[MODULES-173] Use propagated security context to seed file resource l…

…oading

src/main/java/org/jboss/modules/FileEntryResource.java

@@ -23,12 +23,13 @@
 package org.jboss.modules;
 
 import java.io.File;
-import java.io.FileInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
+import java.security.AccessControlContext;
 
 /**
+ * A file entry resource.
  *
  * @author <a href="mailto:david.lloyd@redhat.com">David M. Lloyd</a>
  */
@@ -37,11 +38,13 @@ final class FileEntryResource implements Resource {
     private final String name;
     private final File file;
     private final URL url;
+    private final AccessControlContext context;
 
-    FileEntryResource(final String name, final File file, final URL url) {
+    FileEntryResource(final String name, final File file, final URL url, final AccessControlContext context) {
         this.name = name;
         this.file = file;
         this.url = url;
+        this.context = context;
     }
 
     public long getSize() {
@@ -57,6 +60,6 @@ public URL getURL() {
     }
 
     public InputStream openStream() throws IOException {
-        return new FileInputStream(file);
+        return FileResourceLoader.openFile(file, context);
     }
 }

src/main/java/org/jboss/modules/FileResourceLoader.java

@@ -31,10 +31,15 @@
 import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.io.OutputStreamWriter;
+import java.lang.reflect.UndeclaredThrowableException;
 import java.net.MalformedURLException;
 import java.net.URL;
+import java.security.AccessControlContext;
+import java.security.AccessController;
 import java.security.CodeSigner;
 import java.security.CodeSource;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -52,15 +57,19 @@ final class FileResourceLoader extends NativeLibraryResourceLoader implements It
     private final String rootName;
     private final Manifest manifest;
     private final CodeSource codeSource;
+    private final AccessControlContext context;
 
-    FileResourceLoader(final String rootName, final File root) {
+    FileResourceLoader(final String rootName, final File root, final AccessControlContext context) {
         super(root);
         if (root == null) {
             throw new IllegalArgumentException("root is null");
         }
         if (rootName == null) {
             throw new IllegalArgumentException("rootName is null");
         }
+        if (context == null) {
+            throw new IllegalArgumentException("context is null");
+        }
         this.rootName = rootName;
         final File manifestFile = new File(root, "META-INF" + File.separatorChar + "MANIFEST.MF");
         manifest = readManifestFile(manifestFile);
@@ -70,6 +79,7 @@ final class FileResourceLoader extends NativeLibraryResourceLoader implements It
         } catch (MalformedURLException e) {
             throw new IllegalArgumentException("Invalid root file specified", e);
         }
+        this.context = context;
         codeSource = new CodeSource(rootUrl, (CodeSigner[])null);
     }
 
@@ -85,6 +95,31 @@ public String getRootName() {
         return rootName;
     }
 
+    static final FileInputStream openFile(final File file, final AccessControlContext context) throws IOException {
+        final SecurityManager sm = System.getSecurityManager();
+        if (sm != null) {
+            try {
+                return AccessController.doPrivileged(new PrivilegedExceptionAction<FileInputStream>() {
+                    public FileInputStream run() throws IOException {
+                        return new FileInputStream(file);
+                    }
+                }, context);
+            } catch (PrivilegedActionException e) {
+                try {
+                    throw e.getException();
+                } catch (RuntimeException e1) {
+                    throw e1;
+                } catch (IOException e1) {
+                    throw e1;
+                } catch (Exception e1) {
+                    throw new UndeclaredThrowableException(e1);
+                }
+            }
+        } else {
+            return new FileInputStream(file);
+        }
+    }
+
     public ClassSpec getClassSpec(final String fileName) throws IOException {
         final File file = new File(getRoot(), fileName);
         if (! file.exists()) {
@@ -93,7 +128,7 @@ public ClassSpec getClassSpec(final String fileName) throws IOException {
         final long size = file.length();
         final ClassSpec spec = new ClassSpec();
         spec.setCodeSource(codeSource);
-        final InputStream is = new FileInputStream(file);
+        final InputStream is = openFile(file, context);
         try {
             if (size <= (long) Integer.MAX_VALUE) {
                 final int castSize = (int) size;
@@ -125,7 +160,7 @@ public Resource getResource(final String name) {
             if (! file.exists()) {
                 return null;
             }
-            return new FileEntryResource(canonPath, file, file.toURI().toURL());
+            return new FileEntryResource(canonPath, file, file.toURI().toURL(), context);
         } catch (MalformedURLException e) {
             // must be invalid...?  (todo: check this out)
             return null;
@@ -174,7 +209,7 @@ public boolean hasNext() {
                 i++;
                 if (file.isFile()) {
                     try {
-                        next = new FileEntryResource(full, file, file.toURI().toURL());
+                        next = new FileEntryResource(full, file, file.toURI().toURL(), context);
                         return true;
                     } catch (MalformedURLException ignored) {
                     }

src/main/java/org/jboss/modules/JarModuleFinder.java

@@ -25,6 +25,8 @@
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.AccessControlContext;
+import java.security.AccessController;
 import java.util.jar.Attributes;
 import java.util.jar.JarEntry;
 import java.util.jar.JarFile;
@@ -40,6 +42,7 @@
 public final class JarModuleFinder implements ModuleFinder {
     private final ModuleIdentifier myIdentifier;
     private final JarFile jarFile;
+    private final AccessControlContext context;
 
     /**
      * Construct a new instance.
@@ -50,6 +53,7 @@ public final class JarModuleFinder implements ModuleFinder {
     public JarModuleFinder(final ModuleIdentifier myIdentifier, final JarFile jarFile) {
         this.myIdentifier = myIdentifier;
         this.jarFile = jarFile;
+        context = AccessController.getContext();
     }
 
     public ModuleSpec findModule(final ModuleIdentifier identifier, final ModuleLoader delegateLoader) throws ModuleLoadException {
@@ -83,7 +87,7 @@ public ModuleSpec findModule(final ModuleIdentifier identifier, final ModuleLoad
                     if (entry.endsWith("/")) {
                         // directory reference
                         File root = new File(jarFile.getName(), entry);
-                        FileResourceLoader resourceLoader = new FileResourceLoader(entry, root);
+                        FileResourceLoader resourceLoader = new FileResourceLoader(entry, root, context);
                         builder.addResourceRoot(ResourceLoaderSpec.createResourceLoaderSpec(resourceLoader));
                     } else {
                         // assume a JAR

src/main/java/org/jboss/modules/LocalModuleFinder.java

@@ -34,6 +34,7 @@
 import org.jboss.modules.filter.PathFilters;
 
 import static java.security.AccessController.doPrivileged;
+import static java.security.AccessController.getContext;
 
 /**
  * A module finder which locates module specifications which are stored in a local module
@@ -150,7 +151,7 @@ public ModuleSpec run() throws Exception {
                             final File file = new File(root, child);
                             final File moduleXml = new File(file, "module.xml");
                             if (moduleXml.exists()) {
-                                final ModuleSpec spec = ModuleXmlParser.parseModuleXml(delegateLoader, identifier, file, moduleXml);
+                                final ModuleSpec spec = ModuleXmlParser.parseModuleXml(delegateLoader, identifier, file, moduleXml, accessControlContext);
                                 if (spec == null) break;
                                 return spec;
                             }
@@ -191,7 +192,7 @@ public static ModuleSpec parseModuleXmlFile(final ModuleIdentifier identifier, f
             final File file = new File(root, child);
             final File moduleXml = new File(file, "module.xml");
             if (moduleXml.exists()) {
-                final ModuleSpec spec = ModuleXmlParser.parseModuleXml(delegateLoader, identifier, file, moduleXml);
+                final ModuleSpec spec = ModuleXmlParser.parseModuleXml(delegateLoader, identifier, file, moduleXml, getContext());
                 if (spec == null) break;
                 return spec;
             }

src/main/java/org/jboss/modules/ModuleXmlParser.java

@@ -28,6 +28,7 @@
 import java.io.FileNotFoundException;
 import java.io.IOException;
 import java.io.InputStream;
+import java.security.AccessControlContext;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
@@ -120,7 +121,7 @@ private ModuleXmlParser() {
     private static final String D_IMPORT = "import";
     private static final String D_EXPORT = "export";
 
-    static ModuleSpec parseModuleXml(final ModuleLoader moduleLoader, final ModuleIdentifier moduleIdentifier, final File root, final File moduleInfoFile) throws ModuleLoadException, IOException {
+    static ModuleSpec parseModuleXml(final ModuleLoader moduleLoader, final ModuleIdentifier moduleIdentifier, final File root, final File moduleInfoFile, final AccessControlContext context) throws ModuleLoadException, IOException {
         final FileInputStream fis;
         try {
             fis = new FileInputStream(moduleInfoFile);
@@ -129,10 +130,10 @@ static ModuleSpec parseModuleXml(final ModuleLoader moduleLoader, final ModuleId
         }
         try {
             return parseModuleXml(new ResourceRootFactory() {
-                public ResourceLoader createResourceLoader(final String rootPath, final String loaderPath, final String loaderName) throws IOException {
+                    public ResourceLoader createResourceLoader(final String rootPath, final String loaderPath, final String loaderName) throws IOException {
                         File file = new File(rootPath, loaderPath);
                         if (file.isDirectory()) {
-                            return new FileResourceLoader(loaderName, file);
+                            return new FileResourceLoader(loaderName, file, context);
                         } else {
                             final JarFile jarFile = new JarFile(file, true);
                             return new JarFileResourceLoader(loaderName, jarFile);

src/main/java/org/jboss/modules/ResourceLoaders.java

@@ -55,7 +55,7 @@ private ResourceLoaders() {
      * @return the resource loader
      */
     public static ResourceLoader createFileResourceLoader(final String name, final File root) {
-        return new FileResourceLoader(name, root);
+        return new FileResourceLoader(name, root, AccessController.getContext());
     }
 
     /**
@@ -67,7 +67,7 @@ public static ResourceLoader createFileResourceLoader(final String name, final F
      * @return the resource loader
      */
     public static IterableResourceLoader createIterableFileResourceLoader(final String name, final File root) {
-        return new FileResourceLoader(name, root);
+        return new FileResourceLoader(name, root, AccessController.getContext());
     }
 
     /**

src/test/java/org/jboss/modules/FileResourceLoaderTest.java

@@ -26,6 +26,7 @@
 import org.junit.Assert;
 
 import java.io.File;
+import java.security.AccessController;
 
 /**
  * Test the functionality of the FileResourceLoader
@@ -40,7 +41,7 @@ protected ResourceLoader createLoader(final PathFilter exportFilter) throws Exce
         resourceRoot = getResource("test/fileresourceloader");
         // Copy the classfile over
         copyResource("org/jboss/modules/test/TestClass.class", "test/fileresourceloader", "org/jboss/modules/test");
-        return new FileResourceLoader("test-root", resourceRoot);
+        return new FileResourceLoader("test-root", resourceRoot, AccessController.getContext());
     }
 
     @Override