equal
deleted
inserted
replaced
116 /** |
116 /** |
117 * Convenience method to get a property without going through doPrivileged |
117 * Convenience method to get a property without going through doPrivileged |
118 * if no security manager is present. This is unsafe for inclusion in a |
118 * if no security manager is present. This is unsafe for inclusion in a |
119 * public API but allowable here since this class is now encapsulated. |
119 * public API but allowable here since this class is now encapsulated. |
120 * |
120 * |
|
121 * Note that this method performs a privileged action using caller-provided |
|
122 * inputs. The caller of this method should take care to ensure that the |
|
123 * inputs are not tainted and the returned property is not made accessible |
|
124 * to untrusted code if it contains sensitive information. |
|
125 * |
121 * @param theProp the name of the system property. |
126 * @param theProp the name of the system property. |
122 */ |
127 */ |
123 public static Integer getProperty(String theProp) { |
128 public static Integer privilegedGetProperty(String theProp) { |
124 if (System.getSecurityManager() == null) { |
129 if (System.getSecurityManager() == null) { |
125 return Integer.getInteger(theProp); |
130 return Integer.getInteger(theProp); |
126 } else { |
131 } else { |
127 return AccessController.doPrivileged( |
132 return AccessController.doPrivileged( |
128 new GetIntegerAction(theProp)); |
133 new GetIntegerAction(theProp)); |
132 /** |
137 /** |
133 * Convenience method to get a property without going through doPrivileged |
138 * Convenience method to get a property without going through doPrivileged |
134 * if no security manager is present. This is unsafe for inclusion in a |
139 * if no security manager is present. This is unsafe for inclusion in a |
135 * public API but allowable here since this class is now encapsulated. |
140 * public API but allowable here since this class is now encapsulated. |
136 * |
141 * |
|
142 * Note that this method performs a privileged action using caller-provided |
|
143 * inputs. The caller of this method should take care to ensure that the |
|
144 * inputs are not tainted and the returned property is not made accessible |
|
145 * to untrusted code if it contains sensitive information. |
|
146 * |
137 * @param theProp the name of the system property. |
147 * @param theProp the name of the system property. |
138 * @param defaultVal the default value. |
148 * @param defaultVal the default value. |
139 */ |
149 */ |
140 public static Integer getProperty(String theProp, int defaultVal) { |
150 public static Integer privilegedGetProperty(String theProp, |
|
151 int defaultVal) { |
141 Integer value; |
152 Integer value; |
142 if (System.getSecurityManager() == null) { |
153 if (System.getSecurityManager() == null) { |
143 value = Integer.getInteger(theProp); |
154 value = Integer.getInteger(theProp); |
144 } else { |
155 } else { |
145 value = AccessController.doPrivileged( |
156 value = AccessController.doPrivileged( |