This is an automated email from the ASF dual-hosted git repository. rmannibucau pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/openwebbeans.git
The following commit(s) were added to refs/heads/master by this push: new 2f54115 [OWB-1377][OWB-1375] enable to configure reserved packages for proxies + handle org.apache.webbeans.custom.signed. as org.apache.webbeans.custom. 2f54115 is described below commit 2f54115c404e40aefd390168f511511649423cc1 Author: Romain Manni-Bucau <rmannibu...@gmail.com> AuthorDate: Mon Mar 15 17:25:17 2021 +0100 [OWB-1377][OWB-1375] enable to configure reserved packages for proxies + handle org.apache.webbeans.custom.signed. as org.apache.webbeans.custom. --- .../webbeans/config/OpenWebBeansConfiguration.java | 42 ++++++++++++++++++++++ .../signed/CustomSignedProxyPackageMarker.java | 23 ++++++++++++ .../webbeans/proxy/AbstractProxyFactory.java | 10 ++++-- .../java/org/apache/webbeans/proxy/Unsafe.java | 7 ++-- .../META-INF/openwebbeans/openwebbeans.properties | 6 ++++ 5 files changed, 83 insertions(+), 5 deletions(-) diff --git a/webbeans-impl/src/main/java/org/apache/webbeans/config/OpenWebBeansConfiguration.java b/webbeans-impl/src/main/java/org/apache/webbeans/config/OpenWebBeansConfiguration.java index 3810268..1a5a6d5 100644 --- a/webbeans-impl/src/main/java/org/apache/webbeans/config/OpenWebBeansConfiguration.java +++ b/webbeans-impl/src/main/java/org/apache/webbeans/config/OpenWebBeansConfiguration.java @@ -31,10 +31,14 @@ import java.util.Map; import java.util.Properties; import java.util.Set; import java.util.logging.Level; +import java.util.stream.Stream; import org.apache.webbeans.exception.WebBeansConfigurationException; import org.apache.webbeans.logger.WebBeansLoggerFacade; +import static java.util.Arrays.asList; +import static java.util.stream.Collectors.toList; + /** * Defines configuration for OpenWebBeans. * @@ -244,6 +248,15 @@ public class OpenWebBeansConfiguration */ private Map<String, Set<String>> configuredLists = new HashMap<>(); + /** + * List of packages which can't be used to generate a proxy. + * + * Important: changing this default has runtime impacts on proxies name. + * It is recommended to not tune it until really needed. + * Also ensure it is consistent between generation and runtime if you use stable proxy names. + */ + private volatile List<String> proxyReservedPackages; + /** * you can configure this externally as well. @@ -556,4 +569,33 @@ public class OpenWebBeansConfiguration return Boolean.parseBoolean(getProperty( "org.apache.webbeans.spi.deployer.skipNoClassDefFoundTriggers")); } + + public List<String> getProxyReservedPackages() + { + if (proxyReservedPackages == null) + { + synchronized (this) + { + if (proxyReservedPackages == null) + { + final String conf = getProperty("org.apache.webbeans.generator.proxyReservedPackages"); + if (conf == null) + { + proxyReservedPackages = asList("java.", "javax.", "sun.misc."); + } + else + { + proxyReservedPackages = Stream.concat( + Stream.of("java.", "javax.", "sun.misc."), + Stream.of(conf.split(",")) + .map(String::trim) + .filter(it -> !it.isEmpty())) + .distinct() + .collect(toList()); + } + } + } + } + return proxyReservedPackages; + } } diff --git a/webbeans-impl/src/main/java/org/apache/webbeans/custom/signed/CustomSignedProxyPackageMarker.java b/webbeans-impl/src/main/java/org/apache/webbeans/custom/signed/CustomSignedProxyPackageMarker.java new file mode 100644 index 0000000..70ce1eb --- /dev/null +++ b/webbeans-impl/src/main/java/org/apache/webbeans/custom/signed/CustomSignedProxyPackageMarker.java @@ -0,0 +1,23 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ +package org.apache.webbeans.custom.signed; + +public interface CustomSignedProxyPackageMarker +{ +} diff --git a/webbeans-impl/src/main/java/org/apache/webbeans/proxy/AbstractProxyFactory.java b/webbeans-impl/src/main/java/org/apache/webbeans/proxy/AbstractProxyFactory.java index 47c67aa..9cc9d52 100644 --- a/webbeans-impl/src/main/java/org/apache/webbeans/proxy/AbstractProxyFactory.java +++ b/webbeans-impl/src/main/java/org/apache/webbeans/proxy/AbstractProxyFactory.java @@ -266,12 +266,14 @@ public abstract class AbstractProxyFactory { // avoid java.lang.SecurityException: class's signer information // does not match signer information of other classes in the same package - return "org.apache.webbeans.custom.signed." + classToProxy.getName(); + return "org.apache.webbeans.custom.signed." + + classToProxy.getSimpleName() + + Math.abs(classToProxy.hashCode()); // to include somehow the package too even if unlikely } protected String fixPreservedPackages(final String proxyClassName) { - return Stream.of("java.", "javax.", "jakarta.", "sun.misc.") + return webBeansContext.getOpenWebBeansConfiguration().getProxyReservedPackages().stream() .filter(proxyClassName::startsWith) .findFirst() // can only be one, you can't start with 2 of them .map(it -> fixPreservedPackage(proxyClassName, it)) @@ -289,7 +291,9 @@ public abstract class AbstractProxyFactory if (className.startsWith(forbiddenPackagePrefix)) { - fixedClassName = "org.apache.webbeans.custom." + className.substring(className.lastIndexOf('.') + 1); + fixedClassName = "org.apache.webbeans.custom." + + className.substring(className.lastIndexOf('.') + 1) + + Math.abs(className.hashCode()); // to include somehow the package too even if unlikely } return fixedClassName; diff --git a/webbeans-impl/src/main/java/org/apache/webbeans/proxy/Unsafe.java b/webbeans-impl/src/main/java/org/apache/webbeans/proxy/Unsafe.java index f0b49c3..850b523 100644 --- a/webbeans-impl/src/main/java/org/apache/webbeans/proxy/Unsafe.java +++ b/webbeans-impl/src/main/java/org/apache/webbeans/proxy/Unsafe.java @@ -31,6 +31,7 @@ import java.util.stream.IntStream; import java.util.stream.Stream; import org.apache.webbeans.custom.CustomProxyPackageMarker; +import org.apache.webbeans.custom.signed.CustomSignedProxyPackageMarker; import org.apache.webbeans.exception.ProxyGenerationException; import org.apache.webbeans.logger.WebBeansLoggerFacade; @@ -222,8 +223,10 @@ public class Unsafe final MethodHandles.Lookup lookupInstance = MethodHandles.Lookup.class.cast( privateLookup.invoke( null, - proxyName.startsWith("org.apache.webbeans.custom.") ? - CustomProxyPackageMarker.class : parent, + proxyName.startsWith("org.apache.webbeans.custom.signed.") ? + CustomSignedProxyPackageMarker.class : + proxyName.startsWith("org.apache.webbeans.custom.") ? + CustomProxyPackageMarker.class : parent, lookup)); return (Class<T>) defineClass.invoke(lookupInstance, proxyBytes); } diff --git a/webbeans-impl/src/main/resources/META-INF/openwebbeans/openwebbeans.properties b/webbeans-impl/src/main/resources/META-INF/openwebbeans/openwebbeans.properties index be7125f..bb4aa65 100644 --- a/webbeans-impl/src/main/resources/META-INF/openwebbeans/openwebbeans.properties +++ b/webbeans-impl/src/main/resources/META-INF/openwebbeans/openwebbeans.properties @@ -86,6 +86,12 @@ org.apache.webbeans.spi.LoaderService=org.apache.webbeans.service.DefaultLoaderS #################################### SEVERAL CONFIGURATION PARAMETERS ########################## ################################################################################################ +#################################### Proxy forbidden packages ################################## +# which packages are forbidden for proxies, note that the defaults are always enforced +# so you don't need to add them when you append custom packages +# org.apache.webbeans.generator.proxyReservedPackages = java,javax,sun.misc +################################################################################################ + #################################### Use Embedded OpenEJB Discovery ############################ #If it is true, it checks every bean class whether or not represent EJB Bean org.apache.webbeans.spi.deployer.useEjbMetaDataDiscoveryService=false