svn commit: r1449589 - in /xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src: javax/xml/parsers/FactoryFinder.java javax/xml/transform/FactoryFinder.java org/xml/sax/helpers/NewInstance.java

[mrglavas]

Author: mrglavas
Date: Mon Feb 25 04:20:51 2013
New Revision: 1449589

URL: http://svn.apache.org/r1449589
Log:
Align JAXP API factory code with ObjectFactory classes in Xerces and Xalan 
which make explicit calls to checkPackageAccess() before loading classes.

Modified:
    
xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/javax/xml/parsers/FactoryFinder.java
    
xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/javax/xml/transform/FactoryFinder.java
    
xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/org/xml/sax/helpers/NewInstance.java

Modified: 
xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/javax/xml/parsers/FactoryFinder.java
URL: 
http://svn.apache.org/viewvc/xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/javax/xml/parsers/FactoryFinder.java?rev=1449589&r1=1449588&r2=1449589&view=diff
==============================================================================
--- 
xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/javax/xml/parsers/FactoryFinder.java
 (original)
+++ 
xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/javax/xml/parsers/FactoryFinder.java
 Mon Feb 25 04:20:51 2013
@@ -243,6 +243,16 @@ final class FactoryFinder {
         // assert(className != null);
 
         try {
+            // throw security exception if the calling thread is not allowed 
to access the package
+            // restrict the access to package as specified in java.security 
policy
+            SecurityManager security = System.getSecurityManager();
+            if (security != null) {
+                final int lastDot = className.lastIndexOf('.');
+                if (lastDot != -1) {
+                    String packageName = className.substring(0, lastDot);
+                    security.checkPackageAccess(packageName);
+                }
+            }
             Class providerClass;
             if (cl == null) {
                 // XXX Use the bootstrap ClassLoader.  There is no way to

Modified: 
xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/javax/xml/transform/FactoryFinder.java
URL: 
http://svn.apache.org/viewvc/xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/javax/xml/transform/FactoryFinder.java?rev=1449589&r1=1449588&r2=1449589&view=diff
==============================================================================
--- 
xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/javax/xml/transform/FactoryFinder.java
 (original)
+++ 
xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/javax/xml/transform/FactoryFinder.java
 Mon Feb 25 04:20:51 2013
@@ -243,6 +243,16 @@ final class FactoryFinder {
         // assert(className != null);
 
         try {
+            // throw security exception if the calling thread is not allowed 
to access the package
+            // restrict the access to package as specified in java.security 
policy
+            SecurityManager security = System.getSecurityManager();
+            if (security != null) {
+                final int lastDot = className.lastIndexOf('.');
+                if (lastDot != -1) {
+                    String packageName = className.substring(0, lastDot);
+                    security.checkPackageAccess(packageName);
+                }
+            }
             Class providerClass;
             if (cl == null) {
                 // XXX Use the bootstrap ClassLoader.  There is no way to

Modified: 
xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/org/xml/sax/helpers/NewInstance.java
URL: 
http://svn.apache.org/viewvc/xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/org/xml/sax/helpers/NewInstance.java?rev=1449589&r1=1449588&r2=1449589&view=diff
==============================================================================
--- 
xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/org/xml/sax/helpers/NewInstance.java
 (original)
+++ 
xerces/xml-commons/branches/tck-jaxp-1_2_0/java/external/src/org/xml/sax/helpers/NewInstance.java
 Mon Feb 25 04:20:51 2013
@@ -8,9 +8,6 @@
 
 package org.xml.sax.helpers;
 
-import java.lang.reflect.Method;
-import java.lang.reflect.InvocationTargetException;
-
 /**
  * Create a new instance of a class by name.
  *
@@ -54,7 +51,16 @@ class NewInstance {
         throws ClassNotFoundException, IllegalAccessException,
             InstantiationException
     {
-
+        // throw security exception if the calling thread is not allowed to 
access the package
+        // restrict the access to package as specified in java.security policy
+        SecurityManager security = System.getSecurityManager();
+        if (security != null) {
+            final int lastDot = className.lastIndexOf('.');
+            if (lastDot != -1) {
+                String packageName = className.substring(0, lastDot);
+                security.checkPackageAccess(packageName);
+            }
+        }
         Class providerClass;
         if (cl == null) {
             // XXX Use the bootstrap ClassLoader.  There is no way to



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@xerces.apache.org
For additional commands, e-mail: commits-h...@xerces.apache.org