diff --git a/src/share/classes/com/sun/beans/decoder/DocumentHandler.java b/src/share/classes/com/sun/beans/decoder/DocumentHandler.java index f454006ab7e1313e2241401230de39cce5a46d22..4bbb8f4a20107ffc7b91e766cc530602bd9d0c86 100644 --- a/src/share/classes/com/sun/beans/decoder/DocumentHandler.java +++ b/src/share/classes/com/sun/beans/decoder/DocumentHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -37,6 +37,9 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.PrivilegedAction; import javax.xml.parsers.ParserConfigurationException; import javax.xml.parsers.SAXParserFactory; @@ -46,6 +49,8 @@ import org.xml.sax.InputSource; import org.xml.sax.SAXException; import org.xml.sax.helpers.DefaultHandler; +import sun.misc.SharedSecrets; + /** * The main class to parse JavaBeans XML archive. * @@ -56,11 +61,10 @@ import org.xml.sax.helpers.DefaultHandler; * @see ElementHandler */ public final class DocumentHandler extends DefaultHandler { - private final Map> handlers = new HashMap>(); - - private final Map environment = new HashMap(); - - private final List objects = new ArrayList(); + private final AccessControlContext acc = AccessController.getContext(); + private final Map> handlers = new HashMap<>(); + private final Map environment = new HashMap<>(); + private final List objects = new ArrayList<>(); private Reference loader; private ExceptionListener listener; @@ -351,23 +355,32 @@ public final class DocumentHandler extends DefaultHandler { * * @param input the input source to parse */ - public void parse(InputSource input) { - try { - SAXParserFactory.newInstance().newSAXParser().parse(input, this); + public void parse(final InputSource input) { + if ((this.acc == null) && (null != System.getSecurityManager())) { + throw new SecurityException("AccessControlContext is not set"); } - catch (ParserConfigurationException exception) { - handleException(exception); - } - catch (SAXException wrapper) { - Exception exception = wrapper.getException(); - if (exception == null) { - exception = wrapper; + AccessControlContext stack = AccessController.getContext(); + SharedSecrets.getJavaSecurityAccess().doIntersectionPrivilege(new PrivilegedAction() { + public Void run() { + try { + SAXParserFactory.newInstance().newSAXParser().parse(input, DocumentHandler.this); + } + catch (ParserConfigurationException exception) { + handleException(exception); + } + catch (SAXException wrapper) { + Exception exception = wrapper.getException(); + if (exception == null) { + exception = wrapper; + } + handleException(exception); + } + catch (IOException exception) { + handleException(exception); + } + return null; } - handleException(exception); - } - catch (IOException exception) { - handleException(exception); - } + }, stack, this.acc); } /** diff --git a/src/share/classes/java/beans/XMLDecoder.java b/src/share/classes/java/beans/XMLDecoder.java index accef1199c98f7bedfa622d44d3d2c7d87d8dca8..2fb2fd0ef4de255eeabe3a2be17de36e5ea409e6 100644 --- a/src/share/classes/java/beans/XMLDecoder.java +++ b/src/share/classes/java/beans/XMLDecoder.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2000, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -29,6 +29,9 @@ import com.sun.beans.decoder.DocumentHandler; import java.io.Closeable; import java.io.InputStream; import java.io.IOException; +import java.security.AccessControlContext; +import java.security.AccessController; +import java.security.PrivilegedAction; import org.xml.sax.InputSource; import org.xml.sax.helpers.DefaultHandler; @@ -61,6 +64,7 @@ import org.xml.sax.helpers.DefaultHandler; * @author Philip Milne */ public class XMLDecoder implements AutoCloseable { + private final AccessControlContext acc = AccessController.getContext(); private final DocumentHandler handler = new DocumentHandler(); private final InputSource input; private Object owner; @@ -189,7 +193,15 @@ public class XMLDecoder implements AutoCloseable { return false; } if (this.array == null) { - this.handler.parse(this.input); + if ((this.acc == null) && (null != System.getSecurityManager())) { + throw new SecurityException("AccessControlContext is not set"); + } + AccessController.doPrivileged(new PrivilegedAction() { + public Void run() { + XMLDecoder.this.handler.parse(XMLDecoder.this.input); + return null; + } + }, this.acc); this.array = this.handler.getObjects(); } return true;