use full privileges when checking whether to prompt user or not

2010-12-17 Omair Majid <[email protected]> * netx/net/sourceforge/jnlp/security/SecurityWarning.java (shouldPromptUser): Use full privileges when checking configuration. This value is not security-sensitive and the method is private. * netx/net/sourceforge/jnlp/services/ServiceUtil.java (shouldPromptUser): Likewise.
author: Omair Majid <[email protected]> 2010-12-17 16:19:35 -0500
committer: Omair Majid <[email protected]> 2010-12-17 16:19:35 -0500
commit: 519234f8f5b5abade80087155c727665dc55494b (patch)
tree: 3c40be3704380f2ac6bf55bbe013abfcda113309
parent: 9d36851c174431e6ed861383ca9ffacbd67087d7 (diff)
3 files changed, 22 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 09cd046..a272b65 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2010-12-17  Omair Majid  <[email protected]>
+
+	* netx/net/sourceforge/jnlp/security/SecurityWarning.java
+	(shouldPromptUser): Use full privileges when checking configuration. This
+	value is not security-sensitive and the method is private.
+	* netx/net/sourceforge/jnlp/services/ServiceUtil.java
+	(shouldPromptUser): Likewise.
+
 2010-12-15  Omair Majid  <[email protected]>
 
 	* Makefile.am
diff --git a/netx/net/sourceforge/jnlp/security/SecurityWarning.java b/netx/net/sourceforge/jnlp/security/SecurityWarning.java
index 08f67fd..f3d6dfb 100644
--- a/netx/net/sourceforge/jnlp/security/SecurityWarning.java
+++ b/netx/net/sourceforge/jnlp/security/SecurityWarning.java
@@ -319,8 +319,13 @@ public class SecurityWarning {
      * @return true if security warnings should be shown to the user.
      */
     private static boolean shouldPromptUser() {
-        return Boolean.valueOf(JNLPRuntime.getConfiguration()
-                .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER));
+        return AccessController.doPrivileged(new PrivilegedAction<Boolean >() {
+            @Override
+            public Boolean run() {
+                return Boolean.valueOf(JNLPRuntime.getConfiguration()
+                        .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER));
+            }
+        });
     }
 
 }
diff --git a/netx/net/sourceforge/jnlp/services/ServiceUtil.java b/netx/net/sourceforge/jnlp/services/ServiceUtil.java
index b55bba4..d030395 100644
--- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java
+++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java
@@ -299,8 +299,13 @@ public class ServiceUtil {
      * @return true if the user should be prompted for JNLP API related permissions.
      */
     private static boolean shouldPromptUser() {
-        return Boolean.valueOf(JNLPRuntime.getConfiguration()
-                .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP));
+        return AccessController.doPrivileged(new PrivilegedAction<Boolean >() {
+            @Override
+            public Boolean run() {
+                return Boolean.valueOf(JNLPRuntime.getConfiguration()
+                        .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP));
+            }
+        });
     }
 
 }
author	Omair Majid <[email protected]>	2010-12-17 16:19:35 -0500
committer	Omair Majid <[email protected]>	2010-12-17 16:19:35 -0500
commit	519234f8f5b5abade80087155c727665dc55494b (patch)
tree	3c40be3704380f2ac6bf55bbe013abfcda113309
parent	9d36851c174431e6ed861383ca9ffacbd67087d7 (diff)