[jboss-svn-commits] JBL Code SVN: r13140 - labs/jbossrules/trunk/drools-compiler/src/main/java/org/drools/resource/util.
jboss-svn-commits at lists.jboss.org
jboss-svn-commits at lists.jboss.org
Thu Jul 5 21:54:54 EDT 2007
Author: mark.proctor at jboss.com
Date: 2007-07-05 21:54:54 -0400 (Thu, 05 Jul 2007)
New Revision: 13140
Modified:
labs/jbossrules/trunk/drools-compiler/src/main/java/org/drools/resource/util/ByteArrayClassLoader.java
Log:
JBRULES-760 Security problem in WebSphere with PackageCompilationData classloader
Modified: labs/jbossrules/trunk/drools-compiler/src/main/java/org/drools/resource/util/ByteArrayClassLoader.java
===================================================================
--- labs/jbossrules/trunk/drools-compiler/src/main/java/org/drools/resource/util/ByteArrayClassLoader.java 2007-07-06 01:54:47 UTC (rev 13139)
+++ labs/jbossrules/trunk/drools-compiler/src/main/java/org/drools/resource/util/ByteArrayClassLoader.java 2007-07-06 01:54:54 UTC (rev 13140)
@@ -18,15 +18,29 @@
import java.io.ByteArrayInputStream;
import java.io.InputStream;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.ProtectionDomain;
import java.util.HashMap;
import java.util.Map;
+import org.drools.rule.MapBackedClassLoader;
+
/**
* A class loader for in memory byte[] resources
*
* @author etirelli
*/
public class ByteArrayClassLoader extends ClassLoader {
+ private static final ProtectionDomain PROTECTION_DOMAIN;
+
+ static {
+ PROTECTION_DOMAIN = (ProtectionDomain) AccessController.doPrivileged( new PrivilegedAction() {
+ public Object run() {
+ return ByteArrayClassLoader.class.getProtectionDomain();
+ }
+ } );
+ }
private final Map resources = new HashMap();
@@ -49,7 +63,8 @@
return defineClass( name,
clazzBytes,
0,
- clazzBytes.length );
+ clazzBytes.length,
+ PROTECTION_DOMAIN );
}
}
More information about the jboss-svn-commits
mailing list