[COLLECTIONS-538] Use AccessController to read system properties in ExtendedProperties, use File.separator in case of a security exception.

git-svn-id: https://svn.apache.org/repos/asf/commons/proper/collections/branches/COLLECTIONS_3_2_X@1713233 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Thomas Neidhart 2015-11-08 15:05:59 +00:00
parent eb693a7469
commit c0da312f34
3 changed files with 47 additions and 2 deletions

View File

@ -23,6 +23,12 @@
<release version="3.2.2" date="20XX-XX-XX" description="This is a bugfix release."> <release version="3.2.2" date="20XX-XX-XX" description="This is a bugfix release.">
<action issue="COLLECTIONS-538" dev="tn" type="fix" due-to="Trejkaz">
"ExtendedProperties" will now use a privileged action to access the
"file.separator" system property. In case the class does not have
permission to read system properties, the "File#separator" field will
be used instead.
</action>
<action issue="COLLECTIONS-350" dev="bayard" type="fix" due-to="Michael Akerman"> <action issue="COLLECTIONS-350" dev="bayard" type="fix" due-to="Michael Akerman">
Removed debug output in "MapUtils#getNumber(Map)". Removed debug output in "MapUtils#getNumber(Map)".
</action> </action>

View File

@ -26,6 +26,7 @@ import java.io.OutputStream;
import java.io.PrintWriter; import java.io.PrintWriter;
import java.io.Reader; import java.io.Reader;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.security.AccessController;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Enumeration; import java.util.Enumeration;
import java.util.Hashtable; import java.util.Hashtable;
@ -165,10 +166,22 @@ public class ExtendedProperties extends Hashtable {
/** /**
* File separator. * File separator.
*/ */
protected String fileSeparator = System.getProperty("file.separator"); protected String fileSeparator;
{
try {
fileSeparator = (String) AccessController.doPrivileged(
new java.security.PrivilegedAction() {
public Object run() {
return System.getProperty("file.separator");
}
});
} catch (SecurityException ex) {
fileSeparator = File.separator;
}
}
/** /**
* Has this configuration been intialized. * Has this configuration been initialized.
*/ */
protected boolean isInitialized = false; protected boolean isInitialized = false;

View File

@ -19,6 +19,7 @@ package org.apache.commons.collections;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.IOException; import java.io.IOException;
import java.security.Permission;
import java.util.Properties; import java.util.Properties;
import junit.framework.Test; import junit.framework.Test;
@ -314,4 +315,29 @@ public class TestExtendedProperties extends TestCase {
assertEquals("class", extended.getString("resource.loader")); assertEquals("class", extended.getString("resource.loader"));
} }
public void testActiveSecurityManager() {
SecurityManager manager = new SecurityManager() {
public void checkPropertyAccess(String key) {
throw new SecurityException();
}
public void checkPermission(Permission perm) {
}
};
System.setSecurityManager(manager);
try {
ExtendedProperties properties = new ExtendedProperties();
assertNotNull(properties);
} catch (Exception ex) {
ex.printStackTrace();
fail("failed to instantiate ExtendedProperties");
} finally {
System.setSecurityManager(null);
}
}
} }