[jboss-cvs] JBossAS SVN: r81224 - in projects/microcontainer/trunk/kernel/src: main/java/org/jboss/kernel/plugins/dependency and 3 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Nov 18 09:39:48 EST 2008
Author: adrian at jboss.org
Date: 2008-11-18 09:39:48 -0500 (Tue, 18 Nov 2008)
New Revision: 81224
Added:
projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/support/PrivilegedBean.java
projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/support/SimpleScopedClassLoader.java
projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/test/GenericBeanFactoryAccessControlTestCase.java
projects/microcontainer/trunk/kernel/src/test/resources/org/jboss/test/kernel/controller/test/GenericBeanFactoryAccessControlTestCase.xml
Modified:
projects/microcontainer/trunk/kernel/src/main/java/org/jboss/beans/metadata/plugins/factory/GenericBeanFactory.java
projects/microcontainer/trunk/kernel/src/main/java/org/jboss/kernel/plugins/dependency/AbstractKernelControllerContext.java
projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/test/ControllerTestSuite.java
Log:
[JBMICRCONT-385] - Fix GenericBeanFactory.createBean() such that it runs under the correct access control contexts
Modified: projects/microcontainer/trunk/kernel/src/main/java/org/jboss/beans/metadata/plugins/factory/GenericBeanFactory.java
===================================================================
--- projects/microcontainer/trunk/kernel/src/main/java/org/jboss/beans/metadata/plugins/factory/GenericBeanFactory.java 2008-11-18 13:25:03 UTC (rev 81223)
+++ projects/microcontainer/trunk/kernel/src/main/java/org/jboss/beans/metadata/plugins/factory/GenericBeanFactory.java 2008-11-18 14:39:48 UTC (rev 81224)
@@ -21,6 +21,11 @@
*/
package org.jboss.beans.metadata.plugins.factory;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Map;
import org.jboss.beans.info.spi.BeanInfo;
@@ -29,6 +34,7 @@
import org.jboss.beans.metadata.spi.factory.AbstractBeanFactory;
import org.jboss.joinpoint.spi.Joinpoint;
import org.jboss.kernel.plugins.config.Configurator;
+import org.jboss.kernel.plugins.dependency.AbstractKernelControllerContext;
import org.jboss.kernel.spi.config.KernelConfigurator;
import org.jboss.kernel.spi.dependency.KernelControllerContext;
import org.jboss.kernel.spi.dependency.KernelControllerContextAware;
@@ -37,8 +43,8 @@
/**
* Bean factory metadata.
*
+ * @author <a href="ales.justin at jboss.com">Ales Justin</a>
* @author <a href="adrian at jboss.com">Adrian Brock</a>
- * @author <a href="ales.justin at jboss.com">Ales Justin</a>
* @version $Revision$
*/
public class GenericBeanFactory extends AbstractBeanFactory implements KernelControllerContextAware
@@ -67,21 +73,134 @@
*/
public Object createBean() throws Throwable
{
- ClassLoader cl = null;
- if (classLoader == null && context != null)
+ final ClassLoader cl = getControllerContextClassLoader();
+
+ AccessControlContext acc = getAccessControlContext();
+
+ if (acc == null || System.getSecurityManager() == null)
+ return createBean(cl);
+
+ try
{
- try
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
{
- cl = context.getClassLoader();
+ public Object run() throws Exception
+ {
+ try
+ {
+ return createBean(cl);
+ }
+ catch (Error e)
+ {
+ throw e;
+ }
+ catch (Exception e)
+ {
+ throw e;
+ }
+ catch (Throwable t)
+ {
+ throw new RuntimeException("Error creating bean", t);
+ }
+ }
+ }, acc);
+ }
+ catch (PrivilegedActionException e)
+ {
+ throw e.getCause();
+ }
+ }
+
+ public void setKernelControllerContext(KernelControllerContext context) throws Exception
+ {
+ this.context = context;
+ }
+
+ public void unsetKernelControllerContext(KernelControllerContext context) throws Exception
+ {
+ this.context = null;
+ }
+
+ /**
+ * Get the classloader from the controller context
+ *
+ * @return the controller context
+ */
+ private ClassLoader getControllerContextClassLoader() throws Throwable
+ {
+ if (context != null)
+ {
+ if (System.getSecurityManager() == null)
+ {
+ try
+ {
+ return context.getClassLoader();
+ }
+ catch (Throwable t)
+ {
+ log.trace("Unable to retrieve classloader from " + context);
+ return null;
+ }
}
- catch (Throwable t)
+
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
- log.trace("Unable to retrieve classloader from " + context);
- }
+ public ClassLoader run()
+ {
+ try
+ {
+ return context.getClassLoader();
+ }
+ catch (Throwable t)
+ {
+ log.trace("Unable to retrieve classloader from " + context);
+ return null;
+ }
+ }
+ });
}
-
- if (cl == null)
- cl = Configurator.getClassLoader(classLoader);
+ return null;
+ }
+
+ /**
+ * Get the access control context from the controller context
+ *
+ * @return the access control
+ */
+ private AccessControlContext getAccessControlContext() throws Throwable
+ {
+ if (context != null)
+ {
+ if (context instanceof AbstractKernelControllerContext == false)
+ return null;
+
+ final AbstractKernelControllerContext akcc = (AbstractKernelControllerContext) context;
+ if (System.getSecurityManager() == null)
+ return akcc.getAccessControlContext();
+
+ return AccessController.doPrivileged(new PrivilegedAction<AccessControlContext>()
+ {
+ public AccessControlContext run()
+ {
+ return akcc.getAccessControlContext();
+ }
+ });
+ }
+ return null;
+ }
+
+ /**
+ * Create a new bean
+ *
+ * @param cl the classloader to use
+ * @return the bean
+ * @throws Throwable for any error
+ */
+ private Object createBean(ClassLoader cl) throws Throwable
+ {
+ ClassLoader cl2 = cl;
+ if (cl2 == null)
+ cl2 = Configurator.getClassLoader(classLoader);
BeanInfo info = null;
if (bean != null)
info = configurator.getBeanInfo(bean, cl, accessMode);
@@ -105,14 +224,4 @@
invokeLifecycle("start", start, info, cl, result);
return result;
}
-
- public void setKernelControllerContext(KernelControllerContext context) throws Exception
- {
- this.context = context;
- }
-
- public void unsetKernelControllerContext(KernelControllerContext context) throws Exception
- {
- this.context = null;
- }
}
\ No newline at end of file
Modified: projects/microcontainer/trunk/kernel/src/main/java/org/jboss/kernel/plugins/dependency/AbstractKernelControllerContext.java
===================================================================
--- projects/microcontainer/trunk/kernel/src/main/java/org/jboss/kernel/plugins/dependency/AbstractKernelControllerContext.java 2008-11-18 13:25:03 UTC (rev 81223)
+++ projects/microcontainer/trunk/kernel/src/main/java/org/jboss/kernel/plugins/dependency/AbstractKernelControllerContext.java 2008-11-18 14:39:48 UTC (rev 81224)
@@ -23,6 +23,7 @@
import java.security.AccessControlContext;
import java.security.AccessController;
+import java.security.SecurityPermission;
import java.util.HashSet;
import java.util.Set;
@@ -61,6 +62,9 @@
/** The get classloader permission */
private static final RuntimePermission GET_CLASSLOADER_PERMISSION = new RuntimePermission("getClassLoader");
+
+ /** The access control context permission */
+ private static final SecurityPermission GET_ACCESS_CONTROL_CONTEXT_PERMISSION = new SecurityPermission("getAccessControlContext");
/** The BeanInfo */
private BeanInfo info;
@@ -234,8 +238,11 @@
*
* @return any access control context
*/
- protected AccessControlContext getAccessControlContext()
+ public AccessControlContext getAccessControlContext()
{
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null)
+ sm.checkPermission(GET_ACCESS_CONTROL_CONTEXT_PERMISSION);
return accessContext;
}
Added: projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/support/PrivilegedBean.java
===================================================================
--- projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/support/PrivilegedBean.java (rev 0)
+++ projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/support/PrivilegedBean.java 2008-11-18 14:39:48 UTC (rev 81224)
@@ -0,0 +1,36 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2008, Red Hat Middleware LLC, and individual contributors
+* as indicated by the @author tags. See the copyright.txt file in the
+* distribution for a full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.test.kernel.controller.support;
+
+/**
+ * PrivilegedBean.
+ *
+ * @author <a href="adrian at jboss.com">Adrian Brock</a>
+ * @version $Revision: 1.1 $
+ */
+public class PrivilegedBean
+{
+ public PrivilegedBean()
+ {
+ System.getProperties();
+ }
+}
Added: projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/support/SimpleScopedClassLoader.java
===================================================================
--- projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/support/SimpleScopedClassLoader.java (rev 0)
+++ projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/support/SimpleScopedClassLoader.java 2008-11-18 14:39:48 UTC (rev 81224)
@@ -0,0 +1,88 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2008, Red Hat Middleware LLC, and individual contributors
+* as indicated by the @author tags. See the copyright.txt file in the
+* distribution for a full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.test.kernel.controller.support;
+
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.ProtectionDomain;
+
+import org.jboss.test.AbstractTestCaseWithSetup;
+
+/**
+ * SimpleScopedClassLoader.
+ *
+ * @author <a href="adrian at jboss.com">Adrian Brock</a>
+ * @version $Revision: 1.1 $
+ */
+public class SimpleScopedClassLoader extends ClassLoader
+{
+ @Override
+ protected synchronized Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException
+ {
+ if (name.startsWith("org.jboss.test.kernel"))
+ {
+ SecurityManager sm = AbstractTestCaseWithSetup.suspendSecurity();
+ try
+ {
+ String resourceName = name.replace('.', '/') + ".class";
+ URL url = SimpleScopedClassLoader.class.getClassLoader().getResource(resourceName);
+ InputStream is = null;
+ byte[] bytes = null;
+ try
+ {
+ is = url.openStream();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ byte[] tmp = new byte[1024];
+ int read = 0;
+ while ( (read = is.read(tmp)) >= 0 )
+ baos.write(tmp, 0, read);
+ bytes = baos.toByteArray();
+ }
+ catch (IOException e)
+ {
+ throw new RuntimeException("Unable to load class byte code " + name, e);
+ }
+ finally
+ {
+ try
+ {
+ if (is != null)
+ is.close();
+ }
+ catch (IOException e)
+ {
+ // pointless
+ }
+ }
+ ProtectionDomain pd = AbstractTestCaseWithSetup.class.getProtectionDomain();
+ return defineClass(name, bytes, 0, bytes.length, pd);
+ }
+ finally
+ {
+ AbstractTestCaseWithSetup.resumeSecurity(sm);
+ }
+ }
+ return super.loadClass(name, resolve);
+ }
+}
Modified: projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/test/ControllerTestSuite.java
===================================================================
--- projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/test/ControllerTestSuite.java 2008-11-18 13:25:03 UTC (rev 81223)
+++ projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/test/ControllerTestSuite.java 2008-11-18 14:39:48 UTC (rev 81224)
@@ -49,6 +49,7 @@
suite.addTest(InstallErrorTestCase.suite());
suite.addTest(InstallWhenRequiredErrorTestCase.suite());
suite.addTest(FieldAccessControlTestCase.suite());
+ suite.addTest(GenericBeanFactoryAccessControlTestCase.suite());
return suite;
}
Added: projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/test/GenericBeanFactoryAccessControlTestCase.java
===================================================================
--- projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/test/GenericBeanFactoryAccessControlTestCase.java (rev 0)
+++ projects/microcontainer/trunk/kernel/src/test/java/org/jboss/test/kernel/controller/test/GenericBeanFactoryAccessControlTestCase.java 2008-11-18 14:39:48 UTC (rev 81224)
@@ -0,0 +1,90 @@
+/*
+* JBoss, Home of Professional Open Source
+* Copyright 2005, JBoss Inc., and individual contributors as indicated
+* by the @authors tag. See the copyright.txt in the distribution for a
+* full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.test.kernel.controller.test;
+
+import java.security.AccessControlException;
+import java.util.Collections;
+
+import junit.framework.Test;
+
+import org.jboss.beans.metadata.spi.BeanMetaDataFactory;
+import org.jboss.beans.metadata.spi.factory.BeanFactory;
+import org.jboss.beans.metadata.spi.factory.GenericBeanFactoryMetaData;
+import org.jboss.kernel.plugins.deployment.AbstractKernelDeployment;
+import org.jboss.test.kernel.controller.support.PrivilegedBean;
+
+/**
+ * AccessControl Test Case.
+ *
+ * @author <a href="adrian at jboss.com">Adrian Brock</a>
+ * @version $Revision: 38046 $
+ */
+public class GenericBeanFactoryAccessControlTestCase extends AbstractControllerTest
+{
+ public static Test suite()
+ {
+ return suite(GenericBeanFactoryAccessControlTestCase.class);
+ }
+
+ public GenericBeanFactoryAccessControlTestCase(String name) throws Throwable
+ {
+ super(name);
+ }
+
+ public void testPrivilegedBean() throws Throwable
+ {
+ BeanFactory factory = assertBean("Factory", BeanFactory.class);
+ Object object = factory.createBean();
+
+ ClassLoader cl = assertBean("ClassLoader", ClassLoader.class);
+ assertEquals(cl, object.getClass().getClassLoader());
+ }
+
+ public void testUnPrivilegedBean() throws Throwable
+ {
+ GenericBeanFactoryMetaData gbfmd = new GenericBeanFactoryMetaData();
+ gbfmd.setName("NonPrivileged");
+ gbfmd.setBean(PrivilegedBean.class.getName());
+
+ AbstractKernelDeployment deployment = new AbstractKernelDeployment();
+ deployment.setName("test");
+ deployment.setBeanFactories(Collections.singletonList((BeanMetaDataFactory) gbfmd));
+ deploy(deployment);
+ try
+ {
+ BeanFactory factory = assertBean("NonPrivileged", BeanFactory.class);
+ try
+ {
+ factory.createBean();
+ fail("Should not be here!");
+ }
+ catch (Throwable t)
+ {
+ checkThrowable(AccessControlException.class, t);
+ }
+ }
+ finally
+ {
+ undeploy(deployment);
+ }
+ }
+}
\ No newline at end of file
Added: projects/microcontainer/trunk/kernel/src/test/resources/org/jboss/test/kernel/controller/test/GenericBeanFactoryAccessControlTestCase.xml
===================================================================
--- projects/microcontainer/trunk/kernel/src/test/resources/org/jboss/test/kernel/controller/test/GenericBeanFactoryAccessControlTestCase.xml (rev 0)
+++ projects/microcontainer/trunk/kernel/src/test/resources/org/jboss/test/kernel/controller/test/GenericBeanFactoryAccessControlTestCase.xml 2008-11-18 14:39:48 UTC (rev 81224)
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<deployment xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:jboss:bean-deployer bean-deployer_2_0.xsd"
+ xmlns="urn:jboss:bean-deployer">
+
+ <classloader>
+ <bean name="ClassLoader" class="org.jboss.test.kernel.controller.support.SimpleScopedClassLoader"/>
+ </classloader>
+
+ <beanfactory name="Factory" class="org.jboss.test.kernel.controller.support.PrivilegedBean"/>
+
+</deployment>
More information about the jboss-cvs-commits
mailing list