1644 return false;
1645
1646 processQueue(Caches.subclassAuditsQueue, Caches.subclassAudits);
1647 WeakClassKey key = new WeakClassKey(cl, Caches.subclassAuditsQueue);
1648 Boolean result = Caches.subclassAudits.get(key);
1649 if (result == null) {
1650 result = Boolean.valueOf(auditSubclass(cl));
1651 Caches.subclassAudits.putIfAbsent(key, result);
1652 }
1653
1654 return result.booleanValue();
1655 }
1656
1657 /**
1658 * Performs reflective checks on given subclass to verify that it doesn't
1659 * override security-sensitive non-final methods. Returns true if the
1660 * subclass overrides any of the methods, false otherwise.
1661 */
1662 private static boolean auditSubclass(final Class<?> subcl) {
1663 Boolean result = AccessController.doPrivileged(
1664 new PrivilegedAction<Boolean>() {
1665 public Boolean run() {
1666 for (Class<?> cl = subcl;
1667 cl != Thread.class;
1668 cl = cl.getSuperclass())
1669 {
1670 try {
1671 cl.getDeclaredMethod("getContextClassLoader", new Class<?>[0]);
1672 return Boolean.TRUE;
1673 } catch (NoSuchMethodException ex) {
1674 }
1675 try {
1676 Class<?>[] params = {ClassLoader.class};
1677 cl.getDeclaredMethod("setContextClassLoader", params);
1678 return Boolean.TRUE;
1679 } catch (NoSuchMethodException ex) {
1680 }
1681 }
1682 return Boolean.FALSE;
1683 }
1684 }
|
1644 return false;
1645
1646 processQueue(Caches.subclassAuditsQueue, Caches.subclassAudits);
1647 WeakClassKey key = new WeakClassKey(cl, Caches.subclassAuditsQueue);
1648 Boolean result = Caches.subclassAudits.get(key);
1649 if (result == null) {
1650 result = Boolean.valueOf(auditSubclass(cl));
1651 Caches.subclassAudits.putIfAbsent(key, result);
1652 }
1653
1654 return result.booleanValue();
1655 }
1656
1657 /**
1658 * Performs reflective checks on given subclass to verify that it doesn't
1659 * override security-sensitive non-final methods. Returns true if the
1660 * subclass overrides any of the methods, false otherwise.
1661 */
1662 private static boolean auditSubclass(final Class<?> subcl) {
1663 Boolean result = AccessController.doPrivileged(
1664 new PrivilegedAction<>() {
1665 public Boolean run() {
1666 for (Class<?> cl = subcl;
1667 cl != Thread.class;
1668 cl = cl.getSuperclass())
1669 {
1670 try {
1671 cl.getDeclaredMethod("getContextClassLoader", new Class<?>[0]);
1672 return Boolean.TRUE;
1673 } catch (NoSuchMethodException ex) {
1674 }
1675 try {
1676 Class<?>[] params = {ClassLoader.class};
1677 cl.getDeclaredMethod("setContextClassLoader", params);
1678 return Boolean.TRUE;
1679 } catch (NoSuchMethodException ex) {
1680 }
1681 }
1682 return Boolean.FALSE;
1683 }
1684 }
|