[jboss-cvs] JBossAS SVN: r103410 - in projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop: util/reference and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Thu Apr 1 07:00:09 EDT 2010
Author: flavia.rainone at jboss.com
Date: 2010-04-01 07:00:08 -0400 (Thu, 01 Apr 2010)
New Revision: 103410
Added:
projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/util/reference/SecurityActions.java
Modified:
projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/proxy/ClassProxyFactory.java
projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/proxy/SecurityActions.java
projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/util/reference/MethodPersistentReference.java
Log:
[JBAOP-784] Fix security failure caused by previous commit
Modified: projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/proxy/ClassProxyFactory.java
===================================================================
--- projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/proxy/ClassProxyFactory.java 2010-04-01 10:53:08 UTC (rev 103409)
+++ projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/proxy/ClassProxyFactory.java 2010-04-01 11:00:08 UTC (rev 103410)
@@ -63,9 +63,30 @@
private static WeakValueHashMap<String, Class<?>> classnameMap = new WeakValueHashMap<String, Class<?>>();
private static WeakHashMap<ClassLoader, WeakHashMap<Class<?>, WeakReference<Class<?>>>> proxyCache = new WeakHashMap<ClassLoader, WeakHashMap<Class<?>, WeakReference<Class<?>>>>();
private static WeakHashMap<Class<?>, Map<Long, MethodPersistentReference>> methodMapCache = new WeakHashMap<Class<?>, Map<Long, MethodPersistentReference>>();
+ private static final MethodPersistentReference toStringReference;
+ private static final long toStringHash;
public static final String GENERATED_PROXIES_PACKAGE = "org.jboss.aop.generatedproxies";
+
+ static
+ {
+ Method toString = SecurityActions.getDeclaredMethod(Object.class, "toString");
+ try
+ {
+ toStringHash = MethodHashing.methodHash(toString);
+ }
+ catch (RuntimeException e)
+ {
+ throw e;
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("Error getting method hash for Object.toString", e);
+ }
+ toStringReference = new MethodPersistentReference(toString, PersistentReference.REFERENCE_WEAK);
+ }
+
public static ClassProxy newInstance(Class<?> clazz) throws Exception
{
return newInstance(clazz, null);
@@ -366,10 +387,7 @@
if (superclass == null) return;
if (superclass.getName().equals("java.lang.Object"))
{
- // TODO: this is always the same for everyone, so why not prefab it
- Method toString = Object.class.getDeclaredMethod("toString");
- long hash = MethodHashing.methodHash(toString);
- advised.put(hash, new MethodPersistentReference(toString, PersistentReference.REFERENCE_WEAK));
+ advised.put(toStringHash, toStringReference);
return;
};
Modified: projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/proxy/SecurityActions.java
===================================================================
--- projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/proxy/SecurityActions.java 2010-04-01 10:53:08 UTC (rev 103409)
+++ projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/proxy/SecurityActions.java 2010-04-01 11:00:08 UTC (rev 103410)
@@ -1,27 +1,28 @@
/*
-* JBoss, Home of Professional Open Source.
-* Copyright 2006, Red Hat Middleware LLC, and individual contributors
-* as indicated by the @author tags. See the copyright.txt file in the
-* distribution for a full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.aop.proxy;
import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
@@ -30,10 +31,73 @@
/**
*
* @author <a href="kabir.khan at jboss.com">Kabir Khan</a>
+ * @author <a href="flavia.rainone at jboss.com">Flavia Rainone</a>
* @version $Revision: 1.1 $
*/
class SecurityActions
{
+ interface GetDeclaredMethodAction
+ {
+ Method getDeclaredMethod(Class<?> clazz, String methodName);
+
+ GetDeclaredMethodAction PRIVILEGED = new GetDeclaredMethodAction()
+ {
+ public Method getDeclaredMethod(final Class<?> clazz, final String methodName)
+ {
+ try
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Method>()
+ {
+ public Method run() throws Exception
+ {
+ return clazz.getDeclaredMethod(methodName);
+ }
+ });
+ }
+ catch (PrivilegedActionException e)
+ {
+ Exception exception = e.getException();
+ if (exception instanceof RuntimeException)
+ {
+ throw (RuntimeException) exception;
+ }
+ throw new RuntimeException("Error getting method " + methodName + " from class " + clazz, exception);
+ }
+ }
+ };
+
+ GetDeclaredMethodAction NON_PRIVILEGED = new GetDeclaredMethodAction()
+ {
+ public Method getDeclaredMethod(Class<?> clazz, String methodName)
+ {
+ try
+ {
+ return clazz.getDeclaredMethod(methodName);
+ }
+ catch (NoSuchMethodException e)
+ {
+ throw new RuntimeException("Error getting method " + methodName + " from class " + clazz, e);
+ }
+ catch (SecurityException e)
+ {
+ throw new RuntimeException("Error getting method " + methodName + " from class " + clazz, e);
+ }
+ }
+ };
+ }
+
+ static Method getDeclaredMethod(Class<?> clazz, String methodName)
+ {
+ if (System.getSecurityManager() == null)
+ {
+ return GetDeclaredMethodAction.NON_PRIVILEGED.getDeclaredMethod(clazz, methodName);
+ }
+ else
+ {
+ return GetDeclaredMethodAction.PRIVILEGED.getDeclaredMethod(clazz, methodName);
+ }
+ }
+
interface SetAccessibleAction
{
void setAccessible(AccessibleObject accessibleObject);
Modified: projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/util/reference/MethodPersistentReference.java
===================================================================
--- projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/util/reference/MethodPersistentReference.java 2010-04-01 10:53:08 UTC (rev 103409)
+++ projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/util/reference/MethodPersistentReference.java 2010-04-01 11:00:08 UTC (rev 103410)
@@ -1,24 +1,24 @@
/*
-* JBoss, Home of Professional Open Source
-* Copyright 2005, JBoss Inc., and individual contributors as indicated
-* by the @authors tag. See the copyright.txt in the distribution for a
-* full listing of individual contributors.
-*
-* This is free software; you can redistribute it and/or modify it
-* under the terms of the GNU Lesser General Public License as
-* published by the Free Software Foundation; either version 2.1 of
-* the License, or (at your option) any later version.
-*
-* This software is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-* Lesser General Public License for more details.
-*
-* You should have received a copy of the GNU Lesser General Public
-* License along with this software; if not, write to the Free
-* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
-* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
-*/
+ * JBoss, Home of Professional Open Source
+ * Copyright 2005, JBoss Inc., and individual contributors as indicated
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
package org.jboss.aop.util.reference;
@@ -31,33 +31,33 @@
* In case the reference is released, the reference will be reconstructed*/
public class MethodPersistentReference extends ArgumentPersistentReference
{
- public MethodPersistentReference (Method method, int referenceType)
- {
- super(method!=null?method.getDeclaringClass():null,method,referenceType);
- if (method!=null)
- {
- this.name=method.getName();
- setArguments(method.getParameterTypes());
- }
- }
- String name;
-
+ public MethodPersistentReference (Method method, int referenceType)
+ {
+ super(method!=null?method.getDeclaringClass():null,method,referenceType);
+ if (method!=null)
+ {
+ this.name=method.getName();
+ setArguments(method.getParameterTypes());
+ }
+ }
+ String name;
- public synchronized Object rebuildReference() throws Exception
- {
- // A reference to guarantee the value is not being GCed during while the value is being rebuilt
- Object returnValue=null;
- if ((returnValue=internalGet())!=null) return returnValue;
-
- Method aMethod = getMappedClass().getDeclaredMethod(name,getArguments());
- buildReference(aMethod);
- return aMethod;
- }
- public Method getMethod()
- {
- return (Method) get();
- }
-
+ public synchronized Object rebuildReference() throws Exception
+ {
+ // A reference to guarantee the value is not being GCed during while the value is being rebuilt
+ Object returnValue=null;
+ if ((returnValue=internalGet())!=null) return returnValue;
+
+ Method aMethod = SecurityActions.getDeclaredMethod(getMappedClass(), name, getArguments());
+ buildReference(aMethod);
+ return aMethod;
+ }
+
+ public Method getMethod()
+ {
+ return (Method) get();
+ }
+
}
Added: projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/util/reference/SecurityActions.java
===================================================================
--- projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/util/reference/SecurityActions.java (rev 0)
+++ projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/util/reference/SecurityActions.java 2010-04-01 11:00:08 UTC (rev 103410)
@@ -0,0 +1,96 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.aop.util.reference;
+
+import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * @author <a href="flavia.rainone at jboss.com">Flavia Rainone</a>
+ * @version $Revision$
+ */
+class SecurityActions
+{
+ interface GetDeclaredMethodAction
+ {
+ Method getDeclaredMethod(Class<?> clazz, String methodName, Class<?>... arguments);
+
+ GetDeclaredMethodAction PRIVILEGED = new GetDeclaredMethodAction()
+ {
+ public Method getDeclaredMethod(final Class<?> clazz, final String methodName, final Class<?>... arguments)
+ {
+ try
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Method>()
+ {
+ public Method run() throws Exception
+ {
+ return clazz.getDeclaredMethod(methodName, arguments);
+ }
+ });
+ }
+ catch (PrivilegedActionException e)
+ {
+ Exception exception = e.getException();
+ if (exception instanceof RuntimeException)
+ {
+ throw (RuntimeException) exception;
+ }
+ throw new RuntimeException("Error getting method " + methodName + " from class " + clazz, exception);
+ }
+ }
+ };
+
+ GetDeclaredMethodAction NON_PRIVILEGED = new GetDeclaredMethodAction()
+ {
+ public Method getDeclaredMethod(Class<?> clazz, String methodName, Class<?>... arguments)
+ {
+ try
+ {
+ return clazz.getDeclaredMethod(methodName, arguments);
+ }
+ catch (NoSuchMethodException e)
+ {
+ throw new RuntimeException("Error getting method " + methodName + " from class " + clazz, e);
+ }
+ catch (SecurityException e)
+ {
+ throw new RuntimeException("Error getting method " + methodName + " from class " + clazz, e);
+ }
+ }
+ };
+ }
+
+ static Method getDeclaredMethod(Class<?> clazz, String methodName, Class<?>... arguments)
+ {
+ if (System.getSecurityManager() == null)
+ {
+ return GetDeclaredMethodAction.NON_PRIVILEGED.getDeclaredMethod(clazz, methodName, arguments);
+ }
+ else
+ {
+ return GetDeclaredMethodAction.PRIVILEGED.getDeclaredMethod(clazz, methodName, arguments);
+ }
+ }
+}
Property changes on: projects/aop/branches/Branch_2_2/aop/src/main/java/org/jboss/aop/util/reference/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Author Date Id Revision
Name: svn:eol-style
+ native
More information about the jboss-cvs-commits
mailing list