Fix J2 security issue as reported in TUSCANY-2846

git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@743922 13f79535-47bb-0310-9956-ffa450edef68
author: rfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68> 2009-02-12 23:16:29 +0000
committer: rfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68> 2009-02-12 23:16:29 +0000
commit: 3813b954d54687c720526a76254b219400570f2d (patch)
tree: e78ace3f8e6aa8ca74b020d4f2c723ed954458b5 /java/sca/modules/databinding-jaxb
parent: b6715ee3e9048154c28e62dda28df390afaea724 (diff)
1 files changed, 29 insertions, 4 deletions
diff --git a/java/sca/modules/databinding-jaxb/src/main/java/org/apache/tuscany/sca/databinding/jaxb/JAXBContextCache.java b/java/sca/modules/databinding-jaxb/src/main/java/org/apache/tuscany/sca/databinding/jaxb/JAXBContextCache.java
index 4a4f21f259..26da0132e8 100644
--- a/java/sca/modules/databinding-jaxb/src/main/java/org/apache/tuscany/sca/databinding/jaxb/JAXBContextCache.java
+++ b/java/sca/modules/databinding-jaxb/src/main/java/org/apache/tuscany/sca/databinding/jaxb/JAXBContextCache.java
@@ -108,9 +108,34 @@ public class JAXBContextCache {
         defaultContext = getDefaultJAXBContext();
     }
     
+    private static JAXBContext newJAXBContext(final Class<?>... classesToBeBound) throws JAXBException {
+        try {
+            return AccessController.doPrivileged(new PrivilegedExceptionAction<JAXBContext>() {
+                public JAXBContext run() throws JAXBException {
+                    return JAXBContext.newInstance(classesToBeBound);
+                }
+            });
+        } catch (PrivilegedActionException e) {
+            throw (JAXBException)e.getException();
+        }
+    }
+
+    private static JAXBContext newJAXBContext(final String contextPath, final ClassLoader classLoader)
+        throws JAXBException {
+        try {
+            return AccessController.doPrivileged(new PrivilegedExceptionAction<JAXBContext>() {
+                public JAXBContext run() throws JAXBException {
+                    return JAXBContext.newInstance(contextPath, classLoader);
+                }
+            });
+        } catch (PrivilegedActionException e) {
+            throw (JAXBException)e.getException();
+        }
+    }    
+    
     public static JAXBContext getDefaultJAXBContext() {
         try {
-            return JAXBContext.newInstance();
+            return newJAXBContext();
         } catch (JAXBException e) {
             throw new IllegalArgumentException(e);
         }
@@ -239,10 +264,10 @@ public class JAXBContextCache {
             }
 
             if (pkg != null && checkPackage(pkg.getName(), cls.getClassLoader())) {
-                context = JAXBContext.newInstance(pkg.getName(), cls.getClassLoader());
+                context = newJAXBContext(pkg.getName(), cls.getClassLoader());
                 cache.put(pkg, context);
             } else {
-                context = JAXBContext.newInstance(cls);
+                context = newJAXBContext(cls);
                 cache.put(cls, context);
             }
             return context;
@@ -288,7 +313,7 @@ public class JAXBContextCache {
             if (context != null) {
                 return context;
             }
-            context = JAXBContext.newInstance(classSet.toArray(new Class<?>[classSet.size()]));
+            context = newJAXBContext(classSet.toArray(new Class<?>[classSet.size()]));
             cache.put(classSet, context);
             return context;
         }
author	rfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68>	2009-02-12 23:16:29 +0000
committer	rfeng <rfeng@13f79535-47bb-0310-9956-ffa450edef68>	2009-02-12 23:16:29 +0000
commit	3813b954d54687c720526a76254b219400570f2d (patch)
tree	e78ace3f8e6aa8ca74b020d4f2c723ed954458b5 /java/sca/modules/databinding-jaxb
parent	b6715ee3e9048154c28e62dda28df390afaea724 (diff)