/hg/release/icedtea-web-1.0: use full privileges when checking w...

[omajid at icedtea.classpath.org]

changeset 4afa92b88e74 in /hg/release/icedtea-web-1.0
details: http://icedtea.classpath.org/hg/release/icedtea-web-1.0?cmd=changeset;node=4afa92b88e74
author: Omair Majid <omajid at redhat.com>
date: Fri Dec 24 15:17:35 2010 -0500

	use full privileges when checking whether to prompt user or not

	2010-12-24 Omair Majid <omajid at redhat.com>

	 * netx/net/sourceforge/jnlp/security/SecurityWarning.java
	(shouldPromptUser): Use full privileges when checking configuration.
	This value is not security-sensitive and the method is private.
	    * netx/net/sourceforge/jnlp/services/ServiceUtil.java
	(shouldPromptUser): Likewise.


diffstat:

3 files changed, 22 insertions(+), 4 deletions(-)
ChangeLog                                               |    8 ++++++++
netx/net/sourceforge/jnlp/security/SecurityWarning.java |    9 +++++++--
netx/net/sourceforge/jnlp/services/ServiceUtil.java     |    9 +++++++--

diffs (53 lines):

diff -r f8c085a5c7a2 -r 4afa92b88e74 ChangeLog
--- a/ChangeLog	Wed Dec 22 17:14:44 2010 -0500
+++ b/ChangeLog	Fri Dec 24 15:17:35 2010 -0500
@@ -1,3 +1,11 @@ 2010-12-22  Deepak Bhole <dbhole at redhat.
+2010-12-24  Omair Majid  <omajid at redhat.com>
+
+	* netx/net/sourceforge/jnlp/security/SecurityWarning.java
+	(shouldPromptUser): Use full privileges when checking configuration. This
+	value is not security-sensitive and the method is private.
+	* netx/net/sourceforge/jnlp/services/ServiceUtil.java
+	(shouldPromptUser): Likewise.
+
 2010-12-22  Deepak Bhole <dbhole at redhat.com>
 
 	RH665104: OpenJDK Firefox Java plugin loses a cookie
diff -r f8c085a5c7a2 -r 4afa92b88e74 netx/net/sourceforge/jnlp/security/SecurityWarning.java
--- a/netx/net/sourceforge/jnlp/security/SecurityWarning.java	Wed Dec 22 17:14:44 2010 -0500
+++ b/netx/net/sourceforge/jnlp/security/SecurityWarning.java	Fri Dec 24 15:17:35 2010 -0500
@@ -319,8 +319,13 @@ public class SecurityWarning {
      * @return true if security warnings should be shown to the user.
      */
     private static boolean shouldPromptUser() {
-        return Boolean.valueOf(JNLPRuntime.getConfiguration()
-                .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER));
+        return AccessController.doPrivileged(new PrivilegedAction<Boolean >() {
+            @Override
+            public Boolean run() {
+                return Boolean.valueOf(JNLPRuntime.getConfiguration()
+                        .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER));
+            }
+        });
     }
 
 }
diff -r f8c085a5c7a2 -r 4afa92b88e74 netx/net/sourceforge/jnlp/services/ServiceUtil.java
--- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java	Wed Dec 22 17:14:44 2010 -0500
+++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java	Fri Dec 24 15:17:35 2010 -0500
@@ -299,8 +299,13 @@ public class ServiceUtil {
      * @return true if the user should be prompted for JNLP API related permissions.
      */
     private static boolean shouldPromptUser() {
-        return Boolean.valueOf(JNLPRuntime.getConfiguration()
-                .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP));
+        return AccessController.doPrivileged(new PrivilegedAction<Boolean >() {
+            @Override
+            public Boolean run() {
+                return Boolean.valueOf(JNLPRuntime.getConfiguration()
+                        .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP));
+            }
+        });
     }
 
 }