stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8009554: Improve SerialJavaObject.getFields

Browse Source 
Reviewed-by: alanb, skoivu, mchung
This commit is contained in:
Lance Andersen 2013-03-28 06:55:42 -04:00
parent d168b09c44
commit 7fc34775d1
1 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
jdk/src/share/classes/javax/sql/rowset/serial/SerialJavaObject.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -30,6 +30,7 @@ import java.lang.reflect.*;
import java.util.Arrays; import java.util.Arrays;
import java.util.Vector; import java.util.Vector;
import javax.sql.rowset.RowSetWarning; import javax.sql.rowset.RowSetWarning;
import sun.reflect.Reflection;
/** /**
* A serializable mapping in the Java programming language of an SQL * A serializable mapping in the Java programming language of an SQL
@ -119,10 +120,19 @@ public class SerialJavaObject implements Serializable, Cloneable {
* @return an array of <code>Field</code> objects * @return an array of <code>Field</code> objects
* @throws SerialException if an error is encountered accessing * @throws SerialException if an error is encountered accessing
* the serialized object * the serialized object
* @throws SecurityException If a security manager, <i>s</i>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the class of the
* {@linkplain #getObject object} being serialized
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of that class.
* @see Class#getFields
*/ */
public Field[] getFields() throws SerialException { public Field[] getFields() throws SerialException {
if (fields != null) { if (fields != null) {
Class<?> c = this.obj.getClass(); Class<?> c = this.obj.getClass();
checkPackageAccess(c);
return c.getFields(); return c.getFields();
} else { } else {
throw new SerialException("SerialJavaObject does not contain" + throw new SerialException("SerialJavaObject does not contain" +
@ -254,4 +264,38 @@ public class SerialJavaObject implements Serializable, Cloneable {
} }
return false; return false;
} }
/*
* Check if the caller is allowed to access the specified class's package. If access is denied,
* throw a SecurityException.
*
*/
private void checkPackageAccess(Class<?> clz) {
SecurityManager s = System.getSecurityManager();
if (s != null) {
if (sun.reflect.misc.ReflectUtil.needsPackageAccessCheck(
getCallerClassLoader(), clz.getClassLoader())) {
String name = clz.getName();
int i = name.lastIndexOf('.');
if (i != -1) {
s.checkPackageAccess(name.substring(0, i));
}
}
}
}
/* Internal method used to get the caller's caller class loader.
* Caution is required if you attempt to make changes as this method assumes
* the following stack frame count:
* 0: Reflection
* 1: getCallerClassLoader
* 2: checkPackageAccess
* 3: getFields
* 4: caller of getFields
*/
private static ClassLoader getCallerClassLoader() {
Class<?> cc = Reflection.getCallerClass(4);
ClassLoader cl = (cc != null) ? cc.getClassLoader() : null;
return cl;
}
} }