| CODENOTIFIER | HelpYou are not signed inSign in |
Project: Acegi
Revision: 3270
Author: benalex
Date: 05 Sep 2008 01:33:41
Changes:SEC-951: Overcome serialization error caused by BasicLookupStrategy failing to modify AccessControlEntryImpl.acl field to the replacement AclImpl (previously old references to StubAclParent were retained).
Files:| ...... | @@ -18,12 +18,14 @@ | |
| 18 | 18 | import java.sql.PreparedStatement; |
| 19 | 19 | import java.sql.ResultSet; |
| 20 | 20 | import java.sql.SQLException; |
| 21 | import java.util.ArrayList; | |
| 21 | 22 | import java.util.HashMap; |
| 22 | 23 | import java.util.HashSet; |
| 23 | 24 | import java.util.Iterator; |
| 24 | 25 | import java.util.List; |
| 25 | 26 | import java.util.Map; |
| 26 | 27 | import java.util.Set; |
| 28 | import java.util.Vector; | |
| 27 | 29 | |
| 28 | 30 | import javax.sql.DataSource; |
| 29 | 31 | |
| ...... | @@ -173,14 +175,33 @@ | |
| 173 | 175 | auditLogger, parent, null, inputAcl.isEntriesInheriting(), inputAcl.getOwner()); |
| 174 | 176 | |
| 175 | 177 | // Copy the "aces" from the input to the destination |
| 176 | Field field = FieldUtils.getField(AclImpl.class, "aces"); | |
| 177 | ||
| 178 | Field fieldAces = FieldUtils.getField(AclImpl.class, "aces"); | |
| 179 | Field fieldAcl = FieldUtils.getField(AccessControlEntryImpl.class, "acl"); | |
| 180 | ||
| 178 | 181 | try { |
| 179 | field.setAccessible(true); | |
| 180 | field.set(result, field.get(inputAcl)); | |
| 182 | fieldAces.setAccessible(true); | |
| 183 | fieldAcl.setAccessible(true); | |
| 184 | ||
| 185 | // Obtain the "aces" from the input ACL | |
| 186 | Iterator i = ((List) fieldAces.get(inputAcl)).iterator(); | |
| 187 | ||
| 188 | // Create a list in which to store the "aces" for the "result" AclImpl instance | |
| 189 | List acesNew = new ArrayList(); | |
| 190 | ||
| 191 | // Iterate over the "aces" input and replace each nested AccessControlEntryImpl.getAcl() with the new "result" AclImpl instance | |
| 192 | // This ensures StubAclParent instances are removed, as per SEC-951 | |
| 193 | while(i.hasNext()) { | |
| 194 | AccessControlEntryImpl ace = (AccessControlEntryImpl) i.next(); | |
| 195 | fieldAcl.set(ace, result); | |
| 196 | acesNew.add(ace); | |
| 197 | } | |
| 198 | ||
| 199 | // Finally, now that the "aces" have been converted to have the "result" AclImpl instance, modify the "result" AclImpl instance | |
| 200 | fieldAces.set(result, acesNew); | |
| 181 | 201 | } catch (IllegalAccessException ex) { |
| 182 | throw new IllegalStateException("Could not obtain or set AclImpl.ace field"); | |
| 202 | throw new IllegalStateException("Could not obtain or set AclImpl or AccessControlEntryImpl fields"); | |
| 183 | 203 | } |
| 204 | ||
| 184 | 205 | |
| 185 | 206 | return result; |
| 186 | 207 | } |