SPR-6308 - Spring Expression Language creates systemProperties bean calling System.getProperties() which in enterprise shared containers is locked down
This commit is contained in:
@@ -17,6 +17,8 @@
|
||||
package org.springframework.context.expression;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.security.AccessControlException;
|
||||
import java.security.Permission;
|
||||
import java.util.Properties;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
@@ -236,6 +238,45 @@ public class ApplicationContextExpressionTests {
|
||||
assertTrue("Prototype creation took too long: " + sw.getTotalTimeMillis(), sw.getTotalTimeMillis() < 6000);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void systemPropertiesSecurityManager() {
|
||||
GenericApplicationContext ac = new GenericApplicationContext();
|
||||
AnnotationConfigUtils.registerAnnotationConfigProcessors(ac);
|
||||
|
||||
|
||||
GenericBeanDefinition bd = new GenericBeanDefinition();
|
||||
bd.setBeanClass(TestBean.class);
|
||||
bd.getPropertyValues().addPropertyValue("country", "#{systemProperties.country}");
|
||||
ac.registerBeanDefinition("tb", bd);
|
||||
|
||||
SecurityManager oldSecurityManager = System.getSecurityManager();
|
||||
try {
|
||||
System.setProperty("country", "NL");
|
||||
|
||||
SecurityManager securityManager = new SecurityManager() {
|
||||
@Override
|
||||
public void checkPropertiesAccess() {
|
||||
throw new AccessControlException("Not Allowed");
|
||||
}
|
||||
|
||||
@Override
|
||||
public void checkPermission(Permission perm) {
|
||||
// allow everything else
|
||||
}
|
||||
|
||||
};
|
||||
System.setSecurityManager(securityManager);
|
||||
ac.refresh();
|
||||
|
||||
TestBean tb = ac.getBean("tb", TestBean.class);
|
||||
assertEquals("NL", tb.getCountry());
|
||||
|
||||
}
|
||||
finally {
|
||||
System.setSecurityManager(oldSecurityManager);
|
||||
System.getProperties().remove("country");
|
||||
}
|
||||
}
|
||||
|
||||
public static class ValueTestBean implements Serializable {
|
||||
|
||||
|
||||
Reference in New Issue
Block a user