SPR-6308 - Spring Expression Language creates systemProperties bean calling System.getProperties() which in enterprise shared containers is locked down

This commit is contained in:
Arjen Poutsma
2009-11-11 16:39:20 +00:00
parent 7844a633b5
commit 68f57aa953
3 changed files with 165 additions and 11 deletions

View File

@@ -17,6 +17,8 @@
package org.springframework.context.expression;
import java.io.Serializable;
import java.security.AccessControlException;
import java.security.Permission;
import java.util.Properties;
import org.apache.commons.logging.Log;
@@ -236,6 +238,45 @@ public class ApplicationContextExpressionTests {
assertTrue("Prototype creation took too long: " + sw.getTotalTimeMillis(), sw.getTotalTimeMillis() < 6000);
}
@Test
public void systemPropertiesSecurityManager() {
GenericApplicationContext ac = new GenericApplicationContext();
AnnotationConfigUtils.registerAnnotationConfigProcessors(ac);
GenericBeanDefinition bd = new GenericBeanDefinition();
bd.setBeanClass(TestBean.class);
bd.getPropertyValues().addPropertyValue("country", "#{systemProperties.country}");
ac.registerBeanDefinition("tb", bd);
SecurityManager oldSecurityManager = System.getSecurityManager();
try {
System.setProperty("country", "NL");
SecurityManager securityManager = new SecurityManager() {
@Override
public void checkPropertiesAccess() {
throw new AccessControlException("Not Allowed");
}
@Override
public void checkPermission(Permission perm) {
// allow everything else
}
};
System.setSecurityManager(securityManager);
ac.refresh();
TestBean tb = ac.getBean("tb", TestBean.class);
assertEquals("NL", tb.getCountry());
}
finally {
System.setSecurityManager(oldSecurityManager);
System.getProperties().remove("country");
}
}
public static class ValueTestBean implements Serializable {