Browse Source

REPORT-95576 spring framework 高危漏洞,需要删除类

release/11.0
Yuan.Wang 2 years ago
parent
commit
d1be0d93da
  1. 4
      fine-spring/src/main/java/com/fr/third/springframework/ejb/access/AbstractRemoteSlsbInvokerInterceptor.java
  2. 40
      fine-spring/src/main/java/com/fr/third/springframework/ejb/access/SimpleRemoteSlsbInvokerInterceptor.java

4
fine-spring/src/main/java/com/fr/third/springframework/ejb/access/AbstractRemoteSlsbInvokerInterceptor.java

@ -22,13 +22,11 @@ import java.rmi.RemoteException;
import javax.ejb.EJBHome;
import javax.ejb.EJBObject;
import javax.naming.NamingException;
import javax.rmi.PortableRemoteObject;
import org.aopalliance.intercept.MethodInvocation;
import com.fr.third.springframework.remoting.RemoteConnectFailureException;
import com.fr.third.springframework.remoting.RemoteLookupFailureException;
import com.fr.third.springframework.remoting.rmi.RmiClientInterceptorUtils;
/**
* Base class for interceptors proxying remote Stateless Session Beans.
@ -162,7 +160,7 @@ public abstract class AbstractRemoteSlsbInvokerInterceptor extends AbstractSlsbI
* @see com.fr.third.springframework.remoting.rmi.RmiClientInterceptorUtils#isConnectFailure
*/
protected boolean isConnectFailure(RemoteException ex) {
return RmiClientInterceptorUtils.isConnectFailure(ex);
throw new UnsupportedOperationException();
}
private Object handleRemoteConnectFailure(MethodInvocation invocation, Exception ex) throws Throwable {

40
fine-spring/src/main/java/com/fr/third/springframework/ejb/access/SimpleRemoteSlsbInvokerInterceptor.java

@ -16,17 +16,12 @@
package com.fr.third.springframework.ejb.access;
import java.lang.reflect.InvocationTargetException;
import java.rmi.RemoteException;
import javax.ejb.CreateException;
import javax.ejb.EJBObject;
import javax.naming.NamingException;
import com.fr.third.springframework.beans.factory.DisposableBean;
import org.aopalliance.intercept.MethodInvocation;
import com.fr.third.springframework.beans.factory.DisposableBean;
import com.fr.third.springframework.remoting.RemoteLookupFailureException;
import com.fr.third.springframework.remoting.rmi.RmiClientInterceptorUtils;
import javax.ejb.EJBObject;
import javax.naming.NamingException;
import java.lang.reflect.InvocationTargetException;
/**
* Basic invoker for a remote Stateless Session Bean.
@ -92,32 +87,7 @@ public class SimpleRemoteSlsbInvokerInterceptor extends AbstractRemoteSlsbInvoke
*/
@Override
protected Object doInvoke(MethodInvocation invocation) throws Throwable {
Object ejb = null;
try {
ejb = getSessionBeanInstance();
return RmiClientInterceptorUtils.invokeRemoteMethod(invocation, ejb);
}
catch (NamingException ex) {
throw new RemoteLookupFailureException("Failed to locate remote EJB [" + getJndiName() + "]", ex);
}
catch (InvocationTargetException ex) {
Throwable targetEx = ex.getTargetException();
if (targetEx instanceof RemoteException) {
RemoteException rex = (RemoteException) targetEx;
throw RmiClientInterceptorUtils.convertRmiAccessException(
invocation.getMethod(), rex, isConnectFailure(rex), getJndiName());
}
else if (targetEx instanceof CreateException) {
throw RmiClientInterceptorUtils.convertRmiAccessException(
invocation.getMethod(), targetEx, "Could not create remote EJB [" + getJndiName() + "]");
}
throw targetEx;
}
finally {
if (ejb instanceof EJBObject) {
releaseSessionBeanInstance((EJBObject) ejb);
}
}
throw new UnsupportedOperationException();
}
/**

Loading…
Cancel
Save