Use isChecking() when deciding whether to construct privileged blocks…

… or nontrivial permission checks
silveringsea · May 10, 2013 · 9362aab · 9362aab
1 parent 087cf0d
commit 9362aab
Show file tree

Hide file tree

Showing 101 changed files with 361 additions and 343 deletions.
diff --git a/appclient/src/main/java/org/jboss/as/appclient/deployment/SecurityActions.java b/appclient/src/main/java/org/jboss/as/appclient/deployment/SecurityActions.java
@@ -24,8 +24,8 @@
 
 import org.wildfly.security.manager.GetContextClassLoaderAction;
 import org.wildfly.security.manager.SetContextClassLoaderAction;
+import org.wildfly.security.manager.WildFlySecurityManager;
 
-import static java.lang.System.getSecurityManager;
 import static java.lang.Thread.currentThread;
 import static java.security.AccessController.doPrivileged;
 
@@ -41,7 +41,7 @@ private SecurityActions() {
      * @return the current context classloader
      */
     static ClassLoader getContextClassLoader() {
-        return getSecurityManager() == null ? currentThread().getContextClassLoader() : doPrivileged(GetContextClassLoaderAction.getInstance());
+        return WildFlySecurityManager.isChecking() ? currentThread().getContextClassLoader() : doPrivileged(GetContextClassLoaderAction.getInstance());
     }
 
     /**
@@ -51,7 +51,7 @@ static ClassLoader getContextClassLoader() {
      *            the classloader
      */
     static void setContextClassLoader(final ClassLoader classLoader) {
-        if (getSecurityManager() == null) {
+        if (WildFlySecurityManager.isChecking()) {
             currentThread().setContextClassLoader(classLoader);
         } else {
             doPrivileged(new SetContextClassLoaderAction(classLoader));

diff --git a/appclient/src/main/java/org/jboss/as/appclient/service/SecurityActions.java b/appclient/src/main/java/org/jboss/as/appclient/service/SecurityActions.java
@@ -24,8 +24,8 @@
 
 import org.wildfly.security.manager.GetContextClassLoaderAction;
 import org.wildfly.security.manager.SetContextClassLoaderAction;
+import org.wildfly.security.manager.WildFlySecurityManager;
 
-import static java.lang.System.getSecurityManager;
 import static java.lang.Thread.currentThread;
 import static java.security.AccessController.doPrivileged;
 
@@ -41,7 +41,7 @@ private SecurityActions() {
      * @return the current context classloader
      */
     static ClassLoader getContextClassLoader() {
-        return getSecurityManager() == null ? currentThread().getContextClassLoader() : doPrivileged(GetContextClassLoaderAction.getInstance());
+        return ! WildFlySecurityManager.isChecking() ? currentThread().getContextClassLoader() : doPrivileged(GetContextClassLoaderAction.getInstance());
     }
 
     /**
@@ -51,7 +51,7 @@ static ClassLoader getContextClassLoader() {
      *            the classloader
      */
     static void setContextClassLoader(final ClassLoader classLoader) {
-        if (getSecurityManager() == null) {
+        if (! WildFlySecurityManager.isChecking()) {
             currentThread().setContextClassLoader(classLoader);
         } else {
             doPrivileged(new SetContextClassLoaderAction(classLoader));

diff --git a/appclient/src/main/java/org/jboss/as/appclient/subsystem/SecurityActions.java b/appclient/src/main/java/org/jboss/as/appclient/subsystem/SecurityActions.java
@@ -31,12 +31,12 @@
 import org.wildfly.security.manager.GetEnvironmentAction;
 import org.wildfly.security.manager.GetSystemPropertiesAction;
 import org.wildfly.security.manager.ReadPropertyAction;
+import org.wildfly.security.manager.WildFlySecurityManager;
 import org.wildfly.security.manager.WritePropertyAction;
 
 import static java.lang.System.clearProperty;
 import static java.lang.System.getProperties;
 import static java.lang.System.getProperty;
-import static java.lang.System.getSecurityManager;
 import static java.lang.System.getenv;
 import static java.lang.System.setProperty;
 import static java.security.AccessController.doPrivileged;
@@ -54,35 +54,35 @@ private SecurityActions() {
     }
 
     static String getSystemProperty(final String key) {
-        return getSecurityManager() == null ? getProperty(key) : doPrivileged(new ReadPropertyAction(key));
+        return ! WildFlySecurityManager.isChecking() ? getProperty(key) : doPrivileged(new ReadPropertyAction(key));
     }
 
     static void setSystemProperty(final String key, final String value) {
-        if (getSecurityManager() == null) {
+        if (! WildFlySecurityManager.isChecking()) {
             setProperty(key, value);
         } else {
             doPrivileged(new WritePropertyAction(key, value));
         }
     }
 
     static void clearSystemProperty(final String key) {
-        if (getSecurityManager() == null) {
+        if (! WildFlySecurityManager.isChecking()) {
             clearProperty(key);
         } else {
             doPrivileged(new ClearPropertyAction(key));
         }
     }
 
     static Properties getSystemProperties() {
-        return getSecurityManager() == null ? getProperties() : doPrivileged(GetSystemPropertiesAction.getInstance());
+        return ! WildFlySecurityManager.isChecking() ? getProperties() : doPrivileged(GetSystemPropertiesAction.getInstance());
     }
 
     static Map<String, String> getSystemEnvironment() {
-        return getSecurityManager() == null ? getenv() : doPrivileged(GetEnvironmentAction.getInstance());
+        return ! WildFlySecurityManager.isChecking() ? getenv() : doPrivileged(GetEnvironmentAction.getInstance());
     }
 
     static void addProvider(final Provider provider) {
-        if (getSecurityManager() == null) {
+        if (! WildFlySecurityManager.isChecking()) {
             Security.addProvider(provider);
         } else {
             doPrivileged(new AddGlobalSecurityProviderAction(provider));

diff --git a/...er-embedded/src/main/java/org/jboss/as/arquillian/container/embedded/SecurityActions.java b/...er-embedded/src/main/java/org/jboss/as/arquillian/container/embedded/SecurityActions.java
@@ -24,6 +24,7 @@
 
 import java.security.AccessController;
 import java.security.PrivilegedAction;
+import org.wildfly.security.manager.WildFlySecurityManager;
 
 /**
  * Security actions to access system environment information.  No methods in
@@ -37,7 +38,7 @@ private SecurityActions() {
     }
 
     static void setSystemProperty(final String key, final String value) {
-        if (System.getSecurityManager() == null) {
+        if (! WildFlySecurityManager.isChecking()) {
             System.setProperty(key, value);
         } else {
             AccessController.doPrivileged(new PrivilegedAction<Void>() {

diff --git a/arquillian/protocol-jmx/src/main/java/org/jboss/as/arquillian/service/ArquillianService.java b/arquillian/protocol-jmx/src/main/java/org/jboss/as/arquillian/service/ArquillianService.java
@@ -54,8 +54,8 @@
 import org.jboss.msc.value.InjectedValue;
 import org.jboss.osgi.resolver.XBundleRevision;
 import org.osgi.framework.BundleContext;
+import org.wildfly.security.manager.WildFlySecurityManager;
 
-import static java.lang.System.getSecurityManager;
 import static java.lang.Thread.currentThread;
 import static java.security.AccessController.doPrivileged;
 import static org.jboss.as.server.deployment.Services.JBOSS_DEPLOYMENT;
@@ -292,12 +292,12 @@ public void teardown(Map<String, Object> properties) {
     }
 
     private static ClassLoader getTccl() {
-        return getSecurityManager() == null ? currentThread().getContextClassLoader() : doPrivileged(GetContextClassLoaderAction.getInstance());
+        return ! WildFlySecurityManager.isChecking() ? currentThread().getContextClassLoader() : doPrivileged(GetContextClassLoaderAction.getInstance());
     }
 
     private static void setTccl(final ClassLoader cl) {
         assert cl != null : "ClassLoader must be specified";
-        if (getSecurityManager() == null) {
+        if (! WildFlySecurityManager.isChecking()) {
             currentThread().setContextClassLoader(cl);
         } else {
             doPrivileged(new SetContextClassLoaderAction(cl));

diff --git a/cli/src/main/java/org/jboss/as/cli/SecurityActions.java b/cli/src/main/java/org/jboss/as/cli/SecurityActions.java
@@ -23,9 +23,9 @@
 
 import org.wildfly.security.manager.GetContextClassLoaderAction;
 import org.wildfly.security.manager.ReadPropertyAction;
+import org.wildfly.security.manager.WildFlySecurityManager;
 
 import static java.lang.System.getProperty;
-import static java.lang.System.getSecurityManager;
 import static java.lang.Thread.currentThread;
 import static java.security.AccessController.doPrivileged;
 
@@ -38,10 +38,10 @@
  */
 class SecurityActions {
     static String getSystemProperty(String name) {
-        return getSecurityManager() == null ? getProperty(name) : doPrivileged(new ReadPropertyAction(name));
+        return ! WildFlySecurityManager.isChecking() ? getProperty(name) : doPrivileged(new ReadPropertyAction(name));
     }
 
     static ClassLoader getContextClassLoader() {
-        return getSecurityManager() == null ? currentThread().getContextClassLoader() : doPrivileged(GetContextClassLoaderAction.getInstance());
+        return ! WildFlySecurityManager.isChecking() ? currentThread().getContextClassLoader() : doPrivileged(GetContextClassLoaderAction.getInstance());
     }
 }
diff --git a/cli/src/main/java/org/jboss/as/cli/handlers/SecurityActions.java b/cli/src/main/java/org/jboss/as/cli/handlers/SecurityActions.java
@@ -24,9 +24,9 @@
 import org.wildfly.security.manager.GetClassLoaderAction;
 import org.wildfly.security.manager.ReadEnvironmentPropertyAction;
 import org.wildfly.security.manager.ReadPropertyAction;
+import org.wildfly.security.manager.WildFlySecurityManager;
 
 import static java.lang.System.getProperty;
-import static java.lang.System.getSecurityManager;
 import static java.lang.System.getenv;
 import static java.security.AccessController.doPrivileged;
 
@@ -40,14 +40,14 @@
 class SecurityActions {
 
     static String getSystemProperty(String name) {
-        return getSecurityManager() == null ? getProperty(name) : doPrivileged(new ReadPropertyAction(name));
+        return ! WildFlySecurityManager.isChecking() ? getProperty(name) : doPrivileged(new ReadPropertyAction(name));
     }
 
     static String getEnvironmentVariable(String name) {
-        return getSecurityManager() == null ? getenv(name) : doPrivileged(new ReadEnvironmentPropertyAction(name));
+        return ! WildFlySecurityManager.isChecking() ? getenv(name) : doPrivileged(new ReadEnvironmentPropertyAction(name));
     }
 
     static ClassLoader getClassLoader(Class<?> cls) {
-        return getSecurityManager() == null ? cls.getClassLoader() : doPrivileged(new GetClassLoaderAction(cls));
+        return ! WildFlySecurityManager.isChecking() ? cls.getClassLoader() : doPrivileged(new GetClassLoaderAction(cls));
     }
 }
diff --git a/cli/src/main/java/org/jboss/as/cli/handlers/module/SecurityActions.java b/cli/src/main/java/org/jboss/as/cli/handlers/module/SecurityActions.java
@@ -23,9 +23,9 @@
 
 import org.wildfly.security.manager.ReadEnvironmentPropertyAction;
 import org.wildfly.security.manager.ReadPropertyAction;
+import org.wildfly.security.manager.WildFlySecurityManager;
 
 import static java.lang.System.getProperty;
-import static java.lang.System.getSecurityManager;
 import static java.lang.System.getenv;
 import static java.security.AccessController.doPrivileged;
 
@@ -39,10 +39,10 @@
 class SecurityActions {
 
     static String getSystemProperty(String name) {
-        return getSecurityManager() == null ? getProperty(name) : doPrivileged(new ReadPropertyAction(name));
+        return ! WildFlySecurityManager.isChecking() ? getProperty(name) : doPrivileged(new ReadPropertyAction(name));
     }
 
     static String getEnvironmentVariable(String name) {
-        return getSecurityManager() == null ? getenv(name) : doPrivileged(new ReadEnvironmentPropertyAction(name));
+        return ! WildFlySecurityManager.isChecking() ? getenv(name) : doPrivileged(new ReadEnvironmentPropertyAction(name));
     }
 }
diff --git a/cli/src/main/java/org/jboss/as/cli/impl/SecurityActions.java b/cli/src/main/java/org/jboss/as/cli/impl/SecurityActions.java
@@ -25,11 +25,11 @@
 import org.wildfly.security.manager.GetClassLoaderAction;
 import org.wildfly.security.manager.ReadEnvironmentPropertyAction;
 import org.wildfly.security.manager.ReadPropertyAction;
+import org.wildfly.security.manager.WildFlySecurityManager;
 import org.wildfly.security.manager.WritePropertyAction;
 
 import static java.lang.Runtime.getRuntime;
 import static java.lang.System.getProperty;
-import static java.lang.System.getSecurityManager;
 import static java.lang.System.getenv;
 import static java.lang.System.setProperty;
 import static java.security.AccessController.doPrivileged;
@@ -43,30 +43,30 @@
  */
 class SecurityActions {
     static void addShutdownHook(Thread hook) {
-        if (getSecurityManager() == null) {
+        if (! WildFlySecurityManager.isChecking()) {
             getRuntime().addShutdownHook(hook);
         } else {
             doPrivileged(new AddShutdownHookAction(hook));
         }
     }
 
     static String getSystemProperty(String name) {
-        return getSecurityManager() == null ? getProperty(name) : doPrivileged(new ReadPropertyAction(name));
+        return ! WildFlySecurityManager.isChecking() ? getProperty(name) : doPrivileged(new ReadPropertyAction(name));
     }
 
     static void setSystemProperty(String name, String value) {
-        if (getSecurityManager() == null) {
+        if (! WildFlySecurityManager.isChecking()) {
             setProperty(name, value);
         } else {
             doPrivileged(new WritePropertyAction(name, value));
         }
     }
 
     static ClassLoader getClassLoader(Class<?> cls) {
-        return getSecurityManager() == null ? cls.getClassLoader() : doPrivileged(new GetClassLoaderAction(cls));
+        return ! WildFlySecurityManager.isChecking() ? cls.getClassLoader() : doPrivileged(new GetClassLoaderAction(cls));
     }
 
     static String getEnvironmentVariable(String name) {
-        return getSecurityManager() == null ? getenv(name) : doPrivileged(new ReadEnvironmentPropertyAction(name));
+        return ! WildFlySecurityManager.isChecking() ? getenv(name) : doPrivileged(new ReadEnvironmentPropertyAction(name));
     }
 }
diff --git a/clustering/api/src/main/java/org/jboss/as/clustering/SimpleMarshalledValue.java b/clustering/api/src/main/java/org/jboss/as/clustering/SimpleMarshalledValue.java
@@ -37,8 +37,8 @@
 import org.jboss.marshalling.SimpleDataInput;
 import org.jboss.marshalling.SimpleDataOutput;
 import org.jboss.marshalling.Unmarshaller;
+import org.wildfly.security.manager.WildFlySecurityManager;
 
-import static java.lang.System.getSecurityManager;
 import static java.lang.Thread.currentThread;
 import static java.security.AccessController.doPrivileged;
 
@@ -197,11 +197,11 @@ public void readExternal(ObjectInput in) throws IOException {
     }
 
     static ClassLoader getCurrentThreadContextClassLoader() {
-        return getSecurityManager() == null ? currentThread().getContextClassLoader() : doPrivileged(GetContextClassLoaderAction.getInstance());
+        return ! WildFlySecurityManager.isChecking() ? currentThread().getContextClassLoader() : doPrivileged(GetContextClassLoaderAction.getInstance());
     }
 
     static void setCurrentThreadContextClassLoader(final ClassLoader loader) {
-        if (getSecurityManager() == null) {
+        if (! WildFlySecurityManager.isChecking()) {
             currentThread().setContextClassLoader(loader);
         } else {
             doPrivileged(new SetContextClassLoaderAction(loader));

diff --git a/...nector/services/resourceadapters/deployment/AbstractResourceAdapterDeploymentService.java b/...nector/services/resourceadapters/deployment/AbstractResourceAdapterDeploymentService.java
@@ -22,7 +22,6 @@
 
 package org.jboss.as.connector.services.resourceadapters.deployment;
 
-import static java.lang.System.getSecurityManager;
 import static java.lang.Thread.currentThread;
 import static java.security.AccessController.doPrivileged;
 import static org.jboss.as.connector.logging.ConnectorLogger.DEPLOYMENT_CONNECTOR_LOGGER;
@@ -77,6 +76,7 @@
 import org.jboss.msc.service.ServiceTarget;
 import org.jboss.msc.value.InjectedValue;
 import org.jboss.security.SubjectFactory;
+import org.wildfly.security.manager.WildFlySecurityManager;
 
 /**
  * A ResourceAdapterDeploymentService.
@@ -399,15 +399,19 @@ protected File getReportDirectory() {
 
         @Override
         protected TransactionManager getTransactionManager() {
-            if (getSecurityManager() == null) {
+            if (! WildFlySecurityManager.isChecking()) {
                 currentThread().setContextClassLoader(TransactionIntegration.class.getClassLoader());
             } else {
                 doPrivileged(new SetContextClassLoaderFromClassAction(TransactionIntegration.class));
             }
             try {
                 return getTxIntegration().getValue().getTransactionManager();
             } finally {
-                doPrivileged(ClearContextClassLoaderAction.getInstance());
+                if (! WildFlySecurityManager.isChecking()) {
+                    currentThread().setContextClassLoader(null);
+                } else {
+                    doPrivileged(ClearContextClassLoaderAction.getInstance());
+                }
             }
         }
 

diff --git a/...ain/java/org/jboss/as/connector/services/resourceadapters/deployment/SecurityActions.java b/...ain/java/org/jboss/as/connector/services/resourceadapters/deployment/SecurityActions.java
@@ -24,8 +24,8 @@
 
 import org.wildfly.security.manager.GetContextClassLoaderAction;
 import org.wildfly.security.manager.SetContextClassLoaderAction;
+import org.wildfly.security.manager.WildFlySecurityManager;
 
-import static java.lang.System.getSecurityManager;
 import static java.lang.Thread.currentThread;
 import static java.security.AccessController.doPrivileged;
 
@@ -46,15 +46,15 @@ private SecurityActions() {
      * @return The class loader
      */
     static ClassLoader getThreadContextClassLoader() {
-        return getSecurityManager() == null ? currentThread().getContextClassLoader() : doPrivileged(GetContextClassLoaderAction.getInstance());
+        return ! WildFlySecurityManager.isChecking() ? currentThread().getContextClassLoader() : doPrivileged(GetContextClassLoaderAction.getInstance());
     }
 
     /**
      * Set the thread context class loader
      * @param cl The class loader
      */
     static void setThreadContextClassLoader(final ClassLoader cl) {
-        if (getSecurityManager() == null) {
+        if (! WildFlySecurityManager.isChecking()) {
             currentThread().setContextClassLoader(cl);
         } else {
             doPrivileged(new SetContextClassLoaderAction(cl));

diff --git a/connector/src/main/java/org/jboss/as/connector/services/workmanager/WorkManagerService.java b/connector/src/main/java/org/jboss/as/connector/services/workmanager/WorkManagerService.java
@@ -23,7 +23,6 @@
 package org.jboss.as.connector.services.workmanager;
 
 import static java.lang.System.getProperty;
-import static java.lang.System.getSecurityManager;
 import static java.security.AccessController.doPrivileged;
 import static org.jboss.as.connector.logging.ConnectorLogger.ROOT_LOGGER;
 
@@ -43,6 +42,7 @@
 import org.jboss.msc.value.InjectedValue;
 import org.jboss.threads.BlockingExecutor;
 import org.jboss.tm.JBossXATerminator;
+import org.wildfly.security.manager.WildFlySecurityManager;
 
 /**
  * A WorkManager Service.
@@ -90,7 +90,7 @@ public void start(StartContext context) throws StartException {
         this.value.setXATerminator(new XATerminatorImpl(xaTerminator.getValue()));
 
         // TODO - Remove and do proper integration (IronJacamar 1.1)
-        String callbackProperties = getSecurityManager() == null ? getProperty("callback.properties") : doPrivileged(new ReadPropertyAction("callback.properties"));
+        String callbackProperties = ! WildFlySecurityManager.isChecking() ? getProperty("callback.properties") : doPrivileged(new ReadPropertyAction("callback.properties"));
         if (callbackProperties != null) {
             try {
                 DefaultCallback defaultCallback = new DefaultCallback(callbackProperties);