7162473: ConstructorFinder/FieldFinder/MethodFinder gives access to restricted classes
Reviewed-by: art, ahgross
This commit is contained in:
parent
264a0511f0
commit
9ec1d58234
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -29,6 +29,8 @@ import com.sun.beans.WeakCache;
|
||||
import java.lang.reflect.Constructor;
|
||||
import java.lang.reflect.Modifier;
|
||||
|
||||
import static sun.reflect.misc.ReflectUtil.isPackageAccessible;
|
||||
|
||||
/**
|
||||
* This utility class provides {@code static} methods
|
||||
* to find a public constructor with specified parameter types
|
||||
@ -61,7 +63,7 @@ public final class ConstructorFinder extends AbstractFinder<Constructor<?>> {
|
||||
if (Modifier.isAbstract(type.getModifiers())) {
|
||||
throw new NoSuchMethodException("Abstract class cannot be instantiated");
|
||||
}
|
||||
if (!Modifier.isPublic(type.getModifiers())) {
|
||||
if (!Modifier.isPublic(type.getModifiers()) || !isPackageAccessible(type)) {
|
||||
throw new NoSuchMethodException("Class is not accessible");
|
||||
}
|
||||
PrimitiveWrapperMap.replacePrimitivesWithWrappers(args);
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2008, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -27,6 +27,8 @@ package com.sun.beans.finder;
|
||||
import java.lang.reflect.Field;
|
||||
import java.lang.reflect.Modifier;
|
||||
|
||||
import static sun.reflect.misc.ReflectUtil.isPackageAccessible;
|
||||
|
||||
/**
|
||||
* This utility class provides {@code static} methods
|
||||
* to find a public field with specified name
|
||||
@ -56,7 +58,8 @@ public final class FieldFinder {
|
||||
if (!Modifier.isPublic(field.getModifiers())) {
|
||||
throw new NoSuchFieldException("Field '" + name + "' is not public");
|
||||
}
|
||||
if (!Modifier.isPublic(field.getDeclaringClass().getModifiers())) {
|
||||
type = field.getDeclaringClass();
|
||||
if (!Modifier.isPublic(type.getModifiers()) || !isPackageAccessible(type)) {
|
||||
throw new NoSuchFieldException("Field '" + name + "' is not accessible");
|
||||
}
|
||||
return field;
|
||||
|
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2008, 2011, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2008, 2012, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -33,6 +33,8 @@ import java.lang.reflect.ParameterizedType;
|
||||
import java.lang.reflect.Type;
|
||||
import java.util.Arrays;
|
||||
|
||||
import static sun.reflect.misc.ReflectUtil.isPackageAccessible;
|
||||
|
||||
/**
|
||||
* This utility class provides {@code static} methods
|
||||
* to find a public method with specified name and parameter types
|
||||
@ -120,7 +122,7 @@ public final class MethodFinder extends AbstractFinder<Method> {
|
||||
*/
|
||||
public static Method findAccessibleMethod(Method method) throws NoSuchMethodException {
|
||||
Class<?> type = method.getDeclaringClass();
|
||||
if (Modifier.isPublic(type.getModifiers())) {
|
||||
if (Modifier.isPublic(type.getModifiers()) && isPackageAccessible(type)) {
|
||||
return method;
|
||||
}
|
||||
if (Modifier.isStatic(method.getModifiers())) {
|
||||
|
Loading…
x
Reference in New Issue
Block a user