CDI-727 CDI.current() should use privileged block (#391)

api/pom.xml

@@ -317,6 +317,9 @@
 							<goal>test</goal>
 						</goals>
 						<configuration>
+							<systemPropertyVariables>
+								<serviceDir>${project.build.testOutputDirectory}/META-INF/services/</serviceDir>
+							</systemPropertyVariables>
 							<includes>
 								<include>**/privileged/**</include>
 							</includes>

api/src/main/java/javax/enterprise/inject/spi/CDI.java

@@ -115,7 +115,7 @@ private static void findAllProviders() {
         ServiceLoader<CDIProvider> providerLoader;
         Set<CDIProvider> providers = new TreeSet<>(Comparator.comparingInt(CDIProvider::getPriority).reversed());
 
-        providerLoader = ServiceLoader.load(CDIProvider.class, CDI.class.getClassLoader());
+        providerLoader = SecurityActions.loadService(CDIProvider.class, CDI.class.getClassLoader());
 
         if(! providerLoader.iterator().hasNext()) {
             throw new IllegalStateException("Unable to locate CDIProvider");

api/src/main/java/javax/enterprise/inject/spi/SecurityActions.java

@@ -0,0 +1,42 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2018, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * Licensed under the Apache License, Version 2.1-SNAPSHOT (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.1-SNAPSHOT
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package javax.enterprise.inject.spi;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.util.ServiceLoader;
+
+/**
+ *
+ * This utility class is used to optimize invocation made through the SecurityManager
+ *
+ * @author Antoine Sabot-durand
+ */
+
+final class SecurityActions {
+
+    private SecurityActions() {
+
+    }
+
+    static <T> ServiceLoader<T> loadService(Class<T> service, ClassLoader classLoader) {
+        return AccessController.doPrivileged(
+                (PrivilegedAction<ServiceLoader<T>>) () -> ServiceLoader.load(service, classLoader)
+        );
+    }
+}

api/src/test/java/org/jboss/cdi/api/test/privileged/CDIPrivilegedTest.java

@@ -0,0 +1,53 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2018, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * Licensed under the Apache License, Version 2.1-SNAPSHOT (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.1-SNAPSHOT
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.jboss.cdi.api.test.privileged;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Paths;
+
+import javax.enterprise.inject.spi.CDI;
+import javax.enterprise.inject.spi.CDIProvider;
+
+import org.testng.Assert;
+import org.testng.annotations.Test;
+
+/**
+ * Test for CDIProvider resolution in CDI abstract class.
+ *
+ * @author Antoine Sabot-durand
+ */
+public class CDIPrivilegedTest {
+
+    private static final String SERVICE_PATH = System.getProperty("serviceDir");
+
+    private static final String SERVICE_FILE_NAME = SERVICE_PATH + CDIProvider.class.getName();
+
+
+    @Test
+    public void cdiCurrentShouldWork() {
+        try {
+            Files.copy(Paths.get(SERVICE_PATH + "fake"), Paths.get(SERVICE_FILE_NAME));
+        } catch (IOException e) {
+            Assert.fail("Unabale to create service loader file", e);
+        }
+        Assert.assertEquals(CDI.current().getClass(), FakeCDIProvider.FakeCDI.class);
+
+    }
+
+}

api/src/test/java/org/jboss/cdi/api/test/privileged/FakeCDIProvider.java

@@ -0,0 +1,94 @@
+/*
+ * JBoss, Home of Professional Open Source
+ * Copyright 2018, Red Hat, Inc., and individual contributors
+ * by the @authors tag. See the copyright.txt in the distribution for a
+ * full listing of individual contributors.
+ *
+ * Licensed under the Apache License, Version 2.1-SNAPSHOT (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * http://www.apache.org/licenses/LICENSE-2.1-SNAPSHOT
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.jboss.cdi.api.test.privileged;
+
+import java.lang.annotation.Annotation;
+import java.util.Iterator;
+
+import javax.enterprise.inject.Instance;
+import javax.enterprise.inject.spi.BeanManager;
+import javax.enterprise.inject.spi.CDI;
+import javax.enterprise.inject.spi.CDIProvider;
+import javax.enterprise.util.TypeLiteral;
+
+/**
+ * A fake CDI Provider for testing
+ * @author Antoine Sabot-Durand
+ */
+public class FakeCDIProvider implements CDIProvider {
+
+    @Override
+    public CDI<Object> getCDI() {
+        return new FakeCDI();
+    }
+
+    @Override
+    public int getPriority() {
+        return 20;
+    }
+
+    public static class FakeCDI extends CDI<Object> {
+
+
+        @Override
+        public BeanManager getBeanManager() {
+            return null;
+        }
+
+        @Override
+        public Instance<Object> select(Annotation... qualifiers) {
+            return null;
+        }
+
+        @Override
+        public <U> Instance<U> select(Class<U> subtype, Annotation... qualifiers) {
+            return null;
+        }
+
+        @Override
+        public <U> Instance<U> select(TypeLiteral<U> subtype, Annotation... qualifiers) {
+            return null;
+        }
+
+        @Override
+        public boolean isUnsatisfied() {
+            return false;
+        }
+
+        @Override
+        public boolean isAmbiguous() {
+            return false;
+        }
+
+        @Override
+        public void destroy(Object instance) {
+
+        }
+
+        @Override
+        public Iterator<Object> iterator() {
+            return null;
+        }
+
+        @Override
+        public Object get() {
+            return null;
+        }
+    }
+
+}

api/src/test/resources/META-INF/services/fake

@@ -0,0 +1 @@
+org.jboss.cdi.api.test.privileged.FakeCDIProvider

api/src/test/resources/java.policy

@@ -17,6 +17,11 @@ grant codeBase "file:${project.build.outputDirectory}/-" {
         permission java.security.AllPermission;
 };
 
+grant codeBase "file:${project.build.testOutputDirectory}/-" {
+        permission java.util.PropertyPermission "serviceDir", "read";
+        permission java.io.FilePermission "${project.build.testOutputDirectory}/META-INF/services/javax.enterprise.inject.spi.CDIProvider", "write";
+};
+
 
 // default permissions granted to all domains