I got a bit further in quenching various problems orginating from the
webstart sandbox. Starting with a little wrapper called SafeProperty,
to eat up SecurityExceptions (Inspired by comment in the bug). Patch
further down. (I am working on the google guice svn trunk)
After wrapping try catch for SecurityExceptions, this little 18-hole
golf track manages to get me into the sandbox bunker again:
Caused by: java.security.AccessControlException: access denied
(java.lang.RuntimePermission createClassLoader)
at java.security.AccessControlContext.checkPermission
(AccessControlContext.java:323)
at java.security.AccessController.checkPermission
(AccessController.java:546)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:
532)
at java.lang.SecurityManager.checkCreateClassLoader
(SecurityManager.java:594)
at java.lang.ClassLoader.<init>(ClassLoader.java:201)
at com.google.inject.internal.BytecodeGen$BridgeClassLoader.<init>
(BytecodeGen.java:247)
at com.google.inject.internal.BytecodeGen$2$1.run(BytecodeGen.java:
100)
at com.google.inject.internal.BytecodeGen$2$1.run(BytecodeGen.java:
98)
at java.security.AccessController.doPrivileged(Native Method)
at com.google.inject.internal.BytecodeGen$2.apply(BytecodeGen.java:
98)
at com.google.inject.internal.BytecodeGen$2.apply(BytecodeGen.java:
95)
at com.google.inject.internal.MapMaker$StrategyImpl.compute
(MapMaker.java:528)
This time I am very stumped. I assume that the sandbox would allow to
create a new classloader as long as it uses an existing one as its
parent (?). Is that somehting I could go deeper into and fix? If not,
is this part of a feature I can disable and still have something
useful?
Oh well, it is 5AM and i have spent way too much "spare" time on this.
Below, SafeProperty replacing System.getProperty where it hurts, plus
catching security exceptoins on getDeclared{Fields,Methods} that threw
SecurityException:
SafeProperty apparently not included. Oh well. just to methods.
Index: src/com/google/inject/spi/InjectionPoint.java
===================================================================
--- src/com/google/inject/spi/InjectionPoint.java (revision 929)
+++ src/com/google/inject/spi/InjectionPoint.java (working copy)
@@ -390,7 +390,12 @@
private interface Factory<M extends Member & AnnotatedElement> {
Factory<Field> FIELDS = new Factory<Field>() {
public Field[] getMembers(Class<?> type) {
+ try {
return type.getDeclaredFields();
+ }
+ catch(SecurityException se) {
+ return new Field[] { };
+ }
}
public InjectionPoint create(TypeLiteral<?> typeLiteral, Field
member, Errors errors) {
return new InjectionPoint(typeLiteral, member);
@@ -399,7 +404,12 @@
Factory<Method> METHODS = new Factory<Method>() {
public Method[] getMembers(Class<?> type) {
+ try {
return type.getDeclaredMethods();
+ }
+ catch(SecurityException se) {
+ return new Method[] { };
+ }
}
public InjectionPoint create(TypeLiteral<?> typeLiteral, Method
member, Errors errors) {
checkForMisplacedBindingAnnotations(member, errors);
Index: src/com/google/inject/internal/Errors.java
===================================================================
--- src/com/google/inject/internal/Errors.java (revision 929)
+++ src/com/google/inject/internal/Errors.java (working copy)
@@ -29,6 +29,7 @@
import com.google.inject.spi.InjectionPoint;
import com.google.inject.spi.Message;
import com.google.inject.spi.TypeListenerBinding;
+import com.google.inject.internal.SafeProperty;
import java.io.PrintWriter;
import java.io.Serializable;
import java.io.StringWriter;
@@ -62,7 +63,7 @@
// TODO(kevinb): gee, ya think we might want to remove this?
private static final boolean allowNullsBadBadBad
- = "I'm a bad hack".equals(System.getProperty
("guice.allow.nulls.bad.bad.bad"));
+ = "I'm a bad hack".equals(SafeProperty.getProperty
("guice.allow.nulls.bad.bad.bad"));
private final List<Message> errors;
private final Errors parent;
Index: src/com/google/inject/internal/BytecodeGen.java
===================================================================
--- src/com/google/inject/internal/BytecodeGen.java (revision 929)
+++ src/com/google/inject/internal/BytecodeGen.java (working copy)
@@ -17,6 +17,7 @@
package com.google.inject.internal;
import static com.google.inject.internal.Preconditions.checkNotNull;
+import com.google.inject.internal.SafeProperty;
import java.lang.reflect.Constructor;
import java.lang.reflect.Member;
import java.lang.reflect.Method;
@@ -83,7 +84,7 @@
/** Use "-Dguice.custom.loader=false" to disable custom
classloading. */
static final boolean HOOK_ENABLED
- = "true".equals(System.getProperty("guice.custom.loader",
"true"));
+ = "true".equals(SafeProperty.getProperty("guice.custom.loader",
"true"));
/**
* Weak cache of bridge class loaders that make the Guice
implementation