You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by mu...@apache.org on 2014/10/23 16:42:17 UTC
svn commit: r1633823 - in
/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security:
./ algorithms/ c14n/ keys/keyresolver/ transforms/ utils/ utils/resolver/
Author: mullan
Date: Thu Oct 23 14:42:16 2014
New Revision: 1633823
URL: http://svn.apache.org/r1633823
Log:
Add permission check to static methods that allow callers to register implementations of algorithms and other features.
Modified:
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/Init.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/transforms/Transform.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/ElementProxy.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/JavaUtils.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/XMLUtils.java
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/Init.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/Init.java?rev=1633823&r1=1633822&r2=1633823&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/Init.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/Init.java Thu Oct 23 14:42:16 2014
@@ -21,6 +21,8 @@ package org.apache.xml.security;
import java.io.InputStream;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.List;
@@ -29,6 +31,7 @@ import javax.xml.parsers.DocumentBuilder
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.algorithms.SignatureAlgorithm;
import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.keyresolver.KeyResolver;
import org.apache.xml.security.transforms.Transform;
import org.apache.xml.security.utils.ElementProxy;
@@ -112,43 +115,50 @@ public class Init {
log.debug("Registering default algorithms");
}
try {
- //
- // Bind the default prefixes
- //
- ElementProxy.registerDefaultPrefixes();
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Void>(){
+ @Override public Void run() throws XMLSecurityException {
+ //
+ // Bind the default prefixes
+ //
+ ElementProxy.registerDefaultPrefixes();
- //
- // Set the default Transforms
- //
- Transform.registerDefaultAlgorithms();
+ //
+ // Set the default Transforms
+ //
+ Transform.registerDefaultAlgorithms();
- //
- // Set the default signature algorithms
- //
- SignatureAlgorithm.registerDefaultAlgorithms();
+ //
+ // Set the default signature algorithms
+ //
+ SignatureAlgorithm.registerDefaultAlgorithms();
- //
- // Set the default JCE algorithms
- //
- JCEMapper.registerDefaultAlgorithms();
+ //
+ // Set the default JCE algorithms
+ //
+ JCEMapper.registerDefaultAlgorithms();
- //
- // Set the default c14n algorithms
- //
- Canonicalizer.registerDefaultAlgorithms();
+ //
+ // Set the default c14n algorithms
+ //
+ Canonicalizer.registerDefaultAlgorithms();
- //
- // Register the default resolvers
- //
- ResourceResolver.registerDefaultResolvers();
+ //
+ // Register the default resolvers
+ //
+ ResourceResolver.registerDefaultResolvers();
- //
- // Register the default key resolvers
- //
- KeyResolver.registerDefaultResolvers();
- } catch (Exception ex) {
- log.error(ex);
- ex.printStackTrace();
+ //
+ // Register the default key resolvers
+ //
+ KeyResolver.registerDefaultResolvers();
+
+ return null;
+ }
+ });
+ } catch (PrivilegedActionException ex) {
+ XMLSecurityException xse = (XMLSecurityException)ex.getException();
+ log.error(xse);
+ xse.printStackTrace();
}
}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java?rev=1633823&r1=1633822&r2=1633823&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/JCEMapper.java Thu Oct 23 14:42:16 2014
@@ -23,6 +23,7 @@ import java.util.concurrent.ConcurrentHa
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.utils.JavaUtils;
import org.w3c.dom.Element;
@@ -45,8 +46,11 @@ public class JCEMapper {
*
* @param id
* @param algorithm
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the JCE algorithm
*/
public static void register(String id, Algorithm algorithm) {
+ JavaUtils.checkRegisterPermission();
algorithmsMap.put(id, algorithm);
}
@@ -311,8 +315,11 @@ public class JCEMapper {
/**
* Sets the default Provider for obtaining the security algorithms
* @param provider the default providerId.
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the JCE algorithm
*/
public static void setProviderId(String provider) {
+ JavaUtils.checkRegisterPermission();
providerName = provider;
}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java?rev=1633823&r1=1633822&r2=1633823&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/algorithms/SignatureAlgorithm.java Thu Oct 23 14:42:16 2014
@@ -34,6 +34,7 @@ import org.apache.xml.security.signature
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.utils.ClassLoaderUtils;
import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.JavaUtils;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -311,18 +312,21 @@ public class SignatureAlgorithm extends
}
/**
- * Registers implementing class of the Transform algorithm with algorithmURI
+ * Registers implementing class of the SignatureAlgorithm with algorithmURI
*
- * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
+ * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
* @param implementingClass <code>implementingClass</code> the implementing class of
* {@link SignatureAlgorithmSpi}
* @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
- * @throws XMLSignatureException
+ * @throws XMLSignatureException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the signature algorithm
*/
@SuppressWarnings("unchecked")
public static void register(String algorithmURI, String implementingClass)
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
XMLSignatureException {
+ JavaUtils.checkRegisterPermission();
if (log.isDebugEnabled()) {
log.debug("Try to register " + algorithmURI + " " + implementingClass);
}
@@ -347,17 +351,20 @@ public class SignatureAlgorithm extends
}
/**
- * Registers implementing class of the Transform algorithm with algorithmURI
+ * Registers implementing class of the SignatureAlgorithm with algorithmURI
*
- * @param algorithmURI algorithmURI URI representation of <code>Transform algorithm</code>.
+ * @param algorithmURI algorithmURI URI representation of <code>SignatureAlgorithm</code>.
* @param implementingClass <code>implementingClass</code> the implementing class of
* {@link SignatureAlgorithmSpi}
* @throws AlgorithmAlreadyRegisteredException if specified algorithmURI is already registered
- * @throws XMLSignatureException
+ * @throws XMLSignatureException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the signature algorithm
*/
public static void register(String algorithmURI, Class<? extends SignatureAlgorithmSpi> implementingClass)
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
XMLSignatureException {
+ JavaUtils.checkRegisterPermission();
if (log.isDebugEnabled()) {
log.debug("Try to register " + algorithmURI + " " + implementingClass);
}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java?rev=1633823&r1=1633822&r2=1633823&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java Thu Oct 23 14:42:16 2014
@@ -36,6 +36,7 @@ import org.apache.xml.security.c14n.impl
import org.apache.xml.security.c14n.implementations.CanonicalizerPhysical;
import org.apache.xml.security.exceptions.AlgorithmAlreadyRegisteredException;
import org.apache.xml.security.utils.ClassLoaderUtils;
+import org.apache.xml.security.utils.JavaUtils;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
@@ -139,10 +140,13 @@ public class Canonicalizer {
* @param algorithmURI
* @param implementingClass
* @throws AlgorithmAlreadyRegisteredException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the canonicalizer
*/
@SuppressWarnings("unchecked")
public static void register(String algorithmURI, String implementingClass)
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
+ JavaUtils.checkRegisterPermission();
// check whether URI is already registered
Class<? extends CanonicalizerSpi> registeredClass =
canonicalizerHash.get(algorithmURI);
@@ -164,9 +168,12 @@ public class Canonicalizer {
* @param algorithmURI
* @param implementingClass
* @throws AlgorithmAlreadyRegisteredException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the canonicalizer
*/
public static void register(String algorithmURI, Class<CanonicalizerSpi> implementingClass)
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException {
+ JavaUtils.checkRegisterPermission();
// check whether URI is already registered
Class<? extends CanonicalizerSpi> registeredClass = canonicalizerHash.get(algorithmURI);
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java?rev=1633823&r1=1633822&r2=1633823&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolver.java Thu Oct 23 14:42:16 2014
@@ -39,6 +39,7 @@ import org.apache.xml.security.keys.keyr
import org.apache.xml.security.keys.keyresolver.implementations.X509SubjectNameResolver;
import org.apache.xml.security.keys.storage.StorageResolver;
import org.apache.xml.security.utils.ClassLoaderUtils;
+import org.apache.xml.security.utils.JavaUtils;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -172,9 +173,12 @@ public class KeyResolver {
* @throws InstantiationException
* @throws IllegalAccessException
* @throws ClassNotFoundException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the key resolver
*/
public static void register(String className, boolean globalResolver)
throws ClassNotFoundException, IllegalAccessException, InstantiationException {
+ JavaUtils.checkRegisterPermission();
KeyResolverSpi keyResolverSpi =
(KeyResolverSpi) ClassLoaderUtils.loadClass(className, KeyResolver.class).newInstance();
keyResolverSpi.setGlobalResolver(globalResolver);
@@ -192,8 +196,11 @@ public class KeyResolver {
*
* @param className
* @param globalResolver Whether the KeyResolverSpi is a global resolver or not
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the key resolver
*/
public static void registerAtStart(String className, boolean globalResolver) {
+ JavaUtils.checkRegisterPermission();
KeyResolverSpi keyResolverSpi = null;
Exception ex = null;
try {
@@ -225,11 +232,14 @@ public class KeyResolver {
*
* @param keyResolverSpi a KeyResolverSpi instance to register
* @param start whether to register the KeyResolverSpi at the start of the list or not
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the key resolver
*/
public static void register(
KeyResolverSpi keyResolverSpi,
boolean start
) {
+ JavaUtils.checkRegisterPermission();
KeyResolver resolver = new KeyResolver(keyResolverSpi);
if (start) {
resolverVector.add(0, resolver);
@@ -251,9 +261,12 @@ public class KeyResolver {
* @throws InstantiationException
* @throws IllegalAccessException
* @throws ClassNotFoundException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the key resolver
*/
public static void registerClassNames(List<String> classNames)
throws ClassNotFoundException, IllegalAccessException, InstantiationException {
+ JavaUtils.checkRegisterPermission();
List<KeyResolver> keyResolverList = new ArrayList<KeyResolver>(classNames.size());
for (String className : classNames) {
KeyResolverSpi keyResolverSpi =
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/transforms/Transform.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/transforms/Transform.java?rev=1633823&r1=1633822&r2=1633823&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/transforms/Transform.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/transforms/Transform.java Thu Oct 23 14:42:16 2014
@@ -43,6 +43,7 @@ import org.apache.xml.security.transform
import org.apache.xml.security.utils.ClassLoaderUtils;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.HelperNodeList;
+import org.apache.xml.security.utils.JavaUtils;
import org.apache.xml.security.utils.SignatureElementProxy;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
@@ -179,11 +180,14 @@ public final class Transform extends Sig
* class of {@link TransformSpi}
* @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
* is already registered
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the transform
*/
@SuppressWarnings("unchecked")
public static void register(String algorithmURI, String implementingClass)
throws AlgorithmAlreadyRegisteredException, ClassNotFoundException,
InvalidTransformException {
+ JavaUtils.checkRegisterPermission();
// are we already registered?
Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI);
if (transformSpi != null) {
@@ -204,9 +208,12 @@ public final class Transform extends Sig
* class of {@link TransformSpi}
* @throws AlgorithmAlreadyRegisteredException if specified algorithmURI
* is already registered
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register the transform
*/
public static void register(String algorithmURI, Class<? extends TransformSpi> implementingClass)
throws AlgorithmAlreadyRegisteredException {
+ JavaUtils.checkRegisterPermission();
// are we already registered?
Class<? extends TransformSpi> transformSpi = transformSpiHash.get(algorithmURI);
if (transformSpi != null) {
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/ElementProxy.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/ElementProxy.java?rev=1633823&r1=1633822&r2=1633823&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/ElementProxy.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/ElementProxy.java Thu Oct 23 14:42:16 2014
@@ -463,9 +463,12 @@ public abstract class ElementProxy {
* @param namespace
* @param prefix
* @throws XMLSecurityException
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to set the default prefix
*/
public static void setDefaultPrefix(String namespace, String prefix)
throws XMLSecurityException {
+ JavaUtils.checkRegisterPermission();
if (prefixMappings.containsValue(prefix)) {
String storedPrefix = prefixMappings.get(namespace);
if (!storedPrefix.equals(prefix)) {
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/JavaUtils.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/JavaUtils.java?rev=1633823&r1=1633822&r2=1633823&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/JavaUtils.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/JavaUtils.java Thu Oct 23 14:42:16 2014
@@ -24,6 +24,7 @@ import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.SecurityPermission;
/**
* A collection of different, general-purpose methods for JAVA-specific things
@@ -35,6 +36,9 @@ public class JavaUtils {
private static org.apache.commons.logging.Log log =
org.apache.commons.logging.LogFactory.getLog(JavaUtils.class);
+ private static final SecurityPermission REGISTER_PERMISSION =
+ new SecurityPermission("org.apache.xml.security.register");
+
private JavaUtils() {
// we don't allow instantiation
}
@@ -235,4 +239,21 @@ public class JavaUtils {
return asn1Bytes;
}
+
+ /**
+ * Throws a {@code SecurityException} if a security manager is installed
+ * and the caller is not allowed to register an implementation of an
+ * algorithm, transform, or other security sensitive XML Signature function.
+ *
+ * @throws SecurityException if a security manager is installed and the
+ * caller has not been granted the
+ * {@literal "org.apache.xml.security.register"}
+ * {@code SecurityPermission}
+ */
+ public static void checkRegisterPermission() {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(REGISTER_PERMISSION);
+ }
+ }
}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/XMLUtils.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/XMLUtils.java?rev=1633823&r1=1633822&r2=1633823&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/XMLUtils.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/XMLUtils.java Thu Oct 23 14:42:16 2014
@@ -81,32 +81,44 @@ public class XMLUtils {
/**
* Set the prefix for the digital signature namespace
* @param prefix the new prefix for the digital signature namespace
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to set the prefix
*/
public static void setDsPrefix(String prefix) {
+ JavaUtils.checkRegisterPermission();
dsPrefix = prefix;
}
/**
* Set the prefix for the digital signature 1.1 namespace
* @param prefix the new prefix for the digital signature 1.1 namespace
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to set the prefix
*/
public static void setDs11Prefix(String prefix) {
+ JavaUtils.checkRegisterPermission();
ds11Prefix = prefix;
}
/**
* Set the prefix for the encryption namespace
* @param prefix the new prefix for the encryption namespace
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to set the prefix
*/
public static void setXencPrefix(String prefix) {
+ JavaUtils.checkRegisterPermission();
xencPrefix = prefix;
}
/**
* Set the prefix for the encryption namespace 1.1
* @param prefix the new prefix for the encryption namespace 1.1
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to set the prefix
*/
public static void setXenc11Prefix(String prefix) {
+ JavaUtils.checkRegisterPermission();
xenc11Prefix = prefix;
}
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java?rev=1633823&r1=1633822&r2=1633823&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/resolver/ResourceResolver.java Thu Oct 23 14:42:16 2014
@@ -24,6 +24,7 @@ import java.util.Map;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.utils.ClassLoaderUtils;
+import org.apache.xml.security.utils.JavaUtils;
import org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP;
import org.apache.xml.security.utils.resolver.implementations.ResolverFragment;
import org.apache.xml.security.utils.resolver.implementations.ResolverLocalFilesystem;
@@ -196,9 +197,12 @@ public class ResourceResolver {
* the class cannot be registered.
*
* @param className the name of the ResourceResolverSpi class to be registered
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register a resource resolver
*/
@SuppressWarnings("unchecked")
public static void register(String className) {
+ JavaUtils.checkRegisterPermission();
try {
Class<ResourceResolverSpi> resourceResolverClass =
(Class<ResourceResolverSpi>)
@@ -214,9 +218,12 @@ public class ResourceResolver {
* list. This method logs a warning if the class cannot be registered.
*
* @param className the name of the ResourceResolverSpi class to be registered
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register a resource resolver
*/
@SuppressWarnings("unchecked")
public static void registerAtStart(String className) {
+ JavaUtils.checkRegisterPermission();
try {
Class<ResourceResolverSpi> resourceResolverClass =
(Class<ResourceResolverSpi>)
@@ -232,8 +239,11 @@ public class ResourceResolver {
* cannot be registered.
* @param className
* @param start
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register a resource resolver
*/
public static void register(Class<? extends ResourceResolverSpi> className, boolean start) {
+ JavaUtils.checkRegisterPermission();
try {
ResourceResolverSpi resourceResolverSpi = className.newInstance();
register(resourceResolverSpi, start);
@@ -249,8 +259,11 @@ public class ResourceResolver {
* cannot be registered.
* @param resourceResolverSpi
* @param start
+ * @throws SecurityException if a security manager is installed and the
+ * caller does not have permission to register a resource resolver
*/
public static void register(ResourceResolverSpi resourceResolverSpi, boolean start) {
+ JavaUtils.checkRegisterPermission();
synchronized(resolverList) {
if (start) {
resolverList.add(0, new ResourceResolver(resourceResolverSpi));