Author: ssteiner
Date: Tue Dec 7 08:04:15 2021
New Revision: 1895652
URL: http://svn.apache.org/viewvc?rev=1895652&view=rev
Log:
FOP-3038: Allow sections which need security permissions to be run when
AllPermission denied in caller code
Modified:
xmlgraphics/fop/trunk/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java
xmlgraphics/fop/trunk/fop-core/src/main/java/org/apache/fop/fo/FOTreeBuilder.java
xmlgraphics/fop/trunk/fop-core/src/test/java/org/apache/fop/apps/FopFactoryTestCase.java
xmlgraphics/fop/trunk/fop/lib/xmlgraphics-commons-svn-trunk.jar
Modified:
xmlgraphics/fop/trunk/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java
URL:
http://svn.apache.org/viewvc/xmlgraphics/fop/trunk/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java?rev=1895652&r1=1895651&r2=1895652&view=diff
==============================================================================
---
xmlgraphics/fop/trunk/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java
(original)
+++
xmlgraphics/fop/trunk/fop-core/src/main/java/org/apache/fop/apps/FopFactory.java
Tue Dec 7 08:04:15 2021
@@ -24,6 +24,8 @@ import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.URI;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
@@ -142,8 +144,14 @@ public final class FopFactory implements
* @param baseURI the base URI to resolve resource URIs against
* @return the requested FopFactory instance.
*/
- public static FopFactory newInstance(URI baseURI) {
- return new FopFactoryBuilder(baseURI).build();
+ public static FopFactory newInstance(final URI baseURI) {
+ return AccessController.doPrivileged(
+ new PrivilegedAction<FopFactory>() {
+ public FopFactory run() {
+ return new FopFactoryBuilder(baseURI).build();
+ }
+ }
+ );
}
/**
Modified:
xmlgraphics/fop/trunk/fop-core/src/main/java/org/apache/fop/fo/FOTreeBuilder.java
URL:
http://svn.apache.org/viewvc/xmlgraphics/fop/trunk/fop-core/src/main/java/org/apache/fop/fo/FOTreeBuilder.java?rev=1895652&r1=1895651&r2=1895652&view=diff
==============================================================================
---
xmlgraphics/fop/trunk/fop-core/src/main/java/org/apache/fop/fo/FOTreeBuilder.java
(original)
+++
xmlgraphics/fop/trunk/fop-core/src/main/java/org/apache/fop/fo/FOTreeBuilder.java
Tue Dec 7 08:04:15 2021
@@ -20,6 +20,8 @@
package org.apache.fop.fo;
import java.io.OutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.xml.sax.Attributes;
import org.xml.sax.ContentHandler;
@@ -171,23 +173,49 @@ public class FOTreeBuilder extends Defau
}
/** {@inheritDoc} */
- public void startElement(String namespaceURI, String localName, String
rawName,
- Attributes attlist) throws SAXException {
+ public void startElement(final String namespaceURI, final String
localName, final String rawName,
+ final Attributes attlist) throws SAXException {
this.depth++;
errorinstart = false;
- try {
- delegate.startElement(namespaceURI, localName, rawName, attlist);
- } catch (SAXException e) {
+ final ContentHandler contentHandler = delegate;
+ SAXException saxException = AccessController.doPrivileged(
+ new PrivilegedAction<SAXException>() {
+ public SAXException run() {
+ try {
+ contentHandler.startElement(namespaceURI, localName,
rawName, attlist);
+ } catch (SAXException e) {
+ return e;
+ }
+ return null;
+ }
+ }
+ );
+ if (saxException != null) {
errorinstart = true;
- throw e;
+ throw saxException;
}
}
/** {@inheritDoc} */
- public void endElement(String uri, String localName, String rawName)
- throws SAXException {
+ public void endElement(final String uri, final String localName, final
String rawName) throws SAXException {
if (!errorinstart) {
- this.delegate.endElement(uri, localName, rawName);
+ final ContentHandler contentHandler = delegate;
+ SAXException saxException = AccessController.doPrivileged(
+ new PrivilegedAction<SAXException>() {
+ public SAXException run() {
+ try {
+ contentHandler.endElement(uri, localName, rawName);
+ } catch (SAXException e) {
+ return e;
+ }
+ return null;
+ }
+ }
+ );
+ if (saxException != null) {
+ throw saxException;
+ }
+
this.depth--;
if (depth == 0) {
if (delegate != mainFOHandler) {
Modified:
xmlgraphics/fop/trunk/fop-core/src/test/java/org/apache/fop/apps/FopFactoryTestCase.java
URL:
http://svn.apache.org/viewvc/xmlgraphics/fop/trunk/fop-core/src/test/java/org/apache/fop/apps/FopFactoryTestCase.java?rev=1895652&r1=1895651&r2=1895652&view=diff
==============================================================================
---
xmlgraphics/fop/trunk/fop-core/src/test/java/org/apache/fop/apps/FopFactoryTestCase.java
(original)
+++
xmlgraphics/fop/trunk/fop-core/src/test/java/org/apache/fop/apps/FopFactoryTestCase.java
Tue Dec 7 08:04:15 2021
@@ -19,7 +19,18 @@
package org.apache.fop.apps;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
+import java.net.URI;
+import java.security.Permission;
+
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.sax.SAXResult;
+import javax.xml.transform.stream.StreamSource;
import org.junit.Test;
import org.xml.sax.SAXException;
@@ -63,4 +74,42 @@ public class FopFactoryTestCase extends
fail(e.getMessage());
}
}
+
+ @Test
+ public void testSecurityManager() throws Exception {
+ System.setSecurityManager(new SecurityManager() {
+ public void checkPermission(Permission perm) {
+ for (StackTraceElement element :
Thread.currentThread().getStackTrace()) {
+ if
(element.toString().contains("java.security.AccessController.doPrivileged")
+ || element.toString().contains("newFop(")
+ ||
element.toString().contains("setSecurityManager(")) {
+ return;
+ }
+ }
+ throw new RuntimeException("doPrivileged not used for " +
perm);
+ }
+ });
+ FopFactory fopFactory = FopFactory.newInstance(new URI("."));
+ ByteArrayOutputStream out = new ByteArrayOutputStream();
+ String fo = "<fo:root xmlns:fo=\"http://www.w3.org/1999/XSL/Format\"; "
+ +
"xmlns:fox=\"http://xmlgraphics.apache.org/fop/extensions\";>\n"
+ + " <fo:layout-master-set>\n"
+ + " <fo:simple-page-master master-name=\"simple\"
page-height=\"27.9cm\" page-width=\"21.6cm\">\n"
+ + " <fo:region-body />\n"
+ + " </fo:simple-page-master>\n"
+ + " </fo:layout-master-set>\n"
+ + " <fo:page-sequence master-reference=\"simple\">\n"
+ + " <fo:flow flow-name=\"xsl-region-body\">\n"
+ + " <fo:block
font-size=\"100pt\">test2test2test2test2test2test2test2test2test2test2te"
+ + "st2test2test2test2test2test2test2</fo:block> \n"
+ + "</fo:flow>\n"
+ + " </fo:page-sequence>\n"
+ + "</fo:root>\n";
+ Fop fop = fopFactory.newFop(MimeConstants.MIME_PDF,
fopFactory.newFOUserAgent(), out);
+ Transformer transformer =
TransformerFactory.newInstance().newTransformer();
+ Source src = new StreamSource(new ByteArrayInputStream(fo.getBytes()));
+ Result res = new SAXResult(fop.getDefaultHandler());
+ transformer.transform(src, res);
+ System.setSecurityManager(null);
+ }
}
Modified: xmlgraphics/fop/trunk/fop/lib/xmlgraphics-commons-svn-trunk.jar
URL:
http://svn.apache.org/viewvc/xmlgraphics/fop/trunk/fop/lib/xmlgraphics-commons-svn-trunk.jar?rev=1895652&r1=1895651&r2=1895652&view=diff
==============================================================================
Binary files - no diff available.
---------------------------------------------------------------------
To unsubscribe, e-mail: fop-commits-unsubscr...@xmlgraphics.apache.org
For additional commands, e-mail: fop-commits-h...@xmlgraphics.apache.org
