Mercurial > hg > release > icedtea-web-1.0

changeset 79:4afa92b88e74

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
use full privileges when checking whether to prompt user or not 2010-12-24 Omair Majid <omajid@redhat.com> * netx/net/sourceforge/jnlp/security/SecurityWarning.java (shouldPromptUser): Use full privileges when checking configuration. This value is not security-sensitive and the method is private. * netx/net/sourceforge/jnlp/services/ServiceUtil.java (shouldPromptUser): Likewise.
author Omair Majid <omajid@redhat.com>
date Fri, 24 Dec 2010 15:17:35 -0500
parents f8c085a5c7a2
children 8f4d653aeb0e
files ChangeLog netx/net/sourceforge/jnlp/security/SecurityWarning.java netx/net/sourceforge/jnlp/services/ServiceUtil.java
diffstat 3 files changed, 22 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Wed Dec 22 17:14:44 2010 -0500
+++ b/ChangeLog	Fri Dec 24 15:17:35 2010 -0500
@@ -1,3 +1,11 @@
+2010-12-24  Omair Majid  <omajid@redhat.com>
+
+	* netx/net/sourceforge/jnlp/security/SecurityWarning.java
+	(shouldPromptUser): Use full privileges when checking configuration. This
+	value is not security-sensitive and the method is private.
+	* netx/net/sourceforge/jnlp/services/ServiceUtil.java
+	(shouldPromptUser): Likewise.
+
 2010-12-22  Deepak Bhole <dbhole@redhat.com>
 
 	RH665104: OpenJDK Firefox Java plugin loses a cookie
--- a/netx/net/sourceforge/jnlp/security/SecurityWarning.java	Wed Dec 22 17:14:44 2010 -0500
+++ b/netx/net/sourceforge/jnlp/security/SecurityWarning.java	Fri Dec 24 15:17:35 2010 -0500
@@ -319,8 +319,13 @@
      * @return true if security warnings should be shown to the user.
      */
     private static boolean shouldPromptUser() {
-        return Boolean.valueOf(JNLPRuntime.getConfiguration()
-                .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER));
+        return AccessController.doPrivileged(new PrivilegedAction<Boolean >() {
+            @Override
+            public Boolean run() {
+                return Boolean.valueOf(JNLPRuntime.getConfiguration()
+                        .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER));
+            }
+        });
     }
 
 }
--- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java	Wed Dec 22 17:14:44 2010 -0500
+++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java	Fri Dec 24 15:17:35 2010 -0500
@@ -299,8 +299,13 @@
      * @return true if the user should be prompted for JNLP API related permissions.
      */
     private static boolean shouldPromptUser() {
-        return Boolean.valueOf(JNLPRuntime.getConfiguration()
-                .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP));
+        return AccessController.doPrivileged(new PrivilegedAction<Boolean >() {
+            @Override
+            public Boolean run() {
+                return Boolean.valueOf(JNLPRuntime.getConfiguration()
+                        .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP));
+            }
+        });
     }
 
 }