Created
October 3, 2018 15:25
-
-
Save jaymode/ad5fff97952c93e6a3da720991160b41 to your computer and use it in GitHub Desktop.
Prototype work to have UnboundID access system properties with a security manager
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/build-src/messages/com/unboundid/buildtools/messages/GenerateMessages.java b/build-src/messages/com/unboundid/buildtools/messages/GenerateMessages.java | |
index 07c4b245..e068a9d0 100644 | |
--- a/build-src/messages/com/unboundid/buildtools/messages/GenerateMessages.java | |
+++ b/build-src/messages/com/unboundid/buildtools/messages/GenerateMessages.java | |
@@ -229,6 +229,8 @@ public class GenerateMessages | |
w("import java.util.ResourceBundle;"); | |
w("import java.util.concurrent.ConcurrentHashMap;"); | |
w(); | |
+ w("import com.unboundid.util.StaticUtils;"); | |
+ w(); | |
w(); | |
w(); | |
w("/**"); | |
@@ -354,9 +356,9 @@ public class GenerateMessages | |
w(" * Indicates whether the unit tests are currently running."); | |
w(" */"); | |
w(" private static final boolean IS_WITHIN_UNIT_TESTS ="); | |
- w(" Boolean.getBoolean(" + | |
+ w(" StaticUtils.getBoolean(" + | |
"\"com.unboundid.ldap.sdk.RunningUnitTests\") ||"); | |
- w(" Boolean.getBoolean(" + | |
+ w(" StaticUtils.getBoolean(" + | |
"\"com.unboundid.directory.server.RunningUnitTests\");"); | |
w(); | |
w(); | |
diff --git a/src/com/unboundid/ldap/sdk/LDAPConnectionOptions.java b/src/com/unboundid/ldap/sdk/LDAPConnectionOptions.java | |
index aa6d5f73..eb5ab98f 100644 | |
--- a/src/com/unboundid/ldap/sdk/LDAPConnectionOptions.java | |
+++ b/src/com/unboundid/ldap/sdk/LDAPConnectionOptions.java | |
@@ -22,11 +22,15 @@ package com.unboundid.ldap.sdk; | |
+import java.security.AccessControlException; | |
+import java.security.AccessController; | |
+import java.security.PrivilegedAction; | |
import java.util.Arrays; | |
import java.util.Collections; | |
import java.util.EnumMap; | |
import java.util.HashMap; | |
import java.util.Map; | |
+import java.util.Set; | |
import java.util.logging.Level; | |
import com.unboundid.ldap.sdk.extensions.PasswordModifyExtendedRequest; | |
@@ -917,7 +921,7 @@ public final class LDAPConnectionOptions | |
new HashMap<>(StaticUtils.computeMapCapacity(10)); | |
final String allOpsPropertyValue = | |
- System.getProperty(PROPERTY_DEFAULT_RESPONSE_TIMEOUT_MILLIS); | |
+ StaticUtils.getSystemProperty(PROPERTY_DEFAULT_RESPONSE_TIMEOUT_MILLIS); | |
if (allOpsPropertyValue != null) | |
{ | |
try | |
@@ -984,8 +988,19 @@ public final class LDAPConnectionOptions | |
final String extendedOperationTypePrefix = | |
PROPERTY_DEFAULT_EXTENDED_RESPONSE_TIMEOUT_MILLIS + '.'; | |
- for (final String propertyName : | |
- System.getProperties().stringPropertyNames()) | |
+ Set<String> propertyNames = Collections.emptySet(); | |
+ try { | |
+ propertyNames = AccessController.doPrivileged(new PrivilegedAction<Set<String>>() { | |
+ @Override | |
+ public Set<String> run() { | |
+ return System.getProperties().stringPropertyNames(); | |
+ } | |
+ }); | |
+ } catch (AccessControlException ace) { | |
+ // maybe debug here? | |
+ } | |
+ | |
+ for (final String propertyName : propertyNames) | |
{ | |
if (propertyName.startsWith(extendedOperationTypePrefix)) | |
{ | |
@@ -1060,7 +1075,7 @@ public final class LDAPConnectionOptions | |
static | |
{ | |
final String vmVendor = | |
- StaticUtils.toLowerCase(System.getProperty("java.vm.vendor")); | |
+ StaticUtils.toLowerCase(StaticUtils.getSystemProperty("java.vm.vendor")); | |
DEFAULT_ALLOW_CONCURRENT_SOCKET_FACTORY_USE = ((vmVendor != null) && | |
(vmVendor.contains("sun microsystems") || | |
vmVendor.contains("oracle") || | |
@@ -2273,7 +2288,7 @@ public final class LDAPConnectionOptions | |
static boolean getSystemProperty(final String propertyName, | |
final boolean defaultValue) | |
{ | |
- final String propertyValue = System.getProperty(propertyName); | |
+ final String propertyValue = StaticUtils.getSystemProperty(propertyName); | |
if (propertyValue == null) | |
{ | |
if (Debug.debugEnabled()) | |
@@ -2341,7 +2356,7 @@ public final class LDAPConnectionOptions | |
static int getSystemProperty(final String propertyName, | |
final int defaultValue) | |
{ | |
- final String propertyValueString = System.getProperty(propertyName); | |
+ final String propertyValueString = StaticUtils.getSystemProperty(propertyName); | |
if (propertyValueString == null) | |
{ | |
if (Debug.debugEnabled()) | |
@@ -2401,7 +2416,7 @@ public final class LDAPConnectionOptions | |
static Long getSystemProperty(final String propertyName, | |
final Long defaultValue) | |
{ | |
- final String propertyValueString = System.getProperty(propertyName); | |
+ final String propertyValueString = StaticUtils.getSystemProperty(propertyName); | |
if (propertyValueString == null) | |
{ | |
if (Debug.debugEnabled()) | |
diff --git a/src/com/unboundid/ldap/sdk/LDAPException.java b/src/com/unboundid/ldap/sdk/LDAPException.java | |
index 7c130252..1aea6c54 100644 | |
--- a/src/com/unboundid/ldap/sdk/LDAPException.java | |
+++ b/src/com/unboundid/ldap/sdk/LDAPException.java | |
@@ -589,8 +589,8 @@ public class LDAPException | |
public void toString(final StringBuilder buffer) | |
{ | |
final boolean includeCause = | |
- Boolean.getBoolean(Debug.PROPERTY_INCLUDE_CAUSE_IN_EXCEPTION_MESSAGES); | |
- final boolean includeStackTrace = Boolean.getBoolean( | |
+ StaticUtils.getBoolean(Debug.PROPERTY_INCLUDE_CAUSE_IN_EXCEPTION_MESSAGES); | |
+ final boolean includeStackTrace = StaticUtils.getBoolean( | |
Debug.PROPERTY_INCLUDE_STACK_TRACE_IN_EXCEPTION_MESSAGES); | |
toString(buffer, includeCause, includeStackTrace); | |
diff --git a/src/com/unboundid/ldif/LDIFException.java b/src/com/unboundid/ldif/LDIFException.java | |
index b1be0d1c..e5e70553 100644 | |
--- a/src/com/unboundid/ldif/LDIFException.java | |
+++ b/src/com/unboundid/ldif/LDIFException.java | |
@@ -229,8 +229,8 @@ public final class LDIFException | |
public void toString(final StringBuilder buffer) | |
{ | |
final boolean includeCause = | |
- Boolean.getBoolean(Debug.PROPERTY_INCLUDE_CAUSE_IN_EXCEPTION_MESSAGES); | |
- final boolean includeStackTrace = Boolean.getBoolean( | |
+ StaticUtils.getBoolean(Debug.PROPERTY_INCLUDE_CAUSE_IN_EXCEPTION_MESSAGES); | |
+ final boolean includeStackTrace = StaticUtils.getBoolean( | |
Debug.PROPERTY_INCLUDE_STACK_TRACE_IN_EXCEPTION_MESSAGES); | |
toString(buffer, includeCause, includeStackTrace); | |
diff --git a/src/com/unboundid/util/Debug.java b/src/com/unboundid/util/Debug.java | |
index c910a138..1d5c5a8b 100644 | |
--- a/src/com/unboundid/util/Debug.java | |
+++ b/src/com/unboundid/util/Debug.java | |
@@ -23,6 +23,9 @@ package com.unboundid.util; | |
import java.io.Serializable; | |
+import java.security.AccessControlException; | |
+import java.security.AccessController; | |
+import java.security.PrivilegedAction; | |
import java.util.EnumSet; | |
import java.util.Properties; | |
import java.util.Set; | |
@@ -41,6 +44,7 @@ import com.unboundid.ldap.sdk.LDAPRequest; | |
import com.unboundid.ldap.sdk.Version; | |
import com.unboundid.ldif.LDIFRecord; | |
+import static com.unboundid.util.StaticUtils.copySystemProperty; | |
/** | |
@@ -187,10 +191,25 @@ public final class Debug | |
static | |
{ | |
- initialize(System.getProperties()); | |
- } | |
+ Properties sysProps; | |
+ try { | |
+ sysProps = AccessController.doPrivileged(new PrivilegedAction<Properties>() { | |
+ @Override | |
+ public Properties run() { | |
+ return System.getProperties(); | |
+ } | |
+ }); | |
+ } catch (AccessControlException e) { | |
+ sysProps = new Properties(); | |
+ copySystemProperty(sysProps, PROPERTY_DEBUG_ENABLED); | |
+ copySystemProperty(sysProps, PROPERTY_INCLUDE_STACK_TRACE); | |
+ copySystemProperty(sysProps, PROPERTY_DEBUG_TYPE); | |
+ copySystemProperty(sysProps, PROPERTY_DEBUG_LEVEL); | |
+ } | |
+ initialize(sysProps); | |
+ } | |
/** | |
* Prevent this class from being instantiated. | |
diff --git a/src/com/unboundid/util/LDAPSDKException.java b/src/com/unboundid/util/LDAPSDKException.java | |
index 1d940d0a..cd8dddf6 100644 | |
--- a/src/com/unboundid/util/LDAPSDKException.java | |
+++ b/src/com/unboundid/util/LDAPSDKException.java | |
@@ -107,8 +107,8 @@ public abstract class LDAPSDKException | |
public String getExceptionMessage() | |
{ | |
final boolean includeCause = | |
- Boolean.getBoolean(Debug.PROPERTY_INCLUDE_CAUSE_IN_EXCEPTION_MESSAGES); | |
- final boolean includeStackTrace = Boolean.getBoolean( | |
+ StaticUtils.getBoolean(Debug.PROPERTY_INCLUDE_CAUSE_IN_EXCEPTION_MESSAGES); | |
+ final boolean includeStackTrace = StaticUtils.getBoolean( | |
Debug.PROPERTY_INCLUDE_STACK_TRACE_IN_EXCEPTION_MESSAGES); | |
return getExceptionMessage(includeCause, includeStackTrace); | |
diff --git a/src/com/unboundid/util/LDAPSDKRuntimeException.java b/src/com/unboundid/util/LDAPSDKRuntimeException.java | |
index 6ecb726e..1dd68a0c 100644 | |
--- a/src/com/unboundid/util/LDAPSDKRuntimeException.java | |
+++ b/src/com/unboundid/util/LDAPSDKRuntimeException.java | |
@@ -107,8 +107,8 @@ public abstract class LDAPSDKRuntimeException | |
public String getExceptionMessage() | |
{ | |
final boolean includeCause = | |
- Boolean.getBoolean(Debug.PROPERTY_INCLUDE_CAUSE_IN_EXCEPTION_MESSAGES); | |
- final boolean includeStackTrace = Boolean.getBoolean( | |
+ StaticUtils.getBoolean(Debug.PROPERTY_INCLUDE_CAUSE_IN_EXCEPTION_MESSAGES); | |
+ final boolean includeStackTrace = StaticUtils.getBoolean( | |
Debug.PROPERTY_INCLUDE_STACK_TRACE_IN_EXCEPTION_MESSAGES); | |
return getExceptionMessage(includeCause, includeStackTrace); | |
diff --git a/src/com/unboundid/util/StaticUtils.java b/src/com/unboundid/util/StaticUtils.java | |
index 1c0e1ba4..9beb8e93 100644 | |
--- a/src/com/unboundid/util/StaticUtils.java | |
+++ b/src/com/unboundid/util/StaticUtils.java | |
@@ -28,6 +28,9 @@ import java.io.IOException; | |
import java.io.StringReader; | |
import java.lang.reflect.Array; | |
import java.nio.charset.StandardCharsets; | |
+import java.security.AccessControlException; | |
+import java.security.AccessController; | |
+import java.security.PrivilegedAction; | |
import java.text.DecimalFormat; | |
import java.text.ParseException; | |
import java.text.SimpleDateFormat; | |
@@ -40,6 +43,7 @@ import java.util.HashSet; | |
import java.util.Iterator; | |
import java.util.LinkedHashSet; | |
import java.util.List; | |
+import java.util.Properties; | |
import java.util.Set; | |
import java.util.StringTokenizer; | |
import java.util.TimeZone; | |
@@ -105,8 +109,8 @@ public final class StaticUtils | |
* Indicates whether the unit tests are currently running. | |
*/ | |
private static final boolean IS_WITHIN_UNIT_TESTS = | |
- Boolean.getBoolean("com.unboundid.ldap.sdk.RunningUnitTests") || | |
- Boolean.getBoolean("com.unboundid.directory.server.RunningUnitTests"); | |
+ getBoolean("com.unboundid.ldap.sdk.RunningUnitTests") || | |
+ getBoolean("com.unboundid.directory.server.RunningUnitTests"); | |
@@ -3483,4 +3487,37 @@ public final class StaticUtils | |
{ | |
return new LinkedHashSet<>(Arrays.asList(items)); | |
} | |
+ | |
+ public static void copySystemProperty(Properties properties, String propertyName) { | |
+ final String value = getSystemProperty(propertyName); | |
+ if (value != null) { | |
+ properties.put(propertyName, value); | |
+ } | |
+ } | |
+ | |
+ public static String getSystemProperty(final String property) { | |
+ try { | |
+ return AccessController.doPrivileged(new PrivilegedAction<String>() { | |
+ @Override | |
+ public String run() { | |
+ return System.getProperty(property); | |
+ } | |
+ }); | |
+ } catch (AccessControlException e) { | |
+ return null; | |
+ } | |
+ } | |
+ | |
+ public static Boolean getBoolean(final String systemProperty) { | |
+ try { | |
+ return AccessController.doPrivileged(new PrivilegedAction<Boolean>() { | |
+ @Override | |
+ public Boolean run() { | |
+ return Boolean.getBoolean(systemProperty); | |
+ } | |
+ }); | |
+ } catch (AccessControlException e) { | |
+ return false; | |
+ } | |
+ } | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment