8009554: Improve SerialJavaObject.getFields

Reviewed-by: alanb, skoivu, mchung
This commit is contained in:
Lance Andersen 2013-03-28 06:55:42 -04:00
parent d168b09c44
commit 7fc34775d1

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,6 +30,7 @@ import java.lang.reflect.*;
import java.util.Arrays;
import java.util.Vector;
import javax.sql.rowset.RowSetWarning;
import sun.reflect.Reflection;
/**
* A serializable mapping in the Java programming language of an SQL
@ -119,10 +120,19 @@ public class SerialJavaObject implements Serializable, Cloneable {
* @return an array of <code>Field</code> objects
* @throws SerialException if an error is encountered accessing
* the serialized object
* @throws SecurityException If a security manager, <i>s</i>, is present
* and the caller's class loader is not the same as or an
* ancestor of the class loader for the class of the
* {@linkplain #getObject object} being serialized
* and invocation of {@link SecurityManager#checkPackageAccess
* s.checkPackageAccess()} denies access to the package
* of that class.
* @see Class#getFields
*/
public Field[] getFields() throws SerialException {
if (fields != null) {
Class<?> c = this.obj.getClass();
checkPackageAccess(c);
return c.getFields();
} else {
throw new SerialException("SerialJavaObject does not contain" +
@ -254,4 +264,38 @@ public class SerialJavaObject implements Serializable, Cloneable {
}
return false;
}
/*
* Check if the caller is allowed to access the specified class's package. If access is denied,
* throw a SecurityException.
*
*/
private void checkPackageAccess(Class<?> clz) {
SecurityManager s = System.getSecurityManager();
if (s != null) {
if (sun.reflect.misc.ReflectUtil.needsPackageAccessCheck(
getCallerClassLoader(), clz.getClassLoader())) {
String name = clz.getName();
int i = name.lastIndexOf('.');
if (i != -1) {
s.checkPackageAccess(name.substring(0, i));
}
}
}
}
/* Internal method used to get the caller's caller class loader.
* Caution is required if you attempt to make changes as this method assumes
* the following stack frame count:
* 0: Reflection
* 1: getCallerClassLoader
* 2: checkPackageAccess
* 3: getFields
* 4: caller of getFields
*/
private static ClassLoader getCallerClassLoader() {
Class<?> cc = Reflection.getCallerClass(4);
ClassLoader cl = (cc != null) ? cc.getClassLoader() : null;
return cl;
}
}