/
SecurityActions.java
122 lines (103 loc) · 4.8 KB
/
SecurityActions.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
package org.infinispan.commons.util;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Arrays;
import org.infinispan.commons.CacheException;
/**
* Privileged actions for the package
*
* Do not move. Do not change class and method visibility to avoid being called from other
* {@link java.security.CodeSource}s, thus granting privilege escalation to external code.
*
* @author Scott.Stark@jboss.org
* @since 4.2
*/
final class SecurityActions {
interface SysProps {
SysProps NON_PRIVILEGED = new SysProps() {
@Override
public String getProperty(final String name, final String defaultValue) {
return System.getProperty(name, defaultValue);
}
@Override
public String getProperty(final String name) {
return System.getProperty(name);
}
};
SysProps PRIVILEGED = new SysProps() {
@Override
public String getProperty(final String name, final String defaultValue) {
return AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty(name, defaultValue));
}
@Override
public String getProperty(final String name) {
return AccessController.doPrivileged((PrivilegedAction<String>) () -> System.getProperty(name));
}
};
String getProperty(String name, String defaultValue);
String getProperty(String name);
}
static String getProperty(String name, String defaultValue) {
if (System.getSecurityManager() == null)
return SysProps.NON_PRIVILEGED.getProperty(name, defaultValue);
return SysProps.PRIVILEGED.getProperty(name, defaultValue);
}
static String getProperty(String name) {
if (System.getSecurityManager() == null)
return SysProps.NON_PRIVILEGED.getProperty(name);
return SysProps.PRIVILEGED.getProperty(name);
}
private static <T> T doPrivileged(PrivilegedAction<T> action) {
if (System.getSecurityManager() != null) {
return AccessController.doPrivileged(action);
} else {
return action.run();
}
}
static Object invokeAccessibly(Object instance, Method method, Object[] parameters) {
return doPrivileged(() -> {
try {
method.setAccessible(true);
return method.invoke(instance, parameters);
} catch (InvocationTargetException e) {
Throwable cause = e.getCause() != null ? e.getCause() : e;
throw new CacheException("Unable to invoke method " + method + " on object of type " + (instance == null ? "null" : instance.getClass().getSimpleName()) +
(parameters != null ? " with parameters " + Arrays.asList(parameters) : ""), cause);
} catch (Exception e) {
throw new CacheException("Unable to invoke method " + method + " on object of type " + (instance == null ? "null" : instance.getClass().getSimpleName()) +
(parameters != null ? " with parameters " + Arrays.asList(parameters) : ""), e);
}
});
}
static ClassLoader[] getClassLoaders(ClassLoader appClassLoader) {
return doPrivileged(() -> new ClassLoader[]{
appClassLoader, // User defined classes
Util.class.getClassLoader(), // Infinispan classes (not always on TCCL [modular env])
ClassLoader.getSystemClassLoader(), // Used when load time instrumentation is in effect
Thread.currentThread().getContextClassLoader() //Used by jboss-as stuff
});
}
private static ClassLoader getOSGiClassLoader() {
// Make loading class optional
try {
Class<?> osgiClassLoader = Class.forName("org.infinispan.commons.util.OsgiClassLoader");
return (ClassLoader) osgiClassLoader.getMethod("getInstance", null).invoke(null);
} catch (ClassNotFoundException e) {
// fall back option - it can't hurt if we scan ctx class loader 2 times.
return Thread.currentThread().getContextClassLoader();
} catch (Exception e) {
throw new RuntimeException("Unable to call getInstance on OsgiClassLoader", e);
}
}
static ClassLoader[] getOSGIContextClassLoaders(ClassLoader appClassLoader) {
return doPrivileged(() -> new ClassLoader[]{
appClassLoader, // User defined classes
getOSGiClassLoader(), // OSGi bundle context needs to be on top of TCCL, system CL, etc.
Util.class.getClassLoader(), // Infinispan classes (not always on TCCL [modular env])
ClassLoader.getSystemClassLoader(), // Used when load time instrumentation is in effect
Thread.currentThread().getContextClassLoader() //Used by jboss-as stuff
});
}
}