[HTTPASYNC-124] Add doPrivileged blocks to async client and connection

manager builders.
2017-07-20 20:52:39 -07:00 · 2017-07-20 20:52:39 -07:00 · fe6b90a8c6
parent 643ea6c3e0
commit fe6b90a8c6
3 changed files with 41 additions and 7 deletions
--- a/RELEASE_NOTES.txt
+++ b/RELEASE_NOTES.txt
@ -6,7 +6,10 @@
  Contributed by Gary Gregory <ggregory at apache.org>

 * [HTTPCLIENT-1858] Alleviate GC pressure due to wire logging.
+  Contributed by Gary Gregory <ggregory at apache.org>

+* [HTTPASYNC-124] Add doPrivileged blocks to async client and connection manager builders
+  Contributed by Jay Modi <jay at elastic dot co>

 Release 5.0-ALPHA2
 -------------------
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClientBuilder.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClientBuilder.java
@ -30,6 +30,8 @@ package org.apache.hc.client5.http.impl.async;
 import java.io.Closeable;
 import java.io.IOException;
 import java.net.ProxySelector;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.LinkedList;
@ -749,7 +751,7 @@ public class HttpAsyncClientBuilder {
        String userAgentCopy = this.userAgent;
        if (userAgentCopy == null) {
            if (systemProperties) {
-                userAgentCopy = System.getProperty("http.agent");
+                userAgentCopy = getProperty("http.agent", null);
            }
            if (userAgentCopy == null) {
                userAgentCopy = VersionInfo.getSoftwareInfo("Apache-HttpAsyncClient",
@ -831,8 +833,14 @@ public class HttpAsyncClientBuilder {
            if (proxy != null) {
                routePlannerCopy = new DefaultProxyRoutePlanner(proxy, schemePortResolverCopy);
            } else if (systemProperties) {
+                final ProxySelector defaultProxySelector = AccessController.doPrivileged(new PrivilegedAction<ProxySelector>() {
+                    @Override
+                    public ProxySelector run() {
+                        return ProxySelector.getDefault();
+                    }
+                });
                routePlannerCopy = new SystemDefaultRoutePlanner(
-                        schemePortResolverCopy, ProxySelector.getDefault());
+                        schemePortResolverCopy, defaultProxySelector);
            } else {
                routePlannerCopy = new DefaultRoutePlanner(schemePortResolverCopy);
            }
@ -874,7 +882,7 @@ public class HttpAsyncClientBuilder {
        ConnectionReuseStrategy reuseStrategyCopy = this.reuseStrategy;
        if (reuseStrategyCopy == null) {
            if (systemProperties) {
-                final String s = System.getProperty("http.keepAlive", "true");
+                final String s = getProperty("http.keepAlive", "true");
                if ("true".equalsIgnoreCase(s)) {
                    reuseStrategyCopy = DefaultConnectionReuseStrategy.INSTANCE;
                } else {
@ -998,4 +1006,13 @@ public class HttpAsyncClientBuilder {
                closeablesCopy);
    }

+    private String getProperty(final String key, final String defaultValue) {
+        return AccessController.doPrivileged(new PrivilegedAction<String>() {
+            @Override
+            public String run() {
+                return System.getProperty(key, defaultValue);
+            }
+        });
+    }
+
 }
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/PoolingAsyncClientConnectionManagerBuilder.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/nio/PoolingAsyncClientConnectionManagerBuilder.java
@ -37,6 +37,9 @@ import org.apache.hc.core5.pool.ConnPoolListener;
 import org.apache.hc.core5.pool.ConnPoolPolicy;
 import org.apache.hc.core5.util.TimeValue;

+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
 /**
 * Builder for {@link PoolingAsyncClientConnectionManager} instances.
 * <p>
@ -176,10 +179,7 @@ public class PoolingAsyncClientConnectionManagerBuilder {
        @SuppressWarnings("resource")
        final PoolingAsyncClientConnectionManager poolingmgr = new PoolingAsyncClientConnectionManager(
                RegistryBuilder.<TlsStrategy>create()
-                        .register("https", tlsStrategy != null ? tlsStrategy :
-                                (systemProperties ?
-                                        H2TlsStrategy.getSystemDefault() :
-                                        H2TlsStrategy.getDefault()))
+                        .register("https", getTlsStrategy())
                        .build(),
                schemePortResolver,
                dnsResolver,
@ -196,4 +196,18 @@ public class PoolingAsyncClientConnectionManagerBuilder {
        return poolingmgr;
    }

+    private TlsStrategy getTlsStrategy() {
+        if (tlsStrategy != null) {
+            return tlsStrategy;
+        } else if (systemProperties) {
+            return AccessController.doPrivileged(new PrivilegedAction<TlsStrategy>() {
+                @Override
+                public TlsStrategy run() {
+                    return H2TlsStrategy.getSystemDefault();
+                }
+            });
+        } else {
+            return H2TlsStrategy.getDefault();
+        }
+    }
 }