--- a/jaxp/src/org/xml/sax/helpers/NewInstance.java Wed Jul 05 18:46:58 2017 +0200
+++ b/jaxp/src/org/xml/sax/helpers/NewInstance.java Mon Feb 18 11:33:35 2013 -0800
@@ -54,9 +54,10 @@
* including versions of Java 2.</p>
*
* @author Edwin Goei, David Brownell
+ * @version 2.0.1 (sax2r2)
*/
class NewInstance {
-
+ private static final String DEFAULT_PACKAGE = "com.sun.org.apache.xerces.internal";
/**
* Creates a new instance of the specified class name
*
@@ -66,8 +67,16 @@
throws ClassNotFoundException, IllegalAccessException,
InstantiationException
{
+ // make sure we have access to restricted packages
+ boolean internal = false;
+ if (System.getSecurityManager() != null) {
+ if (className != null && className.startsWith(DEFAULT_PACKAGE)) {
+ internal = true;
+ }
+ }
+
Class driverClass;
- if (classLoader == null) {
+ if (classLoader == null || internal) {
driverClass = Class.forName(className);
} else {
driverClass = classLoader.loadClass(className);
@@ -75,29 +84,4 @@
return driverClass.newInstance();
}
- /**
- * Figure out which ClassLoader to use. For JDK 1.2 and later use
- * the context ClassLoader.
- */
- static ClassLoader getClassLoader ()
- {
- Method m = null;
-
- try {
- m = Thread.class.getMethod("getContextClassLoader", (Class[]) null);
- } catch (NoSuchMethodException e) {
- // Assume that we are running JDK 1.1, use the current ClassLoader
- return NewInstance.class.getClassLoader();
- }
-
- try {
- return (ClassLoader) m.invoke(Thread.currentThread(), (Object[]) null);
- } catch (IllegalAccessException e) {
- // assert(false)
- throw new UnknownError(e.getMessage());
- } catch (InvocationTargetException e) {
- // assert(e.getTargetException() instanceof SecurityException)
- throw new UnknownError(e.getMessage());
- }
- }
}