+ add security manager checks to avoid the creation of inner privileged action classes

0179c66d · Costin Leau · 04b619eb · 0179c66d
隐藏空白更改
内联并排

Showing with 22 addition and 15 deletion

org.springframework.beans/src/main/java/org/springframework/beans/factory/support/SimpleInstantiationStrategy.java ...rk/beans/factory/support/SimpleInstantiationStrategy.java +22 -15

未找到文件。
--- a/org.springframework.beans/src/main/java/org/springframework/beans/factory/support/SimpleInstantiationStrategy.java
+++ b/org.springframework.beans/src/main/java/org/springframework/beans/factory/support/SimpleInstantiationStrategy.java
@@ -54,12 +54,15 @@ public class SimpleInstantiationStrategy implements InstantiationStrategy {
 					throw new BeanInstantiationException(clazz, "Specified class is an interface");
 				}
 				try {
-					constructorToUse = AccessController.doPrivileged(new PrivilegedExceptionAction<Constructor>() {
-
-						public Constructor run() throws Exception {
-							return clazz.getDeclaredConstructor((Class[]) null);
-						}
-					});
+					if (System.getSecurityManager() != null) {
+						constructorToUse = AccessController.doPrivileged(new PrivilegedExceptionAction<Constructor>() {
+							public Constructor run() throws Exception {
+								return clazz.getDeclaredConstructor((Class[]) null);
+							}
+						});
+					} else {
+						constructorToUse =	clazz.getDeclaredConstructor((Class[]) null);
+					}
 					beanDefinition.resolvedConstructorOrFactoryMethod = constructorToUse;
 				}
 				catch (Exception ex) {
@@ -127,14 +130,19 @@ public class SimpleInstantiationStrategy implements InstantiationStrategy {
 			Object factoryBean, final Method factoryMethod, Object[] args) {

 		try {
+			if (System.getSecurityManager() != null) {
+				AccessController.doPrivileged(new PrivilegedAction<Object>() {
+					public Object run() {
+						ReflectionUtils.makeAccessible(factoryMethod);
+						return null;
+					}
+				});
+			}
+			else {
+				ReflectionUtils.makeAccessible(factoryMethod);
+			}
+			
 			// It's a static method if the target is null.
-			AccessController.doPrivileged(new PrivilegedAction<Object>() {
-
-				public Object run() {
-					ReflectionUtils.makeAccessible(factoryMethod);
-					return null;
-				}
-			});
 			return factoryMethod.invoke(factoryBean, args);
 		}
 		catch (IllegalArgumentException ex) {
@@ -151,5 +159,4 @@ public class SimpleInstantiationStrategy implements InstantiationStrategy {
 					"Factory method [" + factoryMethod + "] threw exception", ex.getTargetException());
 		}
 	}
-
-}
+}
\ No newline at end of file