KEYCLOAK-4148 [AbstractParser] instantiate XMLInputFactory in singleton-like manner

2017-01-04 08:06:56 +01:00 · 2017-01-04 08:06:56 +01:00 · 5150251141
commit 5150251141
parent 732d56b0c0
2 changed files with 16 additions and 35 deletions
--- a/saml-core/src/main/java/org/keycloak/saml/common/parsers/AbstractParser.java
+++ b/saml-core/src/main/java/org/keycloak/saml/common/parsers/AbstractParser.java
@ -21,6 +21,7 @@ import org.keycloak.saml.common.PicketLinkLogger;
 import org.keycloak.saml.common.PicketLinkLoggerFactory;
 import org.keycloak.saml.common.constants.GeneralConstants;
 import org.keycloak.saml.common.exceptions.ParsingException;
+import org.keycloak.saml.common.util.SecurityActions;
 import org.keycloak.saml.common.util.StaxParserUtil;
 import org.keycloak.saml.common.util.SystemPropertiesUtil;

@ -32,8 +33,6 @@ import javax.xml.stream.events.Characters;
 import javax.xml.stream.events.XMLEvent;
 import javax.xml.stream.util.EventReaderDelegate;
 import java.io.InputStream;
-import java.security.AccessController;
-import java.security.PrivilegedAction;

 /**
 * Base class for parsers
@ -45,23 +44,30 @@ public abstract class AbstractParser implements ParserNamespaceSupport {

    protected static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();

+    private static final ThreadLocal<XMLInputFactory> XML_INPUT_FACTORY = new ThreadLocal<XMLInputFactory>() {
+        @Override
+        protected XMLInputFactory initialValue() {
+            return getXMLInputFactory();
+        }
+    };
+
    /**
     * Get the JAXP {@link XMLInputFactory}
     *
     * @return
     */
-    protected XMLInputFactory getXMLInputFactory() {
+    private static XMLInputFactory getXMLInputFactory() {
        boolean tccl_jaxp = SystemPropertiesUtil.getSystemProperty(GeneralConstants.TCCL_JAXP, "false")
                .equalsIgnoreCase("true");
-        ClassLoader prevTCCL = getTCCL();
+        ClassLoader prevTCCL = SecurityActions.getTCCL();
        try {
            if (tccl_jaxp) {
-                setTCCL(getClass().getClassLoader());
+                SecurityActions.setTCCL(AbstractParser.class.getClassLoader());
            }
            return XMLInputFactory.newInstance();
        } finally {
            if (tccl_jaxp) {
-                setTCCL(prevTCCL);
+                SecurityActions.setTCCL(prevTCCL);
            }
        }
    }
@ -96,33 +102,8 @@ public abstract class AbstractParser implements ParserNamespaceSupport {
        return xmlEventReader;
    }

-    private ClassLoader getTCCL() {
-        if (System.getSecurityManager() != null) {
-            return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
-                public ClassLoader run() {
-                    return Thread.currentThread().getContextClassLoader();
-                }
-            });
-        } else {
-            return Thread.currentThread().getContextClassLoader();
-        }
-    }
-
-    private void setTCCL(final ClassLoader paramCl) {
-        if (System.getSecurityManager() != null) {
-            AccessController.doPrivileged(new PrivilegedAction<Void>() {
-                public Void run() {
-                    Thread.currentThread().setContextClassLoader(paramCl);
-                    return null;
-                }
-            });
-        } else {
-            Thread.currentThread().setContextClassLoader(paramCl);
-        }
-    }
-
    protected XMLEventReader filterWhitespaces(XMLEventReader xmlEventReader) throws XMLStreamException {
-        XMLInputFactory xmlInputFactory = getXMLInputFactory();
+        XMLInputFactory xmlInputFactory = XML_INPUT_FACTORY.get();

        xmlEventReader = xmlInputFactory.createFilteredReader(xmlEventReader, new EventFilter() {
            public boolean accept(XMLEvent xmlEvent) {
--- a/saml-core/src/main/java/org/keycloak/saml/common/util/SecurityActions.java
+++ b/saml-core/src/main/java/org/keycloak/saml/common/util/SecurityActions.java
@ -26,7 +26,7 @@ import java.security.PrivilegedAction;
 * @author Anil.Saldhana@redhat.com
 * @since Dec 9, 2008
 */
-class SecurityActions {
+public class SecurityActions {

    /**
     * <p> Loads a {@link Class} using the <code>fullQualifiedName</code> supplied. This method tries first to load from
@ -186,7 +186,7 @@ class SecurityActions {
     *
     * @return
     */
-    static ClassLoader getTCCL() {
+    public static ClassLoader getTCCL() {
        if (System.getSecurityManager() != null) {
            return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
                public ClassLoader run() {
@ -203,7 +203,7 @@ class SecurityActions {
     *
     * @param paramCl
     */
-    static void setTCCL(final ClassLoader paramCl) {
+    public static void setTCCL(final ClassLoader paramCl) {
        if (System.getSecurityManager() != null) {
            AccessController.doPrivileged(new PrivilegedAction<Void>() {
                public Void run() {