You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by rf...@apache.org on 2008/03/27 00:37:30 UTC
svn commit: r641645 - in /incubator/tuscany/java/sca/modules:
binding-ejb/src/main/java/org/apache/tuscany/sca/binding/ejb/util/
binding-sca/src/main/java/org/apache/tuscany/sca/binding/sca/
contribution-impl/src/main/java/org/apache/tuscany/sca/contri...
Author: rfeng
Date: Wed Mar 26 16:37:28 2008
New Revision: 641645
URL: http://svn.apache.org/viewvc?rev=641645&view=rev
Log:
Apply the patch from Dan Becker on TUSCANY-2108. Thanks Dan for the contribution!
Modified:
incubator/tuscany/java/sca/modules/binding-ejb/src/main/java/org/apache/tuscany/sca/binding/ejb/util/JavaReflectionAdapter.java
incubator/tuscany/java/sca/modules/binding-sca/src/main/java/org/apache/tuscany/sca/binding/sca/SCABindingDefinitionsProvider.java
incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/processor/impl/FolderContributionProcessor.java
incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/ContributionRepositoryImpl.java
incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/ContributionServiceImpl.java
incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/PackageTypeDescriberImpl.java
incubator/tuscany/java/sca/modules/contribution-java/src/main/java/org/apache/tuscany/sca/contribution/java/impl/ClassReferenceModelResolver.java
incubator/tuscany/java/sca/modules/contribution-java/src/main/java/org/apache/tuscany/sca/contribution/java/impl/ContributionClassLoader.java
incubator/tuscany/java/sca/modules/contribution-java/src/test/java/org/apache/tuscany/sca/contribution/java/impl/ContributionClassLoaderTestCase.java
incubator/tuscany/java/sca/modules/contribution/src/main/java/org/apache/tuscany/sca/contribution/processor/DefaultValidatingXMLInputFactory.java
incubator/tuscany/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/conversation/ConversationManagerImpl.java
incubator/tuscany/java/sca/modules/definitions-xml/src/main/java/org/apache/tuscany/sca/definitions/xml/SCADefinitionsDocumentProcessor.java
incubator/tuscany/java/sca/modules/extensibility/src/main/java/org/apache/tuscany/sca/extensibility/ServiceDiscovery.java
incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/SCADomain.java
incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/DefaultSCADomain.java
incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/ReallySmallRuntimeBuilder.java
incubator/tuscany/java/sca/modules/implementation-java-runtime/src/main/java/org/apache/tuscany/sca/implementation/java/injection/MethodInjector.java
incubator/tuscany/java/sca/modules/implementation-java/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JavaIntrospectionHelper.java
incubator/tuscany/java/sca/modules/policy-logging/src/main/java/org/apache/tuscany/sca/policy/logging/LoggingPolicyDefinitionsProvider.java
incubator/tuscany/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java
incubator/tuscany/java/sca/modules/policy/src/main/java/org/apache/tuscany/sca/policy/util/PolicyComputationUtils.java
Modified: incubator/tuscany/java/sca/modules/binding-ejb/src/main/java/org/apache/tuscany/sca/binding/ejb/util/JavaReflectionAdapter.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/binding-ejb/src/main/java/org/apache/tuscany/sca/binding/ejb/util/JavaReflectionAdapter.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/binding-ejb/src/main/java/org/apache/tuscany/sca/binding/ejb/util/JavaReflectionAdapter.java (original)
+++ incubator/tuscany/java/sca/modules/binding-ejb/src/main/java/org/apache/tuscany/sca/binding/ejb/util/JavaReflectionAdapter.java Wed Mar 26 16:37:28 2008
@@ -60,6 +60,7 @@
*/
private JavaReflectionAdapter(final Class clazz) {
// Index the methods on the implementation class
+ // FIXME J2 Security - promote this to callers of this method
Method[] methods = AccessController.doPrivileged(new PrivilegedAction<Method[]>() {
public Method[] run() {
return clazz.getMethods();
Modified: incubator/tuscany/java/sca/modules/binding-sca/src/main/java/org/apache/tuscany/sca/binding/sca/SCABindingDefinitionsProvider.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/binding-sca/src/main/java/org/apache/tuscany/sca/binding/sca/SCABindingDefinitionsProvider.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/binding-sca/src/main/java/org/apache/tuscany/sca/binding/sca/SCABindingDefinitionsProvider.java (original)
+++ incubator/tuscany/java/sca/modules/binding-sca/src/main/java/org/apache/tuscany/sca/binding/sca/SCABindingDefinitionsProvider.java Wed Mar 26 16:37:28 2008
@@ -21,6 +21,8 @@
import java.net.URI;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.apache.tuscany.sca.contribution.processor.URLArtifactProcessor;
import org.apache.tuscany.sca.contribution.processor.URLArtifactProcessorExtensionPoint;
@@ -42,13 +44,19 @@
}
public SCADefinitions getSCADefinition() throws SCADefinitionsProviderException {
- URL defintionsFileUrl = getClass().getClassLoader().getResource(definitionsFile);
+ // Allow privileged access to load resource. Requires RuntimePermssion in security policy.
+ URL definitionsFileUrl = AccessController.doPrivileged(new PrivilegedAction<URL>() {
+ public URL run() {
+ return getClass().getClassLoader().getResource(definitionsFile);
+ }
+ });
+
Object scaDefn = null;
try {
URI uri = new URI(definitionsFile);
return (SCADefinitions)urlArtifactProcessor.read(null,
uri,
- defintionsFileUrl);
+ definitionsFileUrl);
} catch ( Exception e ) {
throw new SCADefinitionsProviderException(e);
}
Modified: incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/processor/impl/FolderContributionProcessor.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/processor/impl/FolderContributionProcessor.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/processor/impl/FolderContributionProcessor.java (original)
+++ incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/processor/impl/FolderContributionProcessor.java Wed Mar 26 16:37:28 2008
@@ -26,6 +26,8 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.List;
@@ -56,20 +58,50 @@
* @param root
* @throws IOException
*/
- private static void traverse(List<URI> fileList, File file, File root) throws IOException {
- if (file.isFile()) {
- fileList.add(root.toURI().relativize(file.toURI()));
- } else if (file.isDirectory()) {
- String uri = root.toURI().relativize(file.toURI()).toString();
- if (uri.endsWith("/")) {
- uri = uri.substring(0, uri.length() - 1);
+ private static void traverse(List<URI> fileList, final File file, final File root) throws IOException {
+ // Allow privileged access to test file. Requires FilePermissions in security policy file.
+ Boolean isFile = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+ public Boolean run() {
+ return file.isFile();
}
- fileList.add(URI.create(uri));
-
- File[] files = file.listFiles();
- for (File f: files) {
- if (!f.getName().startsWith(".")) {
- traverse(fileList, f, root);
+ });
+ if (isFile) {
+ fileList.add(AccessController.doPrivileged(new PrivilegedAction<URI>() {
+ public URI run() {
+ return root.toURI().relativize(file.toURI());
+ }
+ }));
+ } else {
+ // Allow privileged access to test file. Requires FilePermissions in security policy
+ // file.
+ Boolean isDirectory = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+ public Boolean run() {
+ return file.isDirectory();
+ }
+ });
+ if (isDirectory) {
+ String uri = AccessController.doPrivileged(new PrivilegedAction<URI>() {
+ public URI run() {
+ return root.toURI().relativize(file.toURI());
+ }
+ }).toString();
+
+ if (uri.endsWith("/")) {
+ uri = uri.substring(0, uri.length() - 1);
+ }
+ fileList.add(URI.create(uri));
+
+ // Allow privileged access to list files. Requires FilePermission in security
+ // policy.
+ File[] files = AccessController.doPrivileged(new PrivilegedAction<File[]>() {
+ public File[] run() {
+ return file.listFiles();
+ }
+ });
+ for (File f : files) {
+ if (!f.getName().startsWith(".")) {
+ traverse(fileList, f, root);
+ }
}
}
}
@@ -87,16 +119,31 @@
List<URI> artifacts = new ArrayList<URI>();
- // Assume the root is a jar file
- File rootFolder;
-
try {
- rootFolder = new File(packageSourceURL.toURI());
- if (rootFolder.isDirectory()) {
- if (!rootFolder.exists()) {
+ // Assume the root is a jar file
+ final File rootFolder = new File(packageSourceURL.toURI());
+ // Allow privileged access to test file. Requires FilePermissions in security policy
+ // file.
+ Boolean isDirectory = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+ public Boolean run() {
+ return rootFolder.isDirectory();
+ }
+ });
+ if (isDirectory) {
+ // Allow privileged access to test file. Requires FilePermissions in security policy
+ // file.
+ Boolean folderExists = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+ public Boolean run() {
+ return rootFolder.exists();
+ }
+ });
+ if (!folderExists) {
throw new ContributionReadException(rootFolder.getAbsolutePath());
}
+ // Security consideration. This method gathers URIs of enclosed
+ // artifacts. The URIs are protected by the policy when a user
+ // yries to open those URLs.
traverse(artifacts, rootFolder, rootFolder);
}
Modified: incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/ContributionRepositoryImpl.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/ContributionRepositoryImpl.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/ContributionRepositoryImpl.java (original)
+++ incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/ContributionRepositoryImpl.java Wed Mar 26 16:37:28 2008
@@ -36,6 +36,8 @@
import java.net.URLConnection;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
@@ -86,10 +88,41 @@
}
});
}
- this.rootFile = new File(root);
- this.domain = rootFile.toURI();
- FileHelper.forceMkdir(rootFile);
- if (!rootFile.exists() || !rootFile.isDirectory() || !rootFile.canRead()) {
+
+ // Allow privileged access to File. Requires FilePermission in security policy file.
+ final String finalRoot = root;
+ this.rootFile = AccessController.doPrivileged(new PrivilegedAction<File>() {
+ public File run() {
+ return new File(finalRoot);
+ }
+ });
+
+ // Allow privileged access to File. Requires FilePermission in security policy file.
+ this.domain = AccessController.doPrivileged(new PrivilegedAction<URI>() {
+ public URI run() {
+ return rootFile.toURI();
+ }
+ });
+
+ // Allow privileged access to mkdir. Requires FilePermission in security policy file.
+ try {
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+ public Object run() throws IOException {
+ FileHelper.forceMkdir(rootFile);
+ return null;
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (IOException)e.getException();
+ }
+
+ // Allow privileged access to test file. Requires FilePermissions in security policy file.
+ Boolean notDirectory = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+ public Boolean run() {
+ return (!rootFile.exists() || !rootFile.isDirectory() || !rootFile.canRead());
+ }
+ });
+ if (notDirectory) {
throw new IOException("The root is not a directory: " + repository);
}
this.factory = factory;
Modified: incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/ContributionServiceImpl.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/ContributionServiceImpl.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/ContributionServiceImpl.java (original)
+++ incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/ContributionServiceImpl.java Wed Mar 26 16:37:28 2008
@@ -25,6 +25,10 @@
import java.net.URL;
import java.net.URLClassLoader;
import java.net.URLConnection;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.List;
@@ -231,9 +235,13 @@
ContributionMetadataDocumentProcessor metadataDocumentProcessor =
new ContributionMetadataDocumentProcessor(staxProcessor, xmlFactory);
- URL[] urls = {sourceURL};
- URLClassLoader cl = new URLClassLoader(urls, null);
-
+ final URL[] urls = {sourceURL};
+ // Allow access to create classloader. Requires RuntimePermission in security policy.
+ URLClassLoader cl = AccessController.doPrivileged(new PrivilegedAction<URLClassLoader>() {
+ public URLClassLoader run() {
+ return new URLClassLoader(urls, null);
+ }
+ });
for (String path: new String[]{
Contribution.SCA_CONTRIBUTION_GENERATED_META,
Contribution.SCA_CONTRIBUTION_META}) {
@@ -321,7 +329,18 @@
if (storeInRepository || contributionStream == null) {
URLConnection connection = sourceURL.openConnection();
connection.setUseCaches(false);
- contributionStream = connection.getInputStream();
+ // Allow access to open URL stream. Add FilePermission to added to security policy file.
+ final URLConnection finalConnection = connection;
+ try {
+ contributionStream = AccessController.doPrivileged(new PrivilegedExceptionAction<InputStream>() {
+ public InputStream run() throws IOException {
+ return finalConnection.getInputStream();
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (IOException)e.getException();
+ }
+
try {
// process the contribution
contributionArtifacts = this.packageProcessor.getArtifacts(locationURL, contributionStream);
@@ -336,6 +355,8 @@
// Read all artifacts in the contribution
try {
+ // Allow access to read system properties. Requires PropertyPermission in security policy.
+ // Any security exceptions are caught and wrapped as ContributionException.
processReadPhase(contribution, contributionArtifacts);
} catch ( Exception e ) {
throw new ContributionException(e);
Modified: incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/PackageTypeDescriberImpl.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/PackageTypeDescriberImpl.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/PackageTypeDescriberImpl.java (original)
+++ incubator/tuscany/java/sca/modules/contribution-impl/src/main/java/org/apache/tuscany/sca/contribution/service/impl/PackageTypeDescriberImpl.java Wed Mar 26 16:37:28 2008
@@ -19,9 +19,12 @@
package org.apache.tuscany.sca.contribution.service.impl;
+import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.net.URLConnection;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
@@ -31,7 +34,7 @@
/**
* Implementation of the content describer for contribution packages
- *
+ *
* @version $Rev$ $Date$
*/
public class PackageTypeDescriberImpl implements TypeDescriber {
@@ -59,10 +62,9 @@
}
/**
- * Build contentType for a specific resource. We first check if the file is
- * a supported one (looking into our registry based on resource extension)
- * If not found, we try to check file contentType Or we return
- * defaultContentType provided
+ * Build contentType for a specific resource. We first check if the file is a supported one
+ * (looking into our registry based on resource extension) If not found, we try to check file
+ * contentType Or we return defaultContentType provided
*
* @param resourceURL The artifact URL
* @param defaultContentType The default content type if we can't find the correct one
@@ -71,11 +73,25 @@
public String getType(URL resourceURL, String defaultContentType) {
URLConnection connection = null;
String contentType = defaultContentType;
+ final String urlProtocol = resourceURL.getProtocol();
- if (resourceURL.getProtocol().equals("file") && FileHelper.toFile(resourceURL).isDirectory()) {
- // Special case : contribution is a folder
- contentType = PackageType.FOLDER;
- } else if (resourceURL.getProtocol().equals("bundle")||resourceURL.getProtocol().equals("bundleresource")) {
+ if (urlProtocol.equals("file")) {
+ final File fileOrDir = FileHelper.toFile(resourceURL);
+ // Allow privileged access to test file. Requires FilePermissions in security policy.
+ Boolean isDirectory = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+ public Boolean run() {
+ return fileOrDir.isDirectory();
+ }
+ });
+ if (isDirectory) {
+ // Special case : contribution is a folder
+ contentType = PackageType.FOLDER;
+ }
+ String fileName = resourceURL.toString();
+ String fileExt = fileName.substring(fileName.lastIndexOf('.')+1, fileName.length());
+ if ( fileExt.equalsIgnoreCase( "JAR" ) )
+ return PackageType.JAR;
+ } else if (urlProtocol.equals("bundle") || urlProtocol.equals("bundleresource")) {
contentType = PackageType.BUNDLE;
} else {
contentType = resolveContentyTypeByExtension(resourceURL);
@@ -84,9 +100,10 @@
connection = resourceURL.openConnection();
connection.setUseCaches(false);
contentType = connection.getContentType();
-
+
if (contentType == null || contentType.equals("content/unknown")) {
- // here we couldn't figure out from our registry or from URL and it's not a special file
+ // here we couldn't figure out from our registry or from URL and it's not a
+ // special file
// return defaultContentType if provided
contentType = defaultContentType;
}
Modified: incubator/tuscany/java/sca/modules/contribution-java/src/main/java/org/apache/tuscany/sca/contribution/java/impl/ClassReferenceModelResolver.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/contribution-java/src/main/java/org/apache/tuscany/sca/contribution/java/impl/ClassReferenceModelResolver.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/contribution-java/src/main/java/org/apache/tuscany/sca/contribution/java/impl/ClassReferenceModelResolver.java (original)
+++ incubator/tuscany/java/sca/modules/contribution-java/src/main/java/org/apache/tuscany/sca/contribution/java/impl/ClassReferenceModelResolver.java Wed Mar 26 16:37:28 2008
@@ -21,6 +21,8 @@
import java.lang.ref.WeakReference;
import java.lang.reflect.Constructor;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
@@ -44,11 +46,16 @@
public ClassReferenceModelResolver(Contribution contribution, ModelFactoryExtensionPoint modelFactories) {
this.contribution = contribution;
if (this.contribution != null) {
- ClassLoader cl = contribution.getClassLoader();
- if (contribution.getClassLoader() == null) {
- cl = new ContributionClassLoader(contribution, null);
+ ClassLoader cl = contribution.getClassLoader();
+ if (contribution.getClassLoader() == null) {
+ ClassLoader contextClassLoader = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ cl = new ContributionClassLoader(contribution, contextClassLoader);
contribution.setClassLoader(cl);
- }
+ }
this.classLoader = new WeakReference<ClassLoader>(cl);
} else {
// This path should be used only for unit testing.
Modified: incubator/tuscany/java/sca/modules/contribution-java/src/main/java/org/apache/tuscany/sca/contribution/java/impl/ContributionClassLoader.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/contribution-java/src/main/java/org/apache/tuscany/sca/contribution/java/impl/ContributionClassLoader.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/contribution-java/src/main/java/org/apache/tuscany/sca/contribution/java/impl/ContributionClassLoader.java (original)
+++ incubator/tuscany/java/sca/modules/contribution-java/src/main/java/org/apache/tuscany/sca/contribution/java/impl/ContributionClassLoader.java Wed Mar 26 16:37:28 2008
@@ -23,6 +23,8 @@
import java.net.MalformedURLException;
import java.net.URL;
import java.net.URLClassLoader;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
@@ -47,12 +49,9 @@
* @throws MalformedURLException
*/
public ContributionClassLoader(Contribution contribution, ClassLoader parent) {
-
- // To enable contributions to access code outside of SCA contributions
- // (typically by providing them on CLASSPATH), use the thread context
- // ClassLoader as the parent of all contribution ClassLoaders.
-
- super(new URL[0], parent == null?Thread.currentThread().getContextClassLoader(): null);
+ super(new URL[0], parent);
+ // Note that privileged use of getContextClassLoader have been promoted to callers.
+ // super(new URL[0], parent == null?Thread.currentThread().getContextClassLoader(): null);
this.contribution = contribution;
if (contribution.getLocation() != null) {
try {
@@ -64,14 +63,29 @@
}
/*
+ * @return the context ClassLoader of the current thread.
+ */
+ protected static ClassLoader getContextClassLoader() {
+ ClassLoader contextClassLoader = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ return contextClassLoader;
+ }
+
+ /*
* Return the ClassLoader corresponding to a contribution providing an export
* Create a new ClassLoader for the contribution if one does not exist
*/
private ClassLoader getExportClassLoader(Contribution exportingContribution) {
ClassLoader cl = exportingContribution.getClassLoader();
if (!(cl instanceof ContributionClassLoader)) {
-
- cl = new ContributionClassLoader(exportingContribution, cl);
+ if (cl == null) {
+ cl = getContextClassLoader();
+ }
+
+ cl = new ContributionClassLoader(exportingContribution, cl);
exportingContribution.setClassLoader(cl);
}
return cl;
Modified: incubator/tuscany/java/sca/modules/contribution-java/src/test/java/org/apache/tuscany/sca/contribution/java/impl/ContributionClassLoaderTestCase.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/contribution-java/src/test/java/org/apache/tuscany/sca/contribution/java/impl/ContributionClassLoaderTestCase.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/contribution-java/src/test/java/org/apache/tuscany/sca/contribution/java/impl/ContributionClassLoaderTestCase.java (original)
+++ incubator/tuscany/java/sca/modules/contribution-java/src/test/java/org/apache/tuscany/sca/contribution/java/impl/ContributionClassLoaderTestCase.java Wed Mar 26 16:37:28 2008
@@ -22,6 +22,8 @@
import java.io.File;
import java.net.MalformedURLException;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import org.apache.tuscany.sca.contribution.Contribution;
@@ -57,11 +59,15 @@
}
private Contribution createContribution(String fileName) throws MalformedURLException {
-
Contribution contrib = contributionFactory.createContribution();
File contribDir = new File(fileName);
contrib.setLocation(contribDir.toURI().toURL().toString());
- contrib.setClassLoader(new ContributionClassLoader(contrib, null));
+ ClassLoader contextClassLoader = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() {
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ contrib.setClassLoader(new ContributionClassLoader(contrib, contextClassLoader));
return contrib;
}
Modified: incubator/tuscany/java/sca/modules/contribution/src/main/java/org/apache/tuscany/sca/contribution/processor/DefaultValidatingXMLInputFactory.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/contribution/src/main/java/org/apache/tuscany/sca/contribution/processor/DefaultValidatingXMLInputFactory.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/contribution/src/main/java/org/apache/tuscany/sca/contribution/processor/DefaultValidatingXMLInputFactory.java (original)
+++ incubator/tuscany/java/sca/modules/contribution/src/main/java/org/apache/tuscany/sca/contribution/processor/DefaultValidatingXMLInputFactory.java Wed Mar 26 16:37:28 2008
@@ -19,9 +19,14 @@
package org.apache.tuscany.sca.contribution.processor;
+import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.net.URLConnection;
import java.util.List;
@@ -40,6 +45,7 @@
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
+import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
/**
@@ -80,20 +86,42 @@
try {
List<String> uris = schemas.getSchemas();
int n = uris.size();
- Source[] sources = new Source[n];
+ final Source[] sources = new Source[n];
for (int i =0; i < n; i++) {
- String uri = uris.get(i);
- URLConnection connection = new URL(uri).openConnection();
- connection.setUseCaches(false);
- sources[i] = new StreamSource(connection.getInputStream(), uri);
+ final String uri = uris.get(i);
+ // Allow privileged access to open URL stream. Requires FilePermission in security policy.
+ final URL url = new URL( uri );
+ InputStream urlStream;
+ try {
+ urlStream = AccessController.doPrivileged(new PrivilegedExceptionAction<InputStream>() {
+ public InputStream run() throws IOException {
+ URLConnection connection = url.openConnection();
+ connection.setUseCaches(false);
+ return connection.getInputStream();
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (IOException)e.getException();
+ }
+ sources[i] = new StreamSource(urlStream, uri);
}
// Create an aggregated validation schemas from all the XSDs
- SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
- aggregatedSchema= schemaFactory.newSchema(sources);
-
+ final SchemaFactory schemaFactory = SchemaFactory.newInstance(XMLConstants.W3C_XML_SCHEMA_NS_URI);
+ // Allow privileged access to check files. Requires FilePermission
+ // in security policy.
+ try {
+ aggregatedSchema = AccessController.doPrivileged(new PrivilegedExceptionAction<Schema>() {
+ public Schema run() throws SAXException {
+ return schemaFactory.newSchema(sources);
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (SAXException)e.getException();
+ }
+
} catch (Error e) {
- //FIXME Log this, some old JDKs don't support XMLSchema validation
+ // FIXME Log this, some old JDKs don't support XMLSchema validation
//e.printStackTrace();
} catch (SAXParseException e) {
throw new IllegalStateException(e);
Modified: incubator/tuscany/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/conversation/ConversationManagerImpl.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/conversation/ConversationManagerImpl.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/conversation/ConversationManagerImpl.java (original)
+++ incubator/tuscany/java/sca/modules/core/src/main/java/org/apache/tuscany/sca/core/conversation/ConversationManagerImpl.java Wed Mar 26 16:37:28 2008
@@ -19,6 +19,8 @@
package org.apache.tuscany.sca.core.conversation;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -70,8 +72,13 @@
long mit = DEFAULT_MAX_IDLE_TIME;
long ma = DEFAULT_MAX_AGE;
- String aProperty;
- aProperty = System.getProperty("org.apache.tuscany.sca.core.scope.ConversationalScopeContainer.MaxIdleTime");
+ // Allow privileged access to read system property. Requires PropertyPermission in security
+ // policy.
+ String aProperty = AccessController.doPrivileged(new PrivilegedAction<String>() {
+ public String run() {
+ return System.getProperty("org.apache.tuscany.sca.core.scope.ConversationalScopeContainer.MaxIdleTime");
+ }
+ });
if (aProperty != null) {
try {
mit = (new Long(aProperty) * 1000);
@@ -80,7 +87,13 @@
}
}
- aProperty = System.getProperty("org.apache.tuscany.sca.core.scope.ConversationalScopeContainer.MaxAge");
+ // Allow privileged access to read system property. Requires PropertyPermission in security
+ // policy.
+ aProperty = AccessController.doPrivileged(new PrivilegedAction<String>() {
+ public String run() {
+ return System.getProperty("org.apache.tuscany.sca.core.scope.ConversationalScopeContainer.MaxAge");
+ }
+ });
if (aProperty != null) {
try {
ma = (new Long(aProperty) * 1000);
Modified: incubator/tuscany/java/sca/modules/definitions-xml/src/main/java/org/apache/tuscany/sca/definitions/xml/SCADefinitionsDocumentProcessor.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/definitions-xml/src/main/java/org/apache/tuscany/sca/definitions/xml/SCADefinitionsDocumentProcessor.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/definitions-xml/src/main/java/org/apache/tuscany/sca/definitions/xml/SCADefinitionsDocumentProcessor.java (original)
+++ incubator/tuscany/java/sca/modules/definitions-xml/src/main/java/org/apache/tuscany/sca/definitions/xml/SCADefinitionsDocumentProcessor.java Wed Mar 26 16:37:28 2008
@@ -23,6 +23,9 @@
import java.io.InputStream;
import java.net.URI;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.net.URLConnection;
import javax.xml.namespace.QName;
@@ -94,12 +97,23 @@
}
- public SCADefinitions read(URL contributionURL, URI uri, URL url) throws ContributionReadException {
+ public SCADefinitions read(URL contributionURL, final URI uri, final URL url) throws ContributionReadException {
InputStream urlStream = null;
- try {
- URLConnection connection = url.openConnection();
- connection.setUseCaches(false);
- urlStream = connection.getInputStream();
+ try {
+ // Allow privileged access to open URL stream. Add FilePermission to added to security
+ // policy file.
+ try {
+ urlStream = AccessController.doPrivileged(new PrivilegedExceptionAction<InputStream>() {
+ public InputStream run() throws IOException {
+ URLConnection connection = url.openConnection();
+ connection.setUseCaches(false);
+ return connection.getInputStream();
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (IOException)e.getException();
+ }
+
//urlStream = createInputStream(url);
XMLStreamReader reader = inputFactory.createXMLStreamReader(url.toString(), urlStream);
Modified: incubator/tuscany/java/sca/modules/extensibility/src/main/java/org/apache/tuscany/sca/extensibility/ServiceDiscovery.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/extensibility/src/main/java/org/apache/tuscany/sca/extensibility/ServiceDiscovery.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/extensibility/src/main/java/org/apache/tuscany/sca/extensibility/ServiceDiscovery.java (original)
+++ incubator/tuscany/java/sca/modules/extensibility/src/main/java/org/apache/tuscany/sca/extensibility/ServiceDiscovery.java Wed Mar 26 16:37:28 2008
@@ -24,6 +24,10 @@
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
@@ -136,19 +140,32 @@
* @return Table of URLs with associated ClassLoaders
* @throws IOException
*/
- public Hashtable<ClassLoader, Set<URL>> getServiceResources(String name) throws IOException {
+ public Hashtable<ClassLoader, Set<URL>> getServiceResources(final String name) throws IOException {
Hashtable<ClassLoader, Set<URL>> resourceTable = new Hashtable<ClassLoader, Set<URL>>();
HashSet<URL> allURLs = new HashSet<URL>();
- for (ClassLoader classLoader : registeredClassLoaders) {
+ for (final ClassLoader classLoader : registeredClassLoaders) {
HashSet<URL> urls = new HashSet<URL>();
resourceTable.put(classLoader, urls);
boolean debug = logger.isLoggable(Level.FINE);
if (debug) {
logger.fine("Discovering service resources using class loader " + classLoader);
}
- for (URL url : Collections.list(classLoader.getResources("META-INF/services/" + name))) {
+ // Allow privileged access to read META-INF/services/*. Add FilePermission to added to security policy file.
+ ArrayList<URL> urlList;
+ try {
+ // FIXME J2 Security - promote this to callers of this method
+ urlList = AccessController.doPrivileged(new PrivilegedExceptionAction<ArrayList<URL>>() {
+ public ArrayList<URL> run() throws IOException {
+ return Collections.list(classLoader.getResources("META-INF/services/" + name));
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (IOException)e.getException();
+ }
+
+ for (URL url : urlList) {
if (allURLs.contains(url))
continue;
urls.add(url);
@@ -202,8 +219,8 @@
* service class
* @throws IOException
*/
- private void getServiceClasses(ClassLoader classLoader,
- String name,
+ private void getServiceClasses(final ClassLoader classLoader,
+ final String name,
Set<ServiceDeclaration> classSet,
boolean findAllClasses) throws IOException {
@@ -211,11 +228,36 @@
if (debug) {
logger.fine("Discovering service providers using class loader " + classLoader);
}
- for (URL url : Collections.list(classLoader.getResources("META-INF/services/" + name))) {
+ // Allow privileged access to read META-INF/services/*. Add FilePermission to added to
+ // security policy file.
+ ArrayList<URL> urlList;
+ try {
+ urlList = AccessController.doPrivileged(new PrivilegedExceptionAction<ArrayList<URL>>() {
+ public ArrayList<URL> run() throws IOException {
+ return Collections.list(classLoader.getResources("META-INF/services/" + name));
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (IOException)e.getException();
+ }
+
+ for (final URL url : urlList) {
if (debug) {
logger.fine("Reading service provider file: " + url.toExternalForm());
}
- InputStream is = url.openStream();
+
+ // Allow privileged access to open URL stream. Add FilePermission to added to security
+ // policy file.
+ InputStream is;
+ try {
+ is = AccessController.doPrivileged(new PrivilegedExceptionAction<InputStream>() {
+ public InputStream run() throws IOException {
+ return url.openStream();
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (IOException)e.getException();
+ }
BufferedReader reader = null;
try {
reader = new BufferedReader(new InputStreamReader(is));
Modified: incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/SCADomain.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/SCADomain.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/SCADomain.java (original)
+++ incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/SCADomain.java Wed Mar 26 16:37:28 2008
@@ -1,5 +1,4 @@
/*
- * Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
@@ -24,8 +23,13 @@
import java.io.InputStream;
import java.io.InputStreamReader;
import java.lang.reflect.Constructor;
+import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+import java.util.ArrayList;
+import java.util.Collections;
import org.apache.tuscany.sca.host.embedded.impl.DefaultSCADomain;
import org.apache.tuscany.sca.host.embedded.management.ComponentManager;
@@ -164,8 +168,19 @@
* @return A class name which extends/implements the service class
* @throws IOException
*/
- private static String getServiceName(ClassLoader classLoader, String name) throws IOException {
- InputStream is = classLoader.getResourceAsStream("META-INF/services/" + name);
+ private static String getServiceName(final ClassLoader classLoader, final String name) throws IOException {
+ InputStream is;
+ // Allow privileged access to open stream. Requires FilePermission in security policy.
+ try {
+ is = AccessController.doPrivileged(new PrivilegedExceptionAction<InputStream>() {
+ public InputStream run() throws IOException {
+ return classLoader.getResourceAsStream("META-INF/services/" + name);
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (IOException)e.getException();
+ }
+
if (is == null) {
return null;
}
Modified: incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/DefaultSCADomain.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/DefaultSCADomain.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/DefaultSCADomain.java (original)
+++ incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/DefaultSCADomain.java Wed Mar 26 16:37:28 2008
@@ -26,6 +26,10 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
@@ -137,13 +141,26 @@
try {
String scheme = contributionURL.toURI().getScheme();
if (scheme == null || scheme.equalsIgnoreCase("file")) {
- File contributionFile = new File(contributionURL.toURI());
- if (contributionFile.isDirectory()) {
- String[] contributions = contributionFile.list(new FilenameFilter() {
- public boolean accept(File dir, String name) {
- return name.endsWith(".jar");
+ final File contributionFile = new File(contributionURL.toURI());
+ // Allow privileged access to test file. Requires FilePermission in security policy.
+ Boolean isDirectory = AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+ public Boolean run() {
+ return contributionFile.isDirectory();
+ }
+ });
+ if (isDirectory) {
+ // Allow privileged access to create file list. Requires FilePermission in
+ // security policy.
+ String[] contributions = AccessController.doPrivileged(new PrivilegedAction<String[]>() {
+ public String[] run() {
+ return contributionFile.list(new FilenameFilter() {
+ public boolean accept(File dir, String name) {
+ return name.endsWith(".jar");
+ }
+ });
}
- });
+ });
+
if (contributions != null && contributions.length > 0 && contributions.length == contributionFile.list().length) {
for (String contribution : contributions) {
addContribution(contributionService, new File(contributionFile, contribution).toURI().toURL());
@@ -383,9 +400,20 @@
if ("file".equals(protocol)) {
// directory contribution
if (url.endsWith(contributionArtifactPath)) {
- String location = url.substring(0, url.lastIndexOf(contributionArtifactPath));
+ final String location = url.substring(0, url.lastIndexOf(contributionArtifactPath));
// workaround from evil URL/URI form Maven
- contributionURL = FileHelper.toFile(new URL(location)).toURI().toURL();
+ // contributionURL = FileHelper.toFile(new URL(location)).toURI().toURL();
+ // Allow privileged access to open URL stream. Add FilePermission to added to
+ // security policy file.
+ try {
+ contributionURL = AccessController.doPrivileged(new PrivilegedExceptionAction<URL>() {
+ public URL run() throws IOException {
+ return FileHelper.toFile(new URL(location)).toURI().toURL();
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (MalformedURLException)e.getException();
+ }
}
} else if ("jar".equals(protocol)) {
Modified: incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/ReallySmallRuntimeBuilder.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/ReallySmallRuntimeBuilder.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/ReallySmallRuntimeBuilder.java (original)
+++ incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/ReallySmallRuntimeBuilder.java Wed Mar 26 16:37:28 2008
@@ -20,6 +20,9 @@
package org.apache.tuscany.sca.host.embedded.impl;
import java.io.IOException;
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.List;
import javax.xml.stream.XMLInputFactory;
@@ -171,11 +174,23 @@
throws ActivationException {
// Create a new XML input factory
- XMLInputFactory inputFactory = XMLInputFactory.newInstance();
-
+ // Allow privileged access to factory. Requires RuntimePermission in security policy file.
+ XMLInputFactory inputFactory = AccessController.doPrivileged(new PrivilegedAction<XMLInputFactory>() {
+ public XMLInputFactory run() {
+ return XMLInputFactory.newInstance();
+ }
+ });
+
// Create a validation XML schema extension point
ValidationSchemaExtensionPoint schemas = registry.getExtensionPoint(ValidationSchemaExtensionPoint.class);
- schemas.addSchema(ReallySmallRuntimeBuilder.class.getClassLoader().getResource("tuscany-sca.xsd").toString());
+
+ // Allow privileged access to load resource. Requires RuntimePermssion in security policy.
+ URL schemaURL = AccessController.doPrivileged(new PrivilegedAction<URL>() {
+ public URL run() {
+ return ReallySmallRuntimeBuilder.class.getClassLoader().getResource("tuscany-sca.xsd");
+ }
+ });
+ schemas.addSchema(schemaURL.toString());
// Create a validating XML input factory
XMLInputFactory validatingInputFactory = new DefaultValidatingXMLInputFactory(inputFactory, schemas);
@@ -185,8 +200,14 @@
registry.getExtensionPoint(StAXArtifactProcessorExtensionPoint.class);
// Create and register StAX processors for SCA assembly XML
+ // Allow privileged access to factory. Requires RuntimePermission in security policy file.
+ XMLOutputFactory outputFactory = AccessController.doPrivileged(new PrivilegedAction<XMLOutputFactory>() {
+ public XMLOutputFactory run() {
+ return XMLOutputFactory.newInstance();
+ }
+ });
ExtensibleStAXArtifactProcessor staxProcessor =
- new ExtensibleStAXArtifactProcessor(staxProcessors, inputFactory, XMLOutputFactory.newInstance());
+ new ExtensibleStAXArtifactProcessor(staxProcessors, inputFactory, outputFactory);
staxProcessors.addArtifactProcessor(new CompositeProcessor(contributionFactory, assemblyFactory, policyFactory, staxProcessor));
staxProcessors.addArtifactProcessor(new ComponentTypeProcessor(assemblyFactory, policyFactory, staxProcessor));
staxProcessors
Modified: incubator/tuscany/java/sca/modules/implementation-java-runtime/src/main/java/org/apache/tuscany/sca/implementation/java/injection/MethodInjector.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/implementation-java-runtime/src/main/java/org/apache/tuscany/sca/implementation/java/injection/MethodInjector.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/implementation-java-runtime/src/main/java/org/apache/tuscany/sca/implementation/java/injection/MethodInjector.java (original)
+++ incubator/tuscany/java/sca/modules/implementation-java-runtime/src/main/java/org/apache/tuscany/sca/implementation/java/injection/MethodInjector.java Wed Mar 26 16:37:28 2008
@@ -20,6 +20,8 @@
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.apache.tuscany.sca.core.factory.ObjectCreationException;
import org.apache.tuscany.sca.core.factory.ObjectFactory;
@@ -33,11 +35,18 @@
private final Method method;
private final ObjectFactory<?> objectFactory;
- public MethodInjector(Method method, ObjectFactory<?> objectFactory) {
- assert method != null;
+ public MethodInjector(Method aMethod, ObjectFactory<?> objectFactory) {
+ assert aMethod != null;
assert objectFactory != null;
- this.method = method;
- this.method.setAccessible(true);
+ this.method = aMethod;
+ // Allow privileged access to set accessibility. Requires ReflectPermission in security
+ // policy.
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Object run() {
+ method.setAccessible(true);
+ return null;
+ }
+ });
this.objectFactory = objectFactory;
}
Modified: incubator/tuscany/java/sca/modules/implementation-java/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JavaIntrospectionHelper.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/implementation-java/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JavaIntrospectionHelper.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/implementation-java/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JavaIntrospectionHelper.java (original)
+++ incubator/tuscany/java/sca/modules/implementation-java/src/main/java/org/apache/tuscany/sca/implementation/java/introspect/impl/JavaIntrospectionHelper.java Wed Mar 26 16:37:28 2008
@@ -30,6 +30,8 @@
import java.lang.reflect.Type;
import java.lang.reflect.TypeVariable;
import java.lang.reflect.WildcardType;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
@@ -117,7 +119,7 @@
}
// we first evaluate methods of the subclass and then move to the parent
Method[] declaredMethods = pClass.getDeclaredMethods();
- for (Method declaredMethod : declaredMethods) {
+ for (final Method declaredMethod : declaredMethods) {
int modifiers = declaredMethod.getModifiers();
if ((!Modifier.isPublic(modifiers) && !Modifier.isProtected(modifiers)) || Modifier.isStatic(modifiers)) {
if (validating) {
@@ -139,8 +141,14 @@
}
}
if (!matched) {
- // TODO ignore Java accessibility
- declaredMethod.setAccessible(true);
+ // Allow privileged access to set accessibility. Requires ReflectPermission
+ // in security policy.
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Object run() {
+ declaredMethod.setAccessible(true);
+ return null;
+ }
+ });
temp.add(declaredMethod);
}
methods.addAll(temp);
Modified: incubator/tuscany/java/sca/modules/policy-logging/src/main/java/org/apache/tuscany/sca/policy/logging/LoggingPolicyDefinitionsProvider.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/policy-logging/src/main/java/org/apache/tuscany/sca/policy/logging/LoggingPolicyDefinitionsProvider.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/policy-logging/src/main/java/org/apache/tuscany/sca/policy/logging/LoggingPolicyDefinitionsProvider.java (original)
+++ incubator/tuscany/java/sca/modules/policy-logging/src/main/java/org/apache/tuscany/sca/policy/logging/LoggingPolicyDefinitionsProvider.java Wed Mar 26 16:37:28 2008
@@ -21,6 +21,8 @@
import java.net.URI;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.apache.tuscany.sca.contribution.processor.URLArtifactProcessor;
import org.apache.tuscany.sca.contribution.processor.URLArtifactProcessorExtensionPoint;
@@ -42,13 +44,19 @@
}
public SCADefinitions getSCADefinition() throws SCADefinitionsProviderException {
- URL defintionsFileUrl = getClass().getClassLoader().getResource(definitionsFile);
+ // Allow privileged access to load resource. Requires RuntimePermssion in security policy.
+ URL definitionsFileUrl = AccessController.doPrivileged(new PrivilegedAction<URL>() {
+ public URL run() {
+ return getClass().getClassLoader().getResource(definitionsFile);
+ }
+ });
+
Object scaDefn = null;
try {
URI uri = new URI(definitionsFile);
return (SCADefinitions)urlArtifactProcessor.read(null,
uri,
- defintionsFileUrl);
+ definitionsFileUrl);
} catch ( Exception e ) {
throw new SCADefinitionsProviderException(e);
}
Modified: incubator/tuscany/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java (original)
+++ incubator/tuscany/java/sca/modules/policy-security/src/main/java/org/apache/tuscany/sca/policy/security/SecurityPolicyDefinitionsProvider.java Wed Mar 26 16:37:28 2008
@@ -21,6 +21,8 @@
import java.net.URI;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import org.apache.tuscany.sca.contribution.processor.URLArtifactProcessor;
import org.apache.tuscany.sca.contribution.processor.URLArtifactProcessorExtensionPoint;
@@ -42,13 +44,19 @@
}
public SCADefinitions getSCADefinition() throws SCADefinitionsProviderException {
- URL defintionsFileUrl = getClass().getClassLoader().getResource(definitionsFile);
+ // Allow privileged access to load resource. Requires RuntimePermssion in security policy.
+ URL definitionsFileUrl = AccessController.doPrivileged(new PrivilegedAction<URL>() {
+ public URL run() {
+ return getClass().getClassLoader().getResource(definitionsFile);
+ }
+ });
+
Object scaDefn = null;
try {
URI uri = new URI(definitionsFile);
return (SCADefinitions)urlArtifactProcessor.read(null,
uri,
- defintionsFileUrl);
+ definitionsFileUrl);
} catch ( Exception e ) {
throw new SCADefinitionsProviderException(e);
}
Modified: incubator/tuscany/java/sca/modules/policy/src/main/java/org/apache/tuscany/sca/policy/util/PolicyComputationUtils.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/policy/src/main/java/org/apache/tuscany/sca/policy/util/PolicyComputationUtils.java?rev=641645&r1=641644&r2=641645&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/policy/src/main/java/org/apache/tuscany/sca/policy/util/PolicyComputationUtils.java (original)
+++ incubator/tuscany/java/sca/modules/policy/src/main/java/org/apache/tuscany/sca/policy/util/PolicyComputationUtils.java Wed Mar 26 16:37:28 2008
@@ -23,6 +23,10 @@
import java.io.StringWriter;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
@@ -111,11 +115,23 @@
}
StringWriter sw = new StringWriter();
- Source domSource = new DOMSource(doc);
- Result finalResult = new StreamResult(sw);
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ final Source domSource = new DOMSource(doc);
+ final Result finalResult = new StreamResult(sw);
+ final Transformer transformer = TransformerFactory.newInstance().newTransformer();
// transformer.setOutputProperty("omit-xml-declaration", "yes");
- transformer.transform(domSource, finalResult);
+ // Allow priviledged access to let transformers read property files. Requires
+ // PropertyPermission in security policy.
+ try {
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+ public Object run() throws TransformerException {
+ transformer.transform(domSource, finalResult);
+ return null;
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (TransformerException)e.getException();
+ }
+
return sw.toString().getBytes();
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tuscany-commits-unsubscribe@ws.apache.org
For additional commands, e-mail: tuscany-commits-help@ws.apache.org