From 8dc05611c2356bcfa0aebb738e104dfc026d559e Mon Sep 17 00:00:00 2001 From: markt Date: Mon, 27 Oct 2008 17:28:16 +0000 Subject: [PATCH] Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=46096 Allow for running under a security manager when processing annotations. git-svn-id: https://svn.apache.org/repos/asf/tomcat/trunk@708243 13f79535-47bb-0310-9956-ffa450edef68 --- .../catalina/core/DefaultInstanceManager.java | 42 +++++++++++++++++++--- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/java/org/apache/catalina/core/DefaultInstanceManager.java b/java/org/apache/catalina/core/DefaultInstanceManager.java index 0997cc69a..cc7a76fed 100644 --- a/java/org/apache/catalina/core/DefaultInstanceManager.java +++ b/java/org/apache/catalina/core/DefaultInstanceManager.java @@ -26,6 +26,7 @@ import java.lang.reflect.Modifier; import java.util.Map; import java.util.Properties; import java.security.AccessController; +import java.security.PrivilegedAction; import java.security.PrivilegedExceptionAction; import java.security.PrivilegedActionException; import java.io.InputStream; @@ -46,6 +47,7 @@ import javax.servlet.Servlet; import org.apache.InstanceManager; import org.apache.catalina.security.SecurityUtil; import org.apache.catalina.ContainerServlet; +import org.apache.catalina.Globals; import org.apache.catalina.core.Constants; import org.apache.catalina.util.StringManager; @@ -150,14 +152,24 @@ public class DefaultInstanceManager implements InstanceManager { * @throws java.lang.reflect.InvocationTargetException * if call fails */ - protected void postConstruct(Object instance, Class clazz) + protected void postConstruct(Object instance, final Class clazz) throws IllegalAccessException, InvocationTargetException { Class superClass = clazz.getSuperclass(); if (superClass != Object.class) { postConstruct(instance, superClass); } - Method[] methods = clazz.getDeclaredMethods(); + Method[] methods = null; + if (Globals.IS_SECURITY_ENABLED) { + methods = AccessController.doPrivileged( + new PrivilegedAction(){ + public Method[] run(){ + return clazz.getDeclaredMethods(); + } + }); + } else { + methods = clazz.getDeclaredMethods(); + } Method postConstruct = null; for (Method method : methods) { if (method.isAnnotationPresent(PostConstruct.class)) { @@ -249,7 +261,18 @@ public class DefaultInstanceManager implements InstanceManager { while (clazz != null) { // Initialize fields annotations - Field[] fields = clazz.getDeclaredFields(); + Field[] fields = null; + if (Globals.IS_SECURITY_ENABLED) { + final Class clazz2 = clazz; + fields = AccessController.doPrivileged( + new PrivilegedAction(){ + public Field[] run(){ + return clazz2.getDeclaredFields(); + } + }); + } else { + fields = clazz.getDeclaredFields(); + } for (Field field : fields) { if (injections != null && injections.containsKey(field.getName())) { lookupFieldResource(context, instance, field, @@ -281,7 +304,18 @@ public class DefaultInstanceManager implements InstanceManager { } // Initialize methods annotations - Method[] methods = clazz.getDeclaredMethods(); + Method[] methods = null; + if (Globals.IS_SECURITY_ENABLED) { + final Class clazz2 = clazz; + methods = AccessController.doPrivileged( + new PrivilegedAction(){ + public Method[] run(){ + return clazz2.getDeclaredMethods(); + } + }); + } else { + methods = clazz.getDeclaredMethods(); + } for (Method method : methods) { String methodName = method.getName(); if (injections != null && methodName.startsWith("set") && methodName.length() > 3) { -- 2.11.0