mrglavas 2004/11/27 09:46:55
Modified: java/src/org/apache/xerces/dom SecuritySupport12.java
SecuritySupport.java
java/src/org/apache/html/dom SecuritySupport.java
SecuritySupport12.java
java/src/org/apache/xerces/parsers SecuritySupport12.java
SecuritySupport.java
java/src/org/apache/xerces/xinclude SecuritySupport.java
SecuritySupport12.java
java/src/org/apache/xml/serialize SecuritySupport12.java
SecuritySupport.java
java/src/org/apache/xerces/impl/dv SecuritySupport12.java
SecuritySupport.java
Log:
Cleaning up SecuritySupport. We no longer need both SecuritySupport and
SecuritySupport12
because Xerces now only compiles and runs on J2SE 1.2 or higher. This allows
us to tighten up
this class even more.
Revision Changes Path
1.5 +1 -1
xml-xerces/java/src/org/apache/xerces/dom/SecuritySupport12.java
Index: SecuritySupport12.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/xerces/dom/SecuritySupport12.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SecuritySupport12.java 5 Oct 2004 17:12:50 -0000 1.4
+++ SecuritySupport12.java 27 Nov 2004 17:46:54 -0000 1.5
@@ -28,7 +28,7 @@
*
* @xerces.internal
*/
-class SecuritySupport12 extends SecuritySupport {
+class SecuritySupport12 {
ClassLoader getContextClassLoader() {
return (ClassLoader)
1.5 +110 -79
xml-xerces/java/src/org/apache/xerces/dom/SecuritySupport.java
Index: SecuritySupport.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/xerces/dom/SecuritySupport.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SecuritySupport.java 5 Oct 2004 17:12:51 -0000 1.4
+++ SecuritySupport.java 27 Nov 2004 17:46:54 -0000 1.5
@@ -16,102 +16,133 @@
package org.apache.xerces.dom;
-import java.io.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
/**
- * This class is duplicated for each JAXP subpackage so keep it in sync.
- * It is package private and therefore is not exposed as part of the JAXP
- * API.
- *
- * Base class with security related methods that work on JDK 1.1.
+ * This class is duplicated for each subpackage so keep it in sync.
+ * It is package private and therefore is not exposed as part of any API.
*
* @xerces.internal
*/
-class SecuritySupport {
+final class SecuritySupport {
- /*
- * Make this of type Object so that the verifier won't try to
- * prove its type, thus possibly trying to load the SecuritySupport12
- * class.
- */
- private static final Object securitySupport;
-
- static {
- SecuritySupport ss = null;
- try {
- Class c = Class.forName("java.security.AccessController");
- // if that worked, we're on 1.2.
- /*
- // don't reference the class explicitly so it doesn't
- // get dragged in accidentally.
- c = Class.forName("javax.mail.SecuritySupport12");
- Constructor cons = c.getConstructor(new Class[] { });
- ss = (SecuritySupport)cons.newInstance(new Object[] { });
- */
- /*
- * Unfortunately, we can't load the class using reflection
- * because the class is package private. And the class has
- * to be package private so the APIs aren't exposed to other
- * code that could use them to circumvent security. Thus,
- * we accept the risk that the direct reference might fail
- * on some JDK 1.1 JVMs, even though we would never execute
- * this code in such a case. Sigh...
- */
- ss = new SecuritySupport12();
- } catch (Exception ex) {
- // ignore it
- } finally {
- if (ss == null)
- ss = new SecuritySupport();
- securitySupport = ss;
- }
- }
+ private static final SecuritySupport securitySupport = new
SecuritySupport();
/**
- * Return an appropriate instance of this class, depending on whether
- * we're on a JDK 1.1 or J2SE 1.2 (or later) system.
+ * Return an instance of this class.
*/
static SecuritySupport getInstance() {
- return (SecuritySupport)securitySupport;
+ return securitySupport;
}
ClassLoader getContextClassLoader() {
- return null;
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = Thread.currentThread().getContextClassLoader();
+ } catch (SecurityException ex) { }
+ return cl;
+ }
+ });
}
-
+
ClassLoader getSystemClassLoader() {
- return null;
- }
-
- ClassLoader getParentClassLoader(ClassLoader cl) {
- return null;
- }
-
- String getSystemProperty(String propName) {
- return System.getProperty(propName);
- }
-
- FileInputStream getFileInputStream(File file)
- throws FileNotFoundException
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = ClassLoader.getSystemClassLoader();
+ } catch (SecurityException ex) {}
+ return cl;
+ }
+ });
+ }
+
+ ClassLoader getParentClassLoader(final ClassLoader cl) {
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader parent = null;
+ try {
+ parent = cl.getParent();
+ } catch (SecurityException ex) {}
+
+ // eliminate loops in case of the boot
+ // ClassLoader returning itself as a parent
+ return (parent == cl) ? null : parent;
+ }
+ });
+ }
+
+ String getSystemProperty(final String propName) {
+ return (String)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty(propName);
+ }
+ });
+ }
+
+ FileInputStream getFileInputStream(final File file)
+ throws FileNotFoundException
{
- return new FileInputStream(file);
- }
-
- InputStream getResourceAsStream(ClassLoader cl, String name) {
- InputStream ris;
- if (cl == null) {
- ris = ClassLoader.getSystemResourceAsStream(name);
- } else {
- ris = cl.getResourceAsStream(name);
+ try {
+ return (FileInputStream)
+ AccessController.doPrivileged(new PrivilegedExceptionAction() {
+ public Object run() throws FileNotFoundException {
+ return new FileInputStream(file);
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (FileNotFoundException)e.getException();
}
- return ris;
}
-
- boolean getFileExists(File f) {
- return f.exists();
- }
-
- long getLastModified(File f) {
- return f.lastModified();
+
+ InputStream getResourceAsStream(final ClassLoader cl,
+ final String name)
+ {
+ return (InputStream)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ InputStream ris;
+ if (cl == null) {
+ ris = ClassLoader.getSystemResourceAsStream(name);
+ } else {
+ ris = cl.getResourceAsStream(name);
+ }
+ return ris;
+ }
+ });
+ }
+
+ boolean getFileExists(final File f) {
+ return ((Boolean)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Boolean(f.exists());
+ }
+ })).booleanValue();
+ }
+
+ long getLastModified(final File f) {
+ return ((Long)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Long(f.lastModified());
+ }
+ })).longValue();
}
+
+ private SecuritySupport () {}
}
1.5 +110 -79
xml-xerces/java/src/org/apache/html/dom/SecuritySupport.java
Index: SecuritySupport.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/html/dom/SecuritySupport.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SecuritySupport.java 5 Oct 2004 03:23:48 -0000 1.4
+++ SecuritySupport.java 27 Nov 2004 17:46:54 -0000 1.5
@@ -16,102 +16,133 @@
package org.apache.html.dom;
-import java.io.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
/**
- * This class is duplicated for each JAXP subpackage so keep it in sync.
- * It is package private and therefore is not exposed as part of the JAXP
- * API.
- *
- * Base class with security related methods that work on JDK 1.1.
+ * This class is duplicated for each subpackage so keep it in sync.
+ * It is package private and therefore is not exposed as part of any API.
*
* @xerces.internal
*/
-class SecuritySupport {
+final class SecuritySupport {
- /*
- * Make this of type Object so that the verifier won't try to
- * prove its type, thus possibly trying to load the SecuritySupport12
- * class.
- */
- private static final Object securitySupport;
-
- static {
- SecuritySupport ss = null;
- try {
- Class c = Class.forName("java.security.AccessController");
- // if that worked, we're on 1.2.
- /*
- // don't reference the class explicitly so it doesn't
- // get dragged in accidentally.
- c = Class.forName("javax.mail.SecuritySupport12");
- Constructor cons = c.getConstructor(new Class[] { });
- ss = (SecuritySupport)cons.newInstance(new Object[] { });
- */
- /*
- * Unfortunately, we can't load the class using reflection
- * because the class is package private. And the class has
- * to be package private so the APIs aren't exposed to other
- * code that could use them to circumvent security. Thus,
- * we accept the risk that the direct reference might fail
- * on some JDK 1.1 JVMs, even though we would never execute
- * this code in such a case. Sigh...
- */
- ss = new SecuritySupport12();
- } catch (Exception ex) {
- // ignore it
- } finally {
- if (ss == null)
- ss = new SecuritySupport();
- securitySupport = ss;
- }
- }
+ private static final SecuritySupport securitySupport = new
SecuritySupport();
/**
- * Return an appropriate instance of this class, depending on whether
- * we're on a JDK 1.1 or J2SE 1.2 (or later) system.
+ * Return an instance of this class.
*/
static SecuritySupport getInstance() {
- return (SecuritySupport)securitySupport;
+ return securitySupport;
}
ClassLoader getContextClassLoader() {
- return null;
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = Thread.currentThread().getContextClassLoader();
+ } catch (SecurityException ex) { }
+ return cl;
+ }
+ });
}
-
+
ClassLoader getSystemClassLoader() {
- return null;
- }
-
- ClassLoader getParentClassLoader(ClassLoader cl) {
- return null;
- }
-
- String getSystemProperty(String propName) {
- return System.getProperty(propName);
- }
-
- FileInputStream getFileInputStream(File file)
- throws FileNotFoundException
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = ClassLoader.getSystemClassLoader();
+ } catch (SecurityException ex) {}
+ return cl;
+ }
+ });
+ }
+
+ ClassLoader getParentClassLoader(final ClassLoader cl) {
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader parent = null;
+ try {
+ parent = cl.getParent();
+ } catch (SecurityException ex) {}
+
+ // eliminate loops in case of the boot
+ // ClassLoader returning itself as a parent
+ return (parent == cl) ? null : parent;
+ }
+ });
+ }
+
+ String getSystemProperty(final String propName) {
+ return (String)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty(propName);
+ }
+ });
+ }
+
+ FileInputStream getFileInputStream(final File file)
+ throws FileNotFoundException
{
- return new FileInputStream(file);
- }
-
- InputStream getResourceAsStream(ClassLoader cl, String name) {
- InputStream ris;
- if (cl == null) {
- ris = ClassLoader.getSystemResourceAsStream(name);
- } else {
- ris = cl.getResourceAsStream(name);
+ try {
+ return (FileInputStream)
+ AccessController.doPrivileged(new PrivilegedExceptionAction() {
+ public Object run() throws FileNotFoundException {
+ return new FileInputStream(file);
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (FileNotFoundException)e.getException();
}
- return ris;
}
-
- boolean getFileExists(File f) {
- return f.exists();
- }
-
- long getLastModified(File f) {
- return f.lastModified();
+
+ InputStream getResourceAsStream(final ClassLoader cl,
+ final String name)
+ {
+ return (InputStream)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ InputStream ris;
+ if (cl == null) {
+ ris = ClassLoader.getSystemResourceAsStream(name);
+ } else {
+ ris = cl.getResourceAsStream(name);
+ }
+ return ris;
+ }
+ });
+ }
+
+ boolean getFileExists(final File f) {
+ return ((Boolean)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Boolean(f.exists());
+ }
+ })).booleanValue();
+ }
+
+ long getLastModified(final File f) {
+ return ((Long)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Long(f.lastModified());
+ }
+ })).longValue();
}
+
+ private SecuritySupport () {}
}
1.5 +1 -1
xml-xerces/java/src/org/apache/html/dom/SecuritySupport12.java
Index: SecuritySupport12.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/html/dom/SecuritySupport12.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SecuritySupport12.java 5 Oct 2004 03:23:48 -0000 1.4
+++ SecuritySupport12.java 27 Nov 2004 17:46:54 -0000 1.5
@@ -28,7 +28,7 @@
*
* @xerces.internal
*/
-class SecuritySupport12 extends SecuritySupport {
+class SecuritySupport12 {
ClassLoader getContextClassLoader() {
return (ClassLoader)
1.4 +1 -1
xml-xerces/java/src/org/apache/xerces/parsers/SecuritySupport12.java
Index: SecuritySupport12.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/xerces/parsers/SecuritySupport12.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SecuritySupport12.java 24 Feb 2004 23:15:57 -0000 1.3
+++ SecuritySupport12.java 27 Nov 2004 17:46:54 -0000 1.4
@@ -26,7 +26,7 @@
*
* Security related methods that only work on J2SE 1.2 and newer.
*/
-class SecuritySupport12 extends SecuritySupport {
+class SecuritySupport12 {
ClassLoader getContextClassLoader() {
return (ClassLoader)
1.4 +112 -79
xml-xerces/java/src/org/apache/xerces/parsers/SecuritySupport.java
Index: SecuritySupport.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/xerces/parsers/SecuritySupport.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SecuritySupport.java 24 Feb 2004 23:15:56 -0000 1.3
+++ SecuritySupport.java 27 Nov 2004 17:46:54 -0000 1.4
@@ -16,100 +16,133 @@
package org.apache.xerces.parsers;
-import java.io.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
/**
- * This class is duplicated for each JAXP subpackage so keep it in sync.
- * It is package private and therefore is not exposed as part of the JAXP
- * API.
- *
- * Base class with security related methods that work on JDK 1.1.
+ * This class is duplicated for each subpackage so keep it in sync.
+ * It is package private and therefore is not exposed as part of any API.
+ *
+ * @xerces.internal
*/
-class SecuritySupport {
+final class SecuritySupport {
- /*
- * Make this of type Object so that the verifier won't try to
- * prove its type, thus possibly trying to load the SecuritySupport12
- * class.
- */
- private static final Object securitySupport;
-
- static {
- SecuritySupport ss = null;
- try {
- Class c = Class.forName("java.security.AccessController");
- // if that worked, we're on 1.2.
- /*
- // don't reference the class explicitly so it doesn't
- // get dragged in accidentally.
- c = Class.forName("javax.mail.SecuritySupport12");
- Constructor cons = c.getConstructor(new Class[] { });
- ss = (SecuritySupport)cons.newInstance(new Object[] { });
- */
- /*
- * Unfortunately, we can't load the class using reflection
- * because the class is package private. And the class has
- * to be package private so the APIs aren't exposed to other
- * code that could use them to circumvent security. Thus,
- * we accept the risk that the direct reference might fail
- * on some JDK 1.1 JVMs, even though we would never execute
- * this code in such a case. Sigh...
- */
- ss = new SecuritySupport12();
- } catch (Exception ex) {
- // ignore it
- } finally {
- if (ss == null)
- ss = new SecuritySupport();
- securitySupport = ss;
- }
- }
+ private static final SecuritySupport securitySupport = new
SecuritySupport();
/**
- * Return an appropriate instance of this class, depending on whether
- * we're on a JDK 1.1 or J2SE 1.2 (or later) system.
+ * Return an instance of this class.
*/
static SecuritySupport getInstance() {
- return (SecuritySupport)securitySupport;
+ return securitySupport;
}
ClassLoader getContextClassLoader() {
- return null;
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = Thread.currentThread().getContextClassLoader();
+ } catch (SecurityException ex) { }
+ return cl;
+ }
+ });
}
-
+
ClassLoader getSystemClassLoader() {
- return null;
- }
-
- ClassLoader getParentClassLoader(ClassLoader cl) {
- return null;
- }
-
- String getSystemProperty(String propName) {
- return System.getProperty(propName);
- }
-
- FileInputStream getFileInputStream(File file)
- throws FileNotFoundException
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = ClassLoader.getSystemClassLoader();
+ } catch (SecurityException ex) {}
+ return cl;
+ }
+ });
+ }
+
+ ClassLoader getParentClassLoader(final ClassLoader cl) {
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader parent = null;
+ try {
+ parent = cl.getParent();
+ } catch (SecurityException ex) {}
+
+ // eliminate loops in case of the boot
+ // ClassLoader returning itself as a parent
+ return (parent == cl) ? null : parent;
+ }
+ });
+ }
+
+ String getSystemProperty(final String propName) {
+ return (String)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty(propName);
+ }
+ });
+ }
+
+ FileInputStream getFileInputStream(final File file)
+ throws FileNotFoundException
{
- return new FileInputStream(file);
- }
-
- InputStream getResourceAsStream(ClassLoader cl, String name) {
- InputStream ris;
- if (cl == null) {
- ris = ClassLoader.getSystemResourceAsStream(name);
- } else {
- ris = cl.getResourceAsStream(name);
+ try {
+ return (FileInputStream)
+ AccessController.doPrivileged(new PrivilegedExceptionAction() {
+ public Object run() throws FileNotFoundException {
+ return new FileInputStream(file);
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (FileNotFoundException)e.getException();
}
- return ris;
}
-
- boolean getFileExists(File f) {
- return f.exists();
- }
-
- long getLastModified(File f) {
- return f.lastModified();
+
+ InputStream getResourceAsStream(final ClassLoader cl,
+ final String name)
+ {
+ return (InputStream)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ InputStream ris;
+ if (cl == null) {
+ ris = ClassLoader.getSystemResourceAsStream(name);
+ } else {
+ ris = cl.getResourceAsStream(name);
+ }
+ return ris;
+ }
+ });
+ }
+
+ boolean getFileExists(final File f) {
+ return ((Boolean)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Boolean(f.exists());
+ }
+ })).booleanValue();
+ }
+
+ long getLastModified(final File f) {
+ return ((Long)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Long(f.lastModified());
+ }
+ })).longValue();
}
+
+ private SecuritySupport () {}
}
1.3 +112 -79
xml-xerces/java/src/org/apache/xerces/xinclude/SecuritySupport.java
Index: SecuritySupport.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/xerces/xinclude/SecuritySupport.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SecuritySupport.java 24 Feb 2004 23:15:52 -0000 1.2
+++ SecuritySupport.java 27 Nov 2004 17:46:55 -0000 1.3
@@ -16,100 +16,133 @@
package org.apache.xerces.xinclude;
-import java.io.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
/**
- * This class is duplicated for each JAXP subpackage so keep it in sync.
- * It is package private and therefore is not exposed as part of the JAXP
- * API.
- *
- * Base class with security related methods that work on JDK 1.1.
+ * This class is duplicated for each subpackage so keep it in sync.
+ * It is package private and therefore is not exposed as part of any API.
+ *
+ * @xerces.internal
*/
-class SecuritySupport {
+final class SecuritySupport {
- /*
- * Make this of type Object so that the verifier won't try to
- * prove its type, thus possibly trying to load the SecuritySupport12
- * class.
- */
- private static final Object securitySupport;
-
- static {
- SecuritySupport ss = null;
- try {
- Class c = Class.forName("java.security.AccessController");
- // if that worked, we're on 1.2.
- /*
- // don't reference the class explicitly so it doesn't
- // get dragged in accidentally.
- c = Class.forName("javax.mail.SecuritySupport12");
- Constructor cons = c.getConstructor(new Class[] { });
- ss = (SecuritySupport)cons.newInstance(new Object[] { });
- */
- /*
- * Unfortunately, we can't load the class using reflection
- * because the class is package private. And the class has
- * to be package private so the APIs aren't exposed to other
- * code that could use them to circumvent security. Thus,
- * we accept the risk that the direct reference might fail
- * on some JDK 1.1 JVMs, even though we would never execute
- * this code in such a case. Sigh...
- */
- ss = new SecuritySupport12();
- } catch (Exception ex) {
- // ignore it
- } finally {
- if (ss == null)
- ss = new SecuritySupport();
- securitySupport = ss;
- }
- }
+ private static final SecuritySupport securitySupport = new
SecuritySupport();
/**
- * Return an appropriate instance of this class, depending on whether
- * we're on a JDK 1.1 or J2SE 1.2 (or later) system.
+ * Return an instance of this class.
*/
static SecuritySupport getInstance() {
- return (SecuritySupport)securitySupport;
+ return securitySupport;
}
ClassLoader getContextClassLoader() {
- return null;
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = Thread.currentThread().getContextClassLoader();
+ } catch (SecurityException ex) { }
+ return cl;
+ }
+ });
}
-
+
ClassLoader getSystemClassLoader() {
- return null;
- }
-
- ClassLoader getParentClassLoader(ClassLoader cl) {
- return null;
- }
-
- String getSystemProperty(String propName) {
- return System.getProperty(propName);
- }
-
- FileInputStream getFileInputStream(File file)
- throws FileNotFoundException
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = ClassLoader.getSystemClassLoader();
+ } catch (SecurityException ex) {}
+ return cl;
+ }
+ });
+ }
+
+ ClassLoader getParentClassLoader(final ClassLoader cl) {
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader parent = null;
+ try {
+ parent = cl.getParent();
+ } catch (SecurityException ex) {}
+
+ // eliminate loops in case of the boot
+ // ClassLoader returning itself as a parent
+ return (parent == cl) ? null : parent;
+ }
+ });
+ }
+
+ String getSystemProperty(final String propName) {
+ return (String)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty(propName);
+ }
+ });
+ }
+
+ FileInputStream getFileInputStream(final File file)
+ throws FileNotFoundException
{
- return new FileInputStream(file);
- }
-
- InputStream getResourceAsStream(ClassLoader cl, String name) {
- InputStream ris;
- if (cl == null) {
- ris = ClassLoader.getSystemResourceAsStream(name);
- } else {
- ris = cl.getResourceAsStream(name);
+ try {
+ return (FileInputStream)
+ AccessController.doPrivileged(new PrivilegedExceptionAction() {
+ public Object run() throws FileNotFoundException {
+ return new FileInputStream(file);
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (FileNotFoundException)e.getException();
}
- return ris;
}
-
- boolean getFileExists(File f) {
- return f.exists();
- }
-
- long getLastModified(File f) {
- return f.lastModified();
+
+ InputStream getResourceAsStream(final ClassLoader cl,
+ final String name)
+ {
+ return (InputStream)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ InputStream ris;
+ if (cl == null) {
+ ris = ClassLoader.getSystemResourceAsStream(name);
+ } else {
+ ris = cl.getResourceAsStream(name);
+ }
+ return ris;
+ }
+ });
+ }
+
+ boolean getFileExists(final File f) {
+ return ((Boolean)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Boolean(f.exists());
+ }
+ })).booleanValue();
+ }
+
+ long getLastModified(final File f) {
+ return ((Long)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Long(f.lastModified());
+ }
+ })).longValue();
}
+
+ private SecuritySupport () {}
}
1.3 +1 -1
xml-xerces/java/src/org/apache/xerces/xinclude/SecuritySupport12.java
Index: SecuritySupport12.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/xerces/xinclude/SecuritySupport12.java,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- SecuritySupport12.java 24 Feb 2004 23:15:52 -0000 1.2
+++ SecuritySupport12.java 27 Nov 2004 17:46:55 -0000 1.3
@@ -26,7 +26,7 @@
*
* Security related methods that only work on J2SE 1.2 and newer.
*/
-class SecuritySupport12 extends SecuritySupport {
+class SecuritySupport12 {
ClassLoader getContextClassLoader() {
return (ClassLoader)
1.4 +1 -1
xml-xerces/java/src/org/apache/xml/serialize/SecuritySupport12.java
Index: SecuritySupport12.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/xml/serialize/SecuritySupport12.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SecuritySupport12.java 24 Feb 2004 23:34:03 -0000 1.3
+++ SecuritySupport12.java 27 Nov 2004 17:46:55 -0000 1.4
@@ -26,7 +26,7 @@
*
* Security related methods that only work on J2SE 1.2 and newer.
*/
-class SecuritySupport12 extends SecuritySupport {
+class SecuritySupport12 {
ClassLoader getContextClassLoader() {
return (ClassLoader)
1.4 +112 -79
xml-xerces/java/src/org/apache/xml/serialize/SecuritySupport.java
Index: SecuritySupport.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/xml/serialize/SecuritySupport.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- SecuritySupport.java 24 Feb 2004 23:34:03 -0000 1.3
+++ SecuritySupport.java 27 Nov 2004 17:46:55 -0000 1.4
@@ -16,100 +16,133 @@
package org.apache.xml.serialize;
-import java.io.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
/**
- * This class is duplicated for each JAXP subpackage so keep it in sync.
- * It is package private and therefore is not exposed as part of the JAXP
- * API.
- *
- * Base class with security related methods that work on JDK 1.1.
+ * This class is duplicated for each subpackage so keep it in sync.
+ * It is package private and therefore is not exposed as part of any API.
+ *
+ * @xerces.internal
*/
-class SecuritySupport {
+final class SecuritySupport {
- /*
- * Make this of type Object so that the verifier won't try to
- * prove its type, thus possibly trying to load the SecuritySupport12
- * class.
- */
- private static final Object securitySupport;
-
- static {
- SecuritySupport ss = null;
- try {
- Class c = Class.forName("java.security.AccessController");
- // if that worked, we're on 1.2.
- /*
- // don't reference the class explicitly so it doesn't
- // get dragged in accidentally.
- c = Class.forName("javax.mail.SecuritySupport12");
- Constructor cons = c.getConstructor(new Class[] { });
- ss = (SecuritySupport)cons.newInstance(new Object[] { });
- */
- /*
- * Unfortunately, we can't load the class using reflection
- * because the class is package private. And the class has
- * to be package private so the APIs aren't exposed to other
- * code that could use them to circumvent security. Thus,
- * we accept the risk that the direct reference might fail
- * on some JDK 1.1 JVMs, even though we would never execute
- * this code in such a case. Sigh...
- */
- ss = new SecuritySupport12();
- } catch (Exception ex) {
- // ignore it
- } finally {
- if (ss == null)
- ss = new SecuritySupport();
- securitySupport = ss;
- }
- }
+ private static final SecuritySupport securitySupport = new
SecuritySupport();
/**
- * Return an appropriate instance of this class, depending on whether
- * we're on a JDK 1.1 or J2SE 1.2 (or later) system.
+ * Return an instance of this class.
*/
static SecuritySupport getInstance() {
- return (SecuritySupport)securitySupport;
+ return securitySupport;
}
ClassLoader getContextClassLoader() {
- return null;
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = Thread.currentThread().getContextClassLoader();
+ } catch (SecurityException ex) { }
+ return cl;
+ }
+ });
}
-
+
ClassLoader getSystemClassLoader() {
- return null;
- }
-
- ClassLoader getParentClassLoader(ClassLoader cl) {
- return null;
- }
-
- String getSystemProperty(String propName) {
- return System.getProperty(propName);
- }
-
- FileInputStream getFileInputStream(File file)
- throws FileNotFoundException
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = ClassLoader.getSystemClassLoader();
+ } catch (SecurityException ex) {}
+ return cl;
+ }
+ });
+ }
+
+ ClassLoader getParentClassLoader(final ClassLoader cl) {
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader parent = null;
+ try {
+ parent = cl.getParent();
+ } catch (SecurityException ex) {}
+
+ // eliminate loops in case of the boot
+ // ClassLoader returning itself as a parent
+ return (parent == cl) ? null : parent;
+ }
+ });
+ }
+
+ String getSystemProperty(final String propName) {
+ return (String)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty(propName);
+ }
+ });
+ }
+
+ FileInputStream getFileInputStream(final File file)
+ throws FileNotFoundException
{
- return new FileInputStream(file);
- }
-
- InputStream getResourceAsStream(ClassLoader cl, String name) {
- InputStream ris;
- if (cl == null) {
- ris = ClassLoader.getSystemResourceAsStream(name);
- } else {
- ris = cl.getResourceAsStream(name);
+ try {
+ return (FileInputStream)
+ AccessController.doPrivileged(new PrivilegedExceptionAction() {
+ public Object run() throws FileNotFoundException {
+ return new FileInputStream(file);
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (FileNotFoundException)e.getException();
}
- return ris;
}
-
- boolean getFileExists(File f) {
- return f.exists();
- }
-
- long getLastModified(File f) {
- return f.lastModified();
+
+ InputStream getResourceAsStream(final ClassLoader cl,
+ final String name)
+ {
+ return (InputStream)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ InputStream ris;
+ if (cl == null) {
+ ris = ClassLoader.getSystemResourceAsStream(name);
+ } else {
+ ris = cl.getResourceAsStream(name);
+ }
+ return ris;
+ }
+ });
+ }
+
+ boolean getFileExists(final File f) {
+ return ((Boolean)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Boolean(f.exists());
+ }
+ })).booleanValue();
+ }
+
+ long getLastModified(final File f) {
+ return ((Long)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Long(f.lastModified());
+ }
+ })).longValue();
}
+
+ private SecuritySupport () {}
}
1.5 +1 -1
xml-xerces/java/src/org/apache/xerces/impl/dv/SecuritySupport12.java
Index: SecuritySupport12.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/xerces/impl/dv/SecuritySupport12.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SecuritySupport12.java 6 Oct 2004 14:56:50 -0000 1.4
+++ SecuritySupport12.java 27 Nov 2004 17:46:55 -0000 1.5
@@ -28,7 +28,7 @@
*
* Security related methods that only work on J2SE 1.2 and newer.
*/
-class SecuritySupport12 extends SecuritySupport {
+class SecuritySupport12 {
ClassLoader getContextClassLoader() {
return (ClassLoader)
1.5 +111 -80
xml-xerces/java/src/org/apache/xerces/impl/dv/SecuritySupport.java
Index: SecuritySupport.java
===================================================================
RCS file:
/home/cvs/xml-xerces/java/src/org/apache/xerces/impl/dv/SecuritySupport.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SecuritySupport.java 6 Oct 2004 14:56:50 -0000 1.4
+++ SecuritySupport.java 27 Nov 2004 17:46:55 -0000 1.5
@@ -16,102 +16,133 @@
package org.apache.xerces.impl.dv;
-import java.io.*;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.io.InputStream;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
/**
- * This class is duplicated for each JAXP subpackage so keep it in sync.
- * It is package private and therefore is not exposed as part of the JAXP
- * API.
+ * This class is duplicated for each subpackage so keep it in sync.
+ * It is package private and therefore is not exposed as part of any API.
*
- * @xerces.internal
- *
- * Base class with security related methods that work on JDK 1.1.
+ * @xerces.internal
*/
-class SecuritySupport {
+final class SecuritySupport {
- /*
- * Make this of type Object so that the verifier won't try to
- * prove its type, thus possibly trying to load the SecuritySupport12
- * class.
- */
- private static final Object securitySupport;
-
- static {
- SecuritySupport ss = null;
- try {
- Class c = Class.forName("java.security.AccessController");
- // if that worked, we're on 1.2.
- /*
- // don't reference the class explicitly so it doesn't
- // get dragged in accidentally.
- c = Class.forName("javax.mail.SecuritySupport12");
- Constructor cons = c.getConstructor(new Class[] { });
- ss = (SecuritySupport)cons.newInstance(new Object[] { });
- */
- /*
- * Unfortunately, we can't load the class using reflection
- * because the class is package private. And the class has
- * to be package private so the APIs aren't exposed to other
- * code that could use them to circumvent security. Thus,
- * we accept the risk that the direct reference might fail
- * on some JDK 1.1 JVMs, even though we would never execute
- * this code in such a case. Sigh...
- */
- ss = new SecuritySupport12();
- } catch (Exception ex) {
- // ignore it
- } finally {
- if (ss == null)
- ss = new SecuritySupport();
- securitySupport = ss;
- }
- }
+ private static final SecuritySupport securitySupport = new
SecuritySupport();
/**
- * Return an appropriate instance of this class, depending on whether
- * we're on a JDK 1.1 or J2SE 1.2 (or later) system.
+ * Return an instance of this class.
*/
static SecuritySupport getInstance() {
- return (SecuritySupport)securitySupport;
+ return securitySupport;
}
ClassLoader getContextClassLoader() {
- return null;
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = Thread.currentThread().getContextClassLoader();
+ } catch (SecurityException ex) { }
+ return cl;
+ }
+ });
}
-
+
ClassLoader getSystemClassLoader() {
- return null;
- }
-
- ClassLoader getParentClassLoader(ClassLoader cl) {
- return null;
- }
-
- String getSystemProperty(String propName) {
- return System.getProperty(propName);
- }
-
- FileInputStream getFileInputStream(File file)
- throws FileNotFoundException
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader cl = null;
+ try {
+ cl = ClassLoader.getSystemClassLoader();
+ } catch (SecurityException ex) {}
+ return cl;
+ }
+ });
+ }
+
+ ClassLoader getParentClassLoader(final ClassLoader cl) {
+ return (ClassLoader)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ ClassLoader parent = null;
+ try {
+ parent = cl.getParent();
+ } catch (SecurityException ex) {}
+
+ // eliminate loops in case of the boot
+ // ClassLoader returning itself as a parent
+ return (parent == cl) ? null : parent;
+ }
+ });
+ }
+
+ String getSystemProperty(final String propName) {
+ return (String)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return System.getProperty(propName);
+ }
+ });
+ }
+
+ FileInputStream getFileInputStream(final File file)
+ throws FileNotFoundException
{
- return new FileInputStream(file);
- }
-
- InputStream getResourceAsStream(ClassLoader cl, String name) {
- InputStream ris;
- if (cl == null) {
- ris = ClassLoader.getSystemResourceAsStream(name);
- } else {
- ris = cl.getResourceAsStream(name);
+ try {
+ return (FileInputStream)
+ AccessController.doPrivileged(new PrivilegedExceptionAction() {
+ public Object run() throws FileNotFoundException {
+ return new FileInputStream(file);
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (FileNotFoundException)e.getException();
}
- return ris;
}
-
- boolean getFileExists(File f) {
- return f.exists();
- }
-
- long getLastModified(File f) {
- return f.lastModified();
+
+ InputStream getResourceAsStream(final ClassLoader cl,
+ final String name)
+ {
+ return (InputStream)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ InputStream ris;
+ if (cl == null) {
+ ris = ClassLoader.getSystemResourceAsStream(name);
+ } else {
+ ris = cl.getResourceAsStream(name);
+ }
+ return ris;
+ }
+ });
+ }
+
+ boolean getFileExists(final File f) {
+ return ((Boolean)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Boolean(f.exists());
+ }
+ })).booleanValue();
+ }
+
+ long getLastModified(final File f) {
+ return ((Long)
+ AccessController.doPrivileged(new PrivilegedAction() {
+ public Object run() {
+ return new Long(f.lastModified());
+ }
+ })).longValue();
}
+
+ private SecuritySupport () {}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
