Author: asoldano Date: 2014-02-03 11:59:47 -0500 (Mon, 03 Feb 2014) New Revision: 18302 Modified: spi/trunk/src/main/java/org/jboss/wsf/spi/classloading/ClassLoaderProvider.java Log: [JBWS-3756] Add permission checks to sensitive public static methods Modified: spi/trunk/src/main/java/org/jboss/wsf/spi/classloading/ClassLoaderProvider.java =================================================================== --- spi/trunk/src/main/java/org/jboss/wsf/spi/classloading/ClassLoaderProvider.java 2014-02-03 16:49:00 UTC (rev 18301) +++ spi/trunk/src/main/java/org/jboss/wsf/spi/classloading/ClassLoaderProvider.java 2014-02-03 16:59:47 UTC (rev 18302) @@ -22,6 +22,7 @@ package org.jboss.wsf.spi.classloading; import java.security.AccessController; +import java.security.Permission; import java.security.PrivilegedAction; /** @@ -33,6 +34,8 @@ */ public abstract class ClassLoaderProvider { + private static final RuntimePermission SET_DEFAULT_CLASSLOADER_PROVIDER = new RuntimePermission("org.jboss.wsf.spi.SET_DEFAULT_CLASSLOADER_PROVIDER"); + private static ClassLoaderProvider provider = new ClassLoaderProvider() { @Override @@ -57,6 +60,7 @@ public static void setDefaultProvider(ClassLoaderProvider p) { + checkPermission(SET_DEFAULT_CLASSLOADER_PROVIDER); provider = p; set = true; } @@ -109,4 +113,13 @@ }); } } + + private static void checkPermission(final Permission permission) + { + SecurityManager securityManager = System.getSecurityManager(); + if (securityManager != null) + { + AccessController.checkPermission(permission); + } + } }