do expressions consistently with other engines
This commit is contained in:
Robert Muir
parent
2169a123a5
commit
3c419c2186
|
|
@ -45,6 +45,7 @@ import org.elasticsearch.script.SearchScript;
|
||||||
import org.elasticsearch.search.MultiValueMode;
|
import org.elasticsearch.search.MultiValueMode;
|
||||||
import org.elasticsearch.search.lookup.SearchLookup;
|
import org.elasticsearch.search.lookup.SearchLookup;
|
||||||
|
|
||||||
|
import java.security.AccessControlContext;
|
||||||
import java.security.AccessController;
|
import java.security.AccessController;
|
||||||
import java.security.PrivilegedAction;
|
import java.security.PrivilegedAction;
|
||||||
import java.text.ParseException;
|
import java.text.ParseException;
|
||||||
|
|
@ -104,13 +105,15 @@ public class ExpressionScriptEngineService extends AbstractComponent implements
|
||||||
@Override
|
@Override
|
||||||
public Expression run() {
|
public Expression run() {
|
||||||
try {
|
try {
|
||||||
|
// snapshot our context here, we check on behalf of the expression
|
||||||
|
AccessControlContext engineContext = AccessController.getContext();
|
||||||
ClassLoader loader = getClass().getClassLoader();
|
ClassLoader loader = getClass().getClassLoader();
|
||||||
if (sm != null) {
|
if (sm != null) {
|
||||||
loader = new ClassLoader(loader) {
|
loader = new ClassLoader(loader) {
|
||||||
@Override
|
@Override
|
||||||
protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {
|
protected Class<?> loadClass(String name, boolean resolve) throws ClassNotFoundException {
|
||||||
try {
|
try {
|
||||||
sm.checkPermission(new ClassPermission(name));
|
engineContext.checkPermission(new ClassPermission(name));
|
||||||
} catch (SecurityException e) {
|
} catch (SecurityException e) {
|
||||||
throw new ClassNotFoundException(name, e);
|
throw new ClassNotFoundException(name, e);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue