
+                }
+            });
+        } catch (PrivilegedActionException e) {
+            throw (JAXBException)e.getException();
+        }
+    }
+
+    private static JAXBContext newJAXBContext(final String contextPath, final 
ClassLoader classLoader)
+        throws JAXBException {
+        try {
+            return AccessController.doPrivileged(new 
PrivilegedExceptionAction<JAXBContext>() {
+                public JAXBContext run() throws JAXBException {
+                    return JAXBContext.newInstance(contextPath, classLoader);
+                }
+            });
+        } catch (PrivilegedActionException e) {
+            throw (JAXBException)e.getException();
+        }
+    }    
+    
     public static JAXBContext getDefaultJAXBContext() {
         try {
-            return JAXBContext.newInstance();
+            return newJAXBContext();
         } catch (JAXBException e) {
             throw new IllegalArgumentException(e);
         }
@@ -239,10 +264,10 @@
             }
 
             if (pkg != null && checkPackage(pkg.getName(), 
cls.getClassLoader())) {
-                context = JAXBContext.newInstance(pkg.getName(), 
cls.getClassLoader());
+                context = newJAXBContext(pkg.getName(), cls.getClassLoader());
                 cache.put(pkg, context);
             } else {
-                context = JAXBContext.newInstance(cls);
+                context = newJAXBContext(cls);
                 cache.put(cls, context);
             }
             return context;
@@ -288,7 +313,7 @@
             if (context != null) {
                 return context;
             }
-            context = JAXBContext.newInstance(classSet.toArray(new 
Class<?>[classSet.size()]));
+            context = newJAXBContext(classSet.toArray(new 
Class<?>[classSet.size()]));
             cache.put(classSet, context);
             return context;
         }

svn commit: r743922 - /tuscany/java/sca/modules/databinding-jaxb/src/main/java/org/apache/tuscany/sca/databinding/jaxb/JAXBContextCache.java

Reply via email to