diff options
| author | Wade Walker <[email protected]> | 2013-02-17 10:48:00 -0600 |
|---|---|---|
| committer | Wade Walker <[email protected]> | 2013-02-17 10:48:00 -0600 |
| commit | 45a84db7739aba2ab4526d7ef87850b9eb824740 (patch) | |
| tree | 7a99f7a24c42622052962b59d24fa457190c3252 /src | |
| parent | f3894c9fa1904572ee21b5c3aa2ca9e26a5d5d1e (diff) | |
Add security checks to resolver methods.
Diffstat (limited to 'src')
| -rw-r--r-- | src/java/com/jogamp/common/util/JarUtil.java | 30 |
1 files changed, 26 insertions, 4 deletions
diff --git a/src/java/com/jogamp/common/util/JarUtil.java b/src/java/com/jogamp/common/util/JarUtil.java index f1488f1..7fa5dd0 100644 --- a/src/java/com/jogamp/common/util/JarUtil.java +++ b/src/java/com/jogamp/common/util/JarUtil.java @@ -61,14 +61,31 @@ public class JarUtil { URL resolve(URL url); } - /** If non-null, we use this to resolve class file URLs after querying them from the classloader. */ + /** If non-null, we use this to resolve class file URLs after querying them from the classloader. + * The resolver won't be used on an URL if it's already of a common type like file, jar, or http[s].*/ private static Resolver resolver; /** * Setter. - * @param r Resolver to use after querying class file URLs from the classloader. + * @param r Resolver to use after querying class file URLs from the classloader. + * @throws Error if the resolver has already been set. + * @throws SecurityException if the security manager doesn't have the setFactory + * permission */ public static void setResolver(Resolver r) { + if(r == null) { + return; + } + + if(resolver != null) { + throw new Error("Resolver already set!"); + } + + SecurityManager security = System.getSecurityManager(); + if(security != null) { + security.checkSetFactory(); + } + resolver = r; } @@ -113,8 +130,13 @@ public class JarUtil { throw new IllegalArgumentException("null arguments: clazzBinName "+clazzBinName+", cl "+cl); } URL url = IOUtil.getClassURL(clazzBinName, cl); - if(resolver != null) - url = resolver.resolve(url); + if( resolver != null + && !url.toString().startsWith("jar:") + && !url.toString().startsWith("file:") + && !url.toString().startsWith("http:") + && !url.toString().startsWith("https:")) { + url = resolver.resolve(url); + } // test name .. final String urlS = url.toExternalForm(); if(DEBUG) { |