use full privileges when checking whether to prompt user or not

2010-12-17  Omair Majid  <[email protected]>

    * netx/net/sourceforge/jnlp/security/SecurityWarning.java
    (shouldPromptUser): Use full privileges when checking configuration. This
    value is not security-sensitive and the method is private.
    * netx/net/sourceforge/jnlp/services/ServiceUtil.java
    (shouldPromptUser): Likewise.

1 files changed, 7 insertions, 2 deletions

diff --git a/netx/net/sourceforge/jnlp/services/ServiceUtil.java b/netx/net/sourceforge/jnlp/services/ServiceUtil.java
index b55bba4..d030395 100644
--- a/netx/net/sourceforge/jnlp/services/ServiceUtil.java
+++ b/netx/net/sourceforge/jnlp/services/ServiceUtil.java
@@ -299,8 +299,13 @@ public class ServiceUtil {
      * @return true if the user should be prompted for JNLP API related permissions.
      */
     private static boolean shouldPromptUser() {
-        return Boolean.valueOf(JNLPRuntime.getConfiguration()
-                .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP));
+        return AccessController.doPrivileged(new PrivilegedAction<Boolean >() {
+            @Override
+            public Boolean run() {
+                return Boolean.valueOf(JNLPRuntime.getConfiguration()
+                        .getProperty(DeploymentConfiguration.KEY_SECURITY_PROMPT_USER_FOR_JNLP));
+            }
+        });
     }
 
 }