Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

427068 ServletContext.getClassLoader should only check privileges if a SecurityManager exists

This commit is contained in:
Jan Bartel 2014-01-31 16:24:00 +11:00
parent a09d05b5cb
commit d4368d1018
1 changed files with 42 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
jetty-server/src/main/java/org/eclipse/jetty/server/handler/ContextHandler.java
View File

@ -21,6 +21,8 @@ package org.eclipse.jetty.server.handler;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.net.URI; import java.net.URI;
import java.net.URL; import java.net.URL;
@ -2261,9 +2263,44 @@ public class ContextHandler extends ScopedHandler implements Attributes, Gracefu
@Override @Override
public ClassLoader getClassLoader() public ClassLoader getClassLoader()
{ {
if (!_enabled)
throw new UnsupportedOperationException();
//no security manager just return the classloader
if (System.getSecurityManager() == null)
return _classLoader;
else
{
//check to see if the classloader of the caller is the same as the context
//classloader, or a parent of it
try
{
Class reflect = Loader.loadClass(getClass(), "sun.reflect.Reflection");
Method getCallerClass = reflect.getMethod("getCallerClass", Integer.TYPE);
Class caller = (Class)getCallerClass.invoke(null, 2);
boolean ok = false;
ClassLoader callerLoader = caller.getClassLoader();
while (!ok && callerLoader != null)
{
if (callerLoader == _classLoader)
ok = true;
else
callerLoader = callerLoader.getParent();
}
if (ok)
return _classLoader;
}
catch (Exception e)
{
LOG.warn("Unable to check classloader of caller",e);
}
AccessController.checkPermission(new RuntimePermission("getClassLoader")); AccessController.checkPermission(new RuntimePermission("getClassLoader"));
return _classLoader; return _classLoader;
} }
}
@Override @Override
public JspConfigDescriptor getJspConfigDescriptor() public JspConfigDescriptor getJspConfigDescriptor()