Author: mrglavas
Date: Mon Feb 25 04:21:39 2013
New Revision: 1449591
URL: http://svn.apache.org/r1449591
Log:
Align JAXP API factory code with ObjectFactory classes in Xerces and Xalan
which make explicit calls to checkPackageAccess() before loading classes.
Modified:
xerces/xml-commons/trunk/java/external/src/javax/xml/datatype/FactoryFinder.java
xerces/xml-commons/trunk/java/external/src/javax/xml/parsers/FactoryFinder.java
xerces/xml-commons/trunk/java/external/src/javax/xml/stream/FactoryFinder.java
xerces/xml-commons/trunk/java/external/src/javax/xml/transform/FactoryFinder.java
xerces/xml-commons/trunk/java/external/src/javax/xml/validation/SchemaFactoryFinder.java
xerces/xml-commons/trunk/java/external/src/javax/xml/xpath/XPathFactoryFinder.java
xerces/xml-commons/trunk/java/external/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java
xerces/xml-commons/trunk/java/external/src/org/xml/sax/helpers/NewInstance.java
Modified:
xerces/xml-commons/trunk/java/external/src/javax/xml/datatype/FactoryFinder.java
URL:
http://svn.apache.org/viewvc/xerces/xml-commons/trunk/java/external/src/javax/xml/datatype/FactoryFinder.java?rev=1449591&r1=1449590&r2=1449591&view=diff
==============================================================================
---
xerces/xml-commons/trunk/java/external/src/javax/xml/datatype/FactoryFinder.java
(original)
+++
xerces/xml-commons/trunk/java/external/src/javax/xml/datatype/FactoryFinder.java
Mon Feb 25 04:21:39 2013
@@ -147,6 +147,16 @@ final class FactoryFinder {
throws ConfigurationError {
try {
+ // throw security exception if the calling thread is not allowed
to access the package
+ // restrict the access to package as specified in java.security
policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
Class spiClass;
if (classLoader == null) {
spiClass = Class.forName(className);
Modified:
xerces/xml-commons/trunk/java/external/src/javax/xml/parsers/FactoryFinder.java
URL:
http://svn.apache.org/viewvc/xerces/xml-commons/trunk/java/external/src/javax/xml/parsers/FactoryFinder.java?rev=1449591&r1=1449590&r2=1449591&view=diff
==============================================================================
---
xerces/xml-commons/trunk/java/external/src/javax/xml/parsers/FactoryFinder.java
(original)
+++
xerces/xml-commons/trunk/java/external/src/javax/xml/parsers/FactoryFinder.java
Mon Feb 25 04:21:39 2013
@@ -100,6 +100,16 @@ final class FactoryFinder {
// assert(className != null);
try {
+ // throw security exception if the calling thread is not allowed
to access the package
+ // restrict the access to package as specified in java.security
policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
Class providerClass;
if (cl == null) {
// If classloader is null Use the bootstrap ClassLoader.
Modified:
xerces/xml-commons/trunk/java/external/src/javax/xml/stream/FactoryFinder.java
URL:
http://svn.apache.org/viewvc/xerces/xml-commons/trunk/java/external/src/javax/xml/stream/FactoryFinder.java?rev=1449591&r1=1449590&r2=1449591&view=diff
==============================================================================
---
xerces/xml-commons/trunk/java/external/src/javax/xml/stream/FactoryFinder.java
(original)
+++
xerces/xml-commons/trunk/java/external/src/javax/xml/stream/FactoryFinder.java
Mon Feb 25 04:21:39 2013
@@ -100,6 +100,16 @@ final class FactoryFinder {
// assert(className != null);
try {
+ // throw security exception if the calling thread is not allowed
to access the package
+ // restrict the access to package as specified in java.security
policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
Class providerClass;
if (cl == null) {
// If classloader is null Use the bootstrap ClassLoader.
Modified:
xerces/xml-commons/trunk/java/external/src/javax/xml/transform/FactoryFinder.java
URL:
http://svn.apache.org/viewvc/xerces/xml-commons/trunk/java/external/src/javax/xml/transform/FactoryFinder.java?rev=1449591&r1=1449590&r2=1449591&view=diff
==============================================================================
---
xerces/xml-commons/trunk/java/external/src/javax/xml/transform/FactoryFinder.java
(original)
+++
xerces/xml-commons/trunk/java/external/src/javax/xml/transform/FactoryFinder.java
Mon Feb 25 04:21:39 2013
@@ -100,6 +100,16 @@ final class FactoryFinder {
// assert(className != null);
try {
+ // throw security exception if the calling thread is not allowed
to access the package
+ // restrict the access to package as specified in java.security
policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
Class providerClass;
if (cl == null) {
// If classloader is null Use the bootstrap ClassLoader.
Modified:
xerces/xml-commons/trunk/java/external/src/javax/xml/validation/SchemaFactoryFinder.java
URL:
http://svn.apache.org/viewvc/xerces/xml-commons/trunk/java/external/src/javax/xml/validation/SchemaFactoryFinder.java?rev=1449591&r1=1449590&r2=1449591&view=diff
==============================================================================
---
xerces/xml-commons/trunk/java/external/src/javax/xml/validation/SchemaFactoryFinder.java
(original)
+++
xerces/xml-commons/trunk/java/external/src/javax/xml/validation/SchemaFactoryFinder.java
Mon Feb 25 04:21:39 2013
@@ -298,6 +298,16 @@ final class SchemaFactoryFinder {
*/
SchemaFactory createInstance( String className ) {
try {
+ // throw security exception if the calling thread is not allowed
to access the package
+ // restrict the access to package as specified in java.security
policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
if (debug) debugPrintln("instanciating "+className);
Class clazz;
if( classLoader!=null )
Modified:
xerces/xml-commons/trunk/java/external/src/javax/xml/xpath/XPathFactoryFinder.java
URL:
http://svn.apache.org/viewvc/xerces/xml-commons/trunk/java/external/src/javax/xml/xpath/XPathFactoryFinder.java?rev=1449591&r1=1449590&r2=1449591&view=diff
==============================================================================
---
xerces/xml-commons/trunk/java/external/src/javax/xml/xpath/XPathFactoryFinder.java
(original)
+++
xerces/xml-commons/trunk/java/external/src/javax/xml/xpath/XPathFactoryFinder.java
Mon Feb 25 04:21:39 2013
@@ -268,6 +268,16 @@ final class XPathFactoryFinder {
*/
XPathFactory createInstance( String className ) {
try {
+ // throw security exception if the calling thread is not allowed
to access the package
+ // restrict the access to package as specified in java.security
policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
if (debug) debugPrintln("instanciating "+className);
Class clazz;
if( classLoader!=null )
Modified:
xerces/xml-commons/trunk/java/external/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java
URL:
http://svn.apache.org/viewvc/xerces/xml-commons/trunk/java/external/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java?rev=1449591&r1=1449590&r2=1449591&view=diff
==============================================================================
---
xerces/xml-commons/trunk/java/external/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java
(original)
+++
xerces/xml-commons/trunk/java/external/src/org/w3c/dom/bootstrap/DOMImplementationRegistry.java
Mon Feb 25 04:21:39 2013
@@ -138,6 +138,16 @@ public final class DOMImplementationRegi
StringTokenizer st = new StringTokenizer(p);
while (st.hasMoreTokens()) {
String sourceName = st.nextToken();
+ // throw security exception if the calling thread is not
allowed to access the package
+ // restrict the access to package as specified in
java.security policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = sourceName.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = sourceName.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
// Use context class loader, falling back to Class.forName
// if and only if this fails...
Class sourceClass = null;
Modified:
xerces/xml-commons/trunk/java/external/src/org/xml/sax/helpers/NewInstance.java
URL:
http://svn.apache.org/viewvc/xerces/xml-commons/trunk/java/external/src/org/xml/sax/helpers/NewInstance.java?rev=1449591&r1=1449590&r2=1449591&view=diff
==============================================================================
---
xerces/xml-commons/trunk/java/external/src/org/xml/sax/helpers/NewInstance.java
(original)
+++
xerces/xml-commons/trunk/java/external/src/org/xml/sax/helpers/NewInstance.java
Mon Feb 25 04:21:39 2013
@@ -50,6 +50,16 @@ class NewInstance {
throws ClassNotFoundException, IllegalAccessException,
InstantiationException
{
+ // throw security exception if the calling thread is not allowed to
access the package
+ // restrict the access to package as specified in java.security policy
+ SecurityManager security = System.getSecurityManager();
+ if (security != null) {
+ final int lastDot = className.lastIndexOf('.');
+ if (lastDot != -1) {
+ String packageName = className.substring(0, lastDot);
+ security.checkPackageAccess(packageName);
+ }
+ }
Class driverClass;
if (classLoader == null) {
// XXX Use the bootstrap ClassLoader. There is no way to
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@xerces.apache.org
For additional commands, e-mail: commits-h...@xerces.apache.org
