[jboss-svn-commits] JBL Code SVN: r13139 - in labs/jbossrules/trunk/drools-core/src/main/java/org/drools: rule and 1 other directory.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Thu Jul 5 21:54:47 EDT 2007
Author: mark.proctor at jboss.com
Date: 2007-07-05 21:54:47 -0400 (Thu, 05 Jul 2007)
New Revision: 13139
Modified:
labs/jbossrules/trunk/drools-core/src/main/java/org/drools/base/ShadowProxyFactory.java
labs/jbossrules/trunk/drools-core/src/main/java/org/drools/rule/MapBackedClassLoader.java
labs/jbossrules/trunk/drools-core/src/main/java/org/drools/rule/PackageCompilationData.java
Log:
JBRULES-760 Security problem in WebSphere with PackageCompilationData classloader
Modified: labs/jbossrules/trunk/drools-core/src/main/java/org/drools/base/ShadowProxyFactory.java
===================================================================
--- labs/jbossrules/trunk/drools-core/src/main/java/org/drools/base/ShadowProxyFactory.java 2007-07-06 01:31:57 UTC (rev 13138)
+++ labs/jbossrules/trunk/drools-core/src/main/java/org/drools/base/ShadowProxyFactory.java 2007-07-06 01:54:47 UTC (rev 13139)
@@ -18,6 +18,9 @@
import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
@@ -32,6 +35,7 @@
import org.drools.asm.MethodVisitor;
import org.drools.asm.Opcodes;
import org.drools.asm.Type;
+import org.drools.rule.MapBackedClassLoader;
import org.drools.util.ShadowProxyUtils;
/**
@@ -51,6 +55,16 @@
public static final String DELEGATE_FIELD_NAME = "delegate";
public static final String HASHCACHE_FIELD_NAME = "__hashCache";
+
+ private static final ProtectionDomain PROTECTION_DOMAIN;
+
+ static {
+ PROTECTION_DOMAIN = (ProtectionDomain) AccessController.doPrivileged( new PrivilegedAction() {
+ public Object run() {
+ return ShadowProxyFactory.class.getProtectionDomain();
+ }
+ } );
+ }
public static Class getProxy(final Class clazz) {
try {
@@ -66,7 +80,8 @@
final ByteArrayClassLoader classLoader = new ByteArrayClassLoader( Thread.currentThread().getContextClassLoader() );
final Class newClass = classLoader.defineClass( className.replace( '/',
'.' ),
- bytes );
+ bytes,
+ PROTECTION_DOMAIN );
return newClass;
} catch ( final Exception e ) {
throw new RuntimeDroolsException( e );
@@ -1443,11 +1458,13 @@
}
public Class defineClass(final String name,
- final byte[] bytes) {
+ final byte[] bytes,
+ final ProtectionDomain PROTECTION_DOMAIN) {
return defineClass( name,
bytes,
0,
- bytes.length );
+ bytes.length,
+ PROTECTION_DOMAIN );
}
}
Modified: labs/jbossrules/trunk/drools-core/src/main/java/org/drools/rule/MapBackedClassLoader.java
===================================================================
--- labs/jbossrules/trunk/drools-core/src/main/java/org/drools/rule/MapBackedClassLoader.java 2007-07-06 01:31:57 UTC (rev 13138)
+++ labs/jbossrules/trunk/drools-core/src/main/java/org/drools/rule/MapBackedClassLoader.java 2007-07-06 01:54:47 UTC (rev 13139)
@@ -9,16 +9,31 @@
import java.io.ObjectOutput;
import java.io.ObjectOutputStream;
import java.io.Serializable;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
import java.util.HashMap;
import java.util.Map;
+import org.drools.base.ClassFieldExtractorFactory;
import org.drools.common.DroolsObjectInputStream;
public class MapBackedClassLoader extends ClassLoader
implements
DroolsClassLoader,
Serializable {
+
+ private static final ProtectionDomain PROTECTION_DOMAIN;
+
private Map store;
+
+ static {
+ PROTECTION_DOMAIN = (ProtectionDomain) AccessController.doPrivileged( new PrivilegedAction() {
+ public Object run() {
+ return MapBackedClassLoader.class.getProtectionDomain();
+ }
+ } );
+ }
public MapBackedClassLoader(final ClassLoader parentClassLoader) {
super( parentClassLoader );
@@ -40,7 +55,8 @@
return defineClass( name,
clazzBytes,
0,
- clazzBytes.length );
+ clazzBytes.length,
+ PROTECTION_DOMAIN );
}
}
Modified: labs/jbossrules/trunk/drools-core/src/main/java/org/drools/rule/PackageCompilationData.java
===================================================================
--- labs/jbossrules/trunk/drools-core/src/main/java/org/drools/rule/PackageCompilationData.java 2007-07-06 01:31:57 UTC (rev 13138)
+++ labs/jbossrules/trunk/drools-core/src/main/java/org/drools/rule/PackageCompilationData.java 2007-07-06 01:54:47 UTC (rev 13139)
@@ -24,6 +24,9 @@
import java.io.ObjectInput;
import java.io.ObjectOutput;
import java.io.ObjectOutputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -33,6 +36,7 @@
import org.drools.CheckedDroolsException;
import org.drools.RuntimeDroolsException;
+import org.drools.base.ClassFieldExtractorFactory;
import org.drools.base.accumulators.JavaAccumulatorFunctionExecutor;
import org.drools.common.DroolsObjectInputStream;
import org.drools.spi.Accumulator;
@@ -49,6 +53,8 @@
*
*/
private static final long serialVersionUID = 400L;
+
+ private static final ProtectionDomain PROTECTION_DOMAIN;
private Map invokerLookups;
@@ -62,6 +68,15 @@
private transient ClassLoader parentClassLoader;
+
+ static {
+ PROTECTION_DOMAIN = (ProtectionDomain) AccessController.doPrivileged( new PrivilegedAction() {
+ public Object run() {
+ return PackageCompilationData.class.getProtectionDomain();
+ }
+ } );
+ }
+
/**
* Default constructor - for Externalizable. This should never be used by a user, as it
* will result in an invalid state for the instance.
@@ -302,7 +317,8 @@
return defineClass( name,
clazzBytes,
0,
- clazzBytes.length );
+ clazzBytes.length,
+ PROTECTION_DOMAIN );
}
}
More information about the jboss-svn-commits
mailing list