s1monw commented on a change in pull request #135: Execute
Socken[Channel]#connect under doPrivileged
URL:
https://github.com/apache/httpcomponents-core/pull/135#discussion_r312060428
##########
File path:
httpcore5/src/main/java/org/apache/hc/core5/http/impl/bootstrap/HttpRequester.java
##########
@@ -261,7 +264,20 @@ private Socket createSocket(final HttpHost targetHost)
throws IOException {
}
final InetSocketAddress targetAddress =
addressResolver.resolve(targetHost);
- sock.connect(targetAddress,
socketConfig.getSoTimeout().toMillisIntBound());
+ // Run this under a doPrivileged to support lib users that run under a
SecurityManager this allows granting connect permissions
+ // only to this library
+ try {
+ AccessController.doPrivileged(new
PrivilegedExceptionAction<Object>() {
+ @Override
+ public Object run() throws IOException {
+ sock.connect(targetAddress,
socketConfig.getSoTimeout().toMillisIntBound());
+ return null;
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ // only checked exceptions are wrapped - error and RTExceptions
are rethrown by doPrivileged
+ throw (IOException) e.getCause();
Review comment:
can we add an assertion instead? It seems like a broken behavior and should
be fatal? WDYT?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
