Mercurial > hg > release > icedtea-web-1.0
changeset 79:4afa92b88e74
use full privileges when checking whether to prompt user or not
2010-12-24 Omair Majid <omajid@redhat.com>
* netx/net/sourceforge/jnlp/security/SecurityWarning.java
(shouldPromptUser): Use full privileges when checking configuration. This
value is not security-sensitive and the method is private.
* netx/net/sourceforge/jnlp/services/ServiceUtil.java
(shouldPromptUser): Likewise.
author | Omair Majid <omajid@redhat.com> |
---|---|
date | Fri, 24 Dec 2010 15:17:35 -0500 |
parents | f8c085a5c7a2 |
children | 8f4d653aeb0e |
files | ChangeLog netx/net/sourceforge/jnlp/security/SecurityWarning.java netx/net/sourceforge/jnlp/services/ServiceUtil.java |
diffstat | 3 files changed, 22 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Wed Dec 22 17:14:44 2010 -0500 +++ b/ChangeLog Fri Dec 24 15:17:35 2010 -0500 @@ -1,3 +1,11 @@ +2010-12-24 Omair Majid <omajid@redhat.com> + + * netx/net/sourceforge/jnlp/security/SecurityWarning.java + (shouldPromptUser): Use full privileges when checking configuration. This + value is not security-sensitive and the method is private. + * netx/net/sourceforge/jnlp/services/ServiceUtil.java + (shouldPromptUser): Likewise. + 2010-12-22 Deepak Bhole <dbhole@redhat.com> RH665104: OpenJDK Firefox Java plugin loses a cookie
--- a/netx/net/sourceforge/jnlp/security/SecurityWarning.java Wed Dec 22 17:14:44 2010 -0500 +++ b/netx/net/sourceforge/jnlp/security/SecurityWarning.java Fri Dec 24 15:17:35 2010 -0500 @@ -319,8 +319,13 @@ * @return true if security warnings should be shown to the user. */ private static boolean shouldPromptUser() { - return Boolean.valueOf(JNLPRuntime.getConfiguration() - .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER)); + return AccessController.doPrivileged(new PrivilegedAction<Boolean >() { + @Override + public Boolean run() { + return Boolean.valueOf(JNLPRuntime.getConfiguration() + .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER)); + } + }); } }
--- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java Wed Dec 22 17:14:44 2010 -0500 +++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java Fri Dec 24 15:17:35 2010 -0500 @@ -299,8 +299,13 @@ * @return true if the user should be prompted for JNLP API related permissions. */ private static boolean shouldPromptUser() { - return Boolean.valueOf(JNLPRuntime.getConfiguration() - .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP)); + return AccessController.doPrivileged(new PrivilegedAction<Boolean >() { + @Override + public Boolean run() { + return Boolean.valueOf(JNLPRuntime.getConfiguration() + .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP)); + } + }); } }