Author: struberg
Date: Mon Mar 21 21:47:17 2011
New Revision: 1083977
URL: http://svn.apache.org/viewvc?rev=1083977&view=rev
Log:
OWB-545 add security handling for SecurityService creation
We only allow creation of the ManagedSecurityService from
within the WebBeansContext!
Modified:
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java
Modified:
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java
URL:
http://svn.apache.org/viewvc/openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java?rev=1083977&r1=1083976&r2=1083977&view=diff
==============================================================================
---
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java
(original)
+++
openwebbeans/trunk/webbeans-impl/src/main/java/org/apache/webbeans/corespi/security/ManagedSecurityService.java
Mon Mar 21 21:47:17 2011
@@ -18,6 +18,7 @@
*/
package org.apache.webbeans.corespi.security;
+import org.apache.webbeans.config.WebBeansContext;
import org.apache.webbeans.exception.WebBeansException;
import org.apache.webbeans.spi.SecurityService;
@@ -52,7 +53,16 @@ public class ManagedSecurityService impl
private static final PrivilegedActionGetSystemProperties
SYSTEM_PROPERTY_ACTION = new PrivilegedActionGetSystemProperties();
-
+ public ManagedSecurityService()
+ {
+ // we need to make sure that only WebBeansContext gets used to create
us!
+ StackTraceElement[] stackTrace =
Thread.currentThread().getStackTrace();
+ String declaringClass = stackTrace[6].getClassName();
+ if (!declaringClass.equals(WebBeansContext.class.getName()))
+ {
+ throw new SecurityException("ManagedSecurityService must directly
get created by WebBeansContext!");
+ }
+ }
@Override
public Principal getCurrentPrincipal()
