You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tuscany.apache.org by rf...@apache.org on 2008/05/20 00:29:47 UTC
svn commit: r658007 - in /incubator/tuscany/java/sca/modules:
binding-notification/src/main/java/org/apache/tuscany/sca/binding/notification/
binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/
databinding-sdo/src/main/java/org/apac...
Author: rfeng
Date: Mon May 19 15:29:47 2008
New Revision: 658007
URL: http://svn.apache.org/viewvc?rev=658007&view=rev
Log:
Apply the patch from Dan for TUSCANY-2290. Thanks, Dan!
Modified:
incubator/tuscany/java/sca/modules/binding-notification/src/main/java/org/apache/tuscany/sca/binding/notification/NotificationBindingProviderFactory.java
incubator/tuscany/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceProvider.java
incubator/tuscany/java/sca/modules/databinding-sdo/src/main/java/org/apache/tuscany/sca/databinding/sdo/DataObject2XMLStreamReader.java
incubator/tuscany/java/sca/modules/databinding-sdo/src/main/java/org/apache/tuscany/sca/databinding/sdo/SDODataBinding.java
incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/SCATestCaseRunner.java
incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/DefaultSCADomain.java
incubator/tuscany/java/sca/modules/host-rmi/src/main/java/org/apache/tuscany/sca/host/rmi/DefaultRMIHost.java
incubator/tuscany/java/sca/modules/implementation-osgi/src/main/java/org/apache/tuscany/sca/implementation/osgi/context/OSGiAnnotations.java
incubator/tuscany/java/sca/modules/implementation-osgi/src/main/java/org/apache/tuscany/sca/implementation/osgi/invocation/OSGiImplementationProvider.java
incubator/tuscany/java/sca/modules/implementation-script/src/main/java/org/apache/tuscany/sca/implementation/script/ScriptInvokerFactory.java
incubator/tuscany/java/sca/modules/implementation-script/src/main/java/org/apache/tuscany/sca/implementation/script/engines/TuscanyJRubyScriptEngine.java
incubator/tuscany/java/sca/modules/interface-wsdl-xml/src/main/java/org/apache/tuscany/sca/interfacedef/wsdl/xml/XSDModelResolver.java
incubator/tuscany/java/sca/modules/interface-wsdl/src/main/java/org/apache/tuscany/sca/interfacedef/wsdl/impl/XSDefinitionImpl.java
incubator/tuscany/java/sca/modules/osgi-runtime/src/test/java/org/apache/tuscany/sca/osgi/runtime/OSGiRuntimeTestCase.java
Modified: incubator/tuscany/java/sca/modules/binding-notification/src/main/java/org/apache/tuscany/sca/binding/notification/NotificationBindingProviderFactory.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/binding-notification/src/main/java/org/apache/tuscany/sca/binding/notification/NotificationBindingProviderFactory.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/binding-notification/src/main/java/org/apache/tuscany/sca/binding/notification/NotificationBindingProviderFactory.java (original)
+++ incubator/tuscany/java/sca/modules/binding-notification/src/main/java/org/apache/tuscany/sca/binding/notification/NotificationBindingProviderFactory.java Mon May 19 15:29:47 2008
@@ -21,6 +21,8 @@
import java.net.InetAddress;
import java.net.URI;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -249,7 +251,13 @@
private String getBaseURI() {
if (httpUrl == null) {
- String httpPort = System.getProperty("notification.httpPort");
+ // Allow priviledged access to read system property. Requires PropertyPermision in security policy.
+ String httpPort = AccessController.doPrivileged(new PrivilegedAction<String>() {
+ public String run() {
+ return System.getProperty("notification.httpPort");
+ }
+ });
+
if (httpPort == null) {
httpPort = DEFAULT_PORT;
}
Modified: incubator/tuscany/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceProvider.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceProvider.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceProvider.java (original)
+++ incubator/tuscany/java/sca/modules/binding-ws-axis2/src/main/java/org/apache/tuscany/sca/binding/ws/axis2/Axis2ServiceProvider.java Mon May 19 15:29:47 2008
@@ -152,15 +152,24 @@
this.messageFactory = messageFactory;
this.policyHandlerClassnames = policyHandlerClassnames;
-
try {
- TuscanyAxisConfigurator tuscanyAxisConfigurator = new TuscanyAxisConfigurator();
+ // TuscanyAxisConfigurator tuscanyAxisConfigurator = new TuscanyAxisConfigurator();
+ // Allow privileged access to read properties. Requires PropertyPermission read in
+ // security policy.
+ TuscanyAxisConfigurator tuscanyAxisConfigurator =
+ AccessController.doPrivileged(new PrivilegedExceptionAction<TuscanyAxisConfigurator>() {
+ public TuscanyAxisConfigurator run() throws AxisFault {
+ return new TuscanyAxisConfigurator();
+ }
+ });
configContext = tuscanyAxisConfigurator.getConfigurationContext();
- //deployRampartModule();
- //configureSecurity();
+ // deployRampartModule();
+ // configureSecurity();
+ } catch (PrivilegedActionException e) {
+ throw new RuntimeException(e);
} catch (AxisFault e) {
throw new RuntimeException(e); // TODO: better exception
- } catch ( Exception e ) {
+ } catch (Exception e) {
throw new RuntimeException(e);
}
Modified: incubator/tuscany/java/sca/modules/databinding-sdo/src/main/java/org/apache/tuscany/sca/databinding/sdo/DataObject2XMLStreamReader.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/databinding-sdo/src/main/java/org/apache/tuscany/sca/databinding/sdo/DataObject2XMLStreamReader.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/databinding-sdo/src/main/java/org/apache/tuscany/sca/databinding/sdo/DataObject2XMLStreamReader.java (original)
+++ incubator/tuscany/java/sca/modules/databinding-sdo/src/main/java/org/apache/tuscany/sca/databinding/sdo/DataObject2XMLStreamReader.java Mon May 19 15:29:47 2008
@@ -18,6 +18,9 @@
*/
package org.apache.tuscany.sca.databinding.sdo;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
@@ -37,17 +40,23 @@
public class DataObject2XMLStreamReader extends BaseTransformer<DataObject, XMLStreamReader> implements
PullTransformer<DataObject, XMLStreamReader> {
- public XMLStreamReader transform(DataObject source, TransformationContext context) {
+ public XMLStreamReader transform(final DataObject source, TransformationContext context) {
if (source == null) {
return null;
}
try {
HelperContext helperContext = SDOContextHelper.getHelperContext(context);
XMLStreamHelper streamHelper = SDOUtil.createXMLStreamHelper(helperContext);
- QName elementName = SDOContextHelper.getElement(context);
- XMLHelper xmlHelper = helperContext.getXMLHelper();
- XMLDocument document =
- xmlHelper.createDocument(source, elementName.getNamespaceURI(), elementName.getLocalPart());
+ final QName elementName = SDOContextHelper.getElement(context);
+ final XMLHelper xmlHelper = helperContext.getXMLHelper();
+ // Allow privileged access to read properties. REquires java.util.PropertyPermission
+ // XML.load.form.lax read in security policy.
+ XMLDocument document = AccessController.doPrivileged(new PrivilegedAction<XMLDocument>() {
+ public XMLDocument run() {
+ return xmlHelper.createDocument(source, elementName.getNamespaceURI(), elementName.getLocalPart());
+ }
+ });
+
return streamHelper.createXMLStreamReader(document);
} catch (XMLStreamException e) {
// TODO: Add context to the exception
Modified: incubator/tuscany/java/sca/modules/databinding-sdo/src/main/java/org/apache/tuscany/sca/databinding/sdo/SDODataBinding.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/databinding-sdo/src/main/java/org/apache/tuscany/sca/databinding/sdo/SDODataBinding.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/databinding-sdo/src/main/java/org/apache/tuscany/sca/databinding/sdo/SDODataBinding.java (original)
+++ incubator/tuscany/java/sca/modules/databinding-sdo/src/main/java/org/apache/tuscany/sca/databinding/sdo/SDODataBinding.java Mon May 19 15:29:47 2008
@@ -20,6 +20,8 @@
package org.apache.tuscany.sca.databinding.sdo;
import java.lang.annotation.Annotation;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import javax.xml.namespace.QName;
@@ -58,7 +60,13 @@
@Override
public boolean introspect(DataType dataType, Annotation[] annotations) {
Class javaType = dataType.getPhysical();
- HelperContext context = HelperProvider.getDefaultContext();
+ // Allow privileged access to read system properties. Requires PropertyPermission
+ // java.specification.version read in security policy.
+ HelperContext context = AccessController.doPrivileged(new PrivilegedAction<HelperContext>() {
+ public HelperContext run() {
+ return HelperProvider.getDefaultContext();
+ }
+ });
// FIXME: Need a better to test dynamic SDO
if (DataObject.class.isAssignableFrom(javaType)) {
// Dynamic SDO
Modified: incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/SCATestCaseRunner.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/SCATestCaseRunner.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/SCATestCaseRunner.java (original)
+++ incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/SCATestCaseRunner.java Mon May 19 15:29:47 2008
@@ -23,6 +23,8 @@
import java.lang.reflect.Method;
import java.net.URL;
import java.net.URLClassLoader;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
/**
* A helper class that can be used to run an SCA JUnit test case. The test case will run in an isolated class loader.
@@ -64,8 +66,17 @@
}
try {
- Thread.currentThread().setContextClassLoader(classLoader);
-
+ // Thread.currentThread().setContextClassLoader(classLoader);
+ // Allow privileged access to set class loader. Requires RuntimePermission
+ // setContextClassLoader in security policy.
+ final ClassLoader finalClassLoader = classLoader;
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Object run() {
+ Thread.currentThread().setContextClassLoader(finalClassLoader);
+ return null;
+ }
+ });
+
testCaseClass = Class.forName(testClass.getName(), true, classLoader);
testCase = testCaseClass.newInstance();
ClassLoader testClassLoader = testCaseClass.getClassLoader();
@@ -88,9 +99,20 @@
// Unexpected
throw new AssertionError(e);
}
-
+ } catch (Throwable e) {
+ System.out.println( "DOB: Caught bad throwable");
+ e.printStackTrace();
} finally {
- Thread.currentThread().setContextClassLoader(tccl);
+ // Thread.currentThread().setContextClassLoader(tccl);
+ // Allow privileged access to set class loader. Requires RuntimePermission
+ // setContextClassLoader in security policy.
+ final ClassLoader finaltccl = tccl;
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Object run() {
+ Thread.currentThread().setContextClassLoader(finaltccl);
+ return null;
+ }
+ });
}
} catch (Exception e) {
throw new RuntimeException(e);
@@ -103,7 +125,16 @@
public void run() {
ClassLoader tccl = Thread.currentThread().getContextClassLoader();
try {
- Thread.currentThread().setContextClassLoader(classLoader);
+ // Thread.currentThread().setContextClassLoader(classLoader);
+ // Allow privileged access to set class loader. Requires RuntimePermission
+ // setContextClassLoader in security policy.
+ final ClassLoader finalClassLoader = classLoader;
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Object run() {
+ Thread.currentThread().setContextClassLoader(finalClassLoader);
+ return null;
+ }
+ });
if (junit3TestCaseClass.isAssignableFrom(testCaseClass)) {
Object testResult = testResultClass.newInstance();
@@ -118,7 +149,16 @@
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
- Thread.currentThread().setContextClassLoader(tccl);
+ // Thread.currentThread().setContextClassLoader(tccl);
+ // Allow privileged access to set class loader. Requires RuntimePermission
+ // setContextClassLoader in security policy.
+ final ClassLoader finaltccl = tccl;
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Object run() {
+ Thread.currentThread().setContextClassLoader(finaltccl);
+ return null;
+ }
+ });
}
}
@@ -180,7 +220,16 @@
}
ClassLoader tccl = Thread.currentThread().getContextClassLoader();
try {
- Thread.currentThread().setContextClassLoader(classLoader);
+ // Thread.currentThread().setContextClassLoader(classLoader);
+ // Allow privileged access to set class loader. Requires RuntimePermission
+ // setContextClassLoader in security policy.
+ final ClassLoader finalClassLoader = classLoader;
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Object run() {
+ Thread.currentThread().setContextClassLoader(finalClassLoader);
+ return null;
+ }
+ });
for (Method method : testCaseClass.getDeclaredMethods()) {
for (Annotation annotation : method.getAnnotations()) {
@@ -192,7 +241,16 @@
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
- Thread.currentThread().setContextClassLoader(tccl);
+ // Thread.currentThread().setContextClassLoader(tccl);
+ // Allow privileged access to set class loader. Requires RuntimePermission
+ // setContextClassLoader in security policy.
+ final ClassLoader finaltccl = tccl;
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Object run() {
+ Thread.currentThread().setContextClassLoader(finaltccl);
+ return null;
+ }
+ });
}
}
@@ -202,14 +260,32 @@
private void execute(String methodName) {
ClassLoader tccl = Thread.currentThread().getContextClassLoader();
try {
- Thread.currentThread().setContextClassLoader(classLoader);
+ // Thread.currentThread().setContextClassLoader(classLoader);
+ // Allow privileged access to set class loader. Requires RuntimePermission
+ // setContextClassLoader in security policy.
+ final ClassLoader finalClassLoader = classLoader;
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Object run() {
+ Thread.currentThread().setContextClassLoader(finalClassLoader);
+ return null;
+ }
+ });
Method setUpMethod = testCaseClass.getDeclaredMethod(methodName);
setUpMethod.setAccessible(true);
setUpMethod.invoke(testCase);
} catch (Exception e) {
throw new RuntimeException(e);
} finally {
- Thread.currentThread().setContextClassLoader(tccl);
+ // Thread.currentThread().setContextClassLoader(tccl);
+ // Allow privileged access to set class loader. Requires RuntimePermission
+ // setContextClassLoader in security policy.
+ final ClassLoader finaltccl = tccl;
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Object run() {
+ Thread.currentThread().setContextClassLoader(finaltccl);
+ return null;
+ }
+ });
}
}
Modified: incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/DefaultSCADomain.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/DefaultSCADomain.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/DefaultSCADomain.java (original)
+++ incubator/tuscany/java/sca/modules/host-embedded/src/main/java/org/apache/tuscany/sca/host/embedded/impl/DefaultSCADomain.java Mon May 19 15:29:47 2008
@@ -282,15 +282,23 @@
// }
}
- protected void addContribution(ContributionService contributionService, URL contributionURL) throws IOException {
+ protected void addContribution(final ContributionService contributionService, final URL contributionURL) throws IOException {
+ String contributionURI = FileHelper.getName(contributionURL.getPath());
+ if (contributionURI == null || contributionURI.length() == 0) {
+ contributionURI = contributionURL.toString();
+ }
+ // Allow privileged access to load resources. Requires RuntimePermission in security
+ // policy.
+ final String finalContributionURI = contributionURI;
try {
- String contributionURI = FileHelper.getName(contributionURL.getPath());
- if (contributionURI == null || contributionURI.length() == 0) {
- contributionURI = contributionURL.toString();
- }
- contributions.add(contributionService.contribute(contributionURI, contributionURL, false));
- } catch (ContributionException e) {
- throw new ServiceRuntimeException(e);
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+ public Object run() throws ContributionException, IOException {
+ contributions.add(contributionService.contribute(finalContributionURI, contributionURL, false));
+ return null;
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (ServiceRuntimeException)e.getException();
}
}
Modified: incubator/tuscany/java/sca/modules/host-rmi/src/main/java/org/apache/tuscany/sca/host/rmi/DefaultRMIHost.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/host-rmi/src/main/java/org/apache/tuscany/sca/host/rmi/DefaultRMIHost.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/host-rmi/src/main/java/org/apache/tuscany/sca/host/rmi/DefaultRMIHost.java (original)
+++ incubator/tuscany/java/sca/modules/host-rmi/src/main/java/org/apache/tuscany/sca/host/rmi/DefaultRMIHost.java Mon May 19 15:29:47 2008
@@ -107,6 +107,8 @@
int portNumber = (port == null || port.length() <= 0) ? RMI_DEFAULT_PORT : Integer.decode(port);
try {
+ // Requires permission java.net.SocketPermission "host:port", "connect,accept,resolve"
+ // in security policy.
registry = LocateRegistry.getRegistry(host, portNumber);
if (registry != null) {
Modified: incubator/tuscany/java/sca/modules/implementation-osgi/src/main/java/org/apache/tuscany/sca/implementation/osgi/context/OSGiAnnotations.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/implementation-osgi/src/main/java/org/apache/tuscany/sca/implementation/osgi/context/OSGiAnnotations.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/implementation-osgi/src/main/java/org/apache/tuscany/sca/implementation/osgi/context/OSGiAnnotations.java (original)
+++ incubator/tuscany/java/sca/modules/implementation-osgi/src/main/java/org/apache/tuscany/sca/implementation/osgi/context/OSGiAnnotations.java Mon May 19 15:29:47 2008
@@ -20,6 +20,8 @@
import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Hashtable;
@@ -207,14 +209,19 @@
* Get the annotation corresponding to an instance
*
*/
- private JavaImplementation getAnnotationInfo(Object instance) {
+ private JavaImplementation getAnnotationInfo(final Object instance) {
// The simplest case where the implementation class was listed under the
// classes attribute of <implementation.osgi/>, or this is the second call
// to this method for the implementation class.
- JavaImplementation javaImpl = javaAnnotationInfo.get(instance.getClass());
- if (javaImpl != null)
- return javaImpl;
+ // Allow privileged access to get classloader. Requires getClassLoader in security policy.
+ JavaImplementation javaImpl = AccessController.doPrivileged(new PrivilegedAction<JavaImplementation>() {
+ public JavaImplementation run() {
+ return javaAnnotationInfo.get(instance.getClass());
+ }
+ });
+ if (javaImpl != null)
+ return javaImpl;
// Process annotations from the instance class.
try {
Modified: incubator/tuscany/java/sca/modules/implementation-osgi/src/main/java/org/apache/tuscany/sca/implementation/osgi/invocation/OSGiImplementationProvider.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/implementation-osgi/src/main/java/org/apache/tuscany/sca/implementation/osgi/invocation/OSGiImplementationProvider.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/implementation-osgi/src/main/java/org/apache/tuscany/sca/implementation/osgi/invocation/OSGiImplementationProvider.java (original)
+++ incubator/tuscany/java/sca/modules/implementation-osgi/src/main/java/org/apache/tuscany/sca/implementation/osgi/invocation/OSGiImplementationProvider.java Mon May 19 15:29:47 2008
@@ -22,6 +22,9 @@
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Dictionary;
import java.util.HashSet;
@@ -412,9 +415,15 @@
while (retry++ < 10) {
try {
- osgiBundle.start();
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+ public Object run() throws BundleException {
+ osgiBundle.start();
+ return null;
+ }
+ });
break;
- } catch (BundleException e) {
+ // } catch ( BundleException e) {
+ } catch ( PrivilegedActionException e) {
// It is possible that the thread "Refresh Packages" is in the process of
// changing the state of this bundle.
Thread.yield();
@@ -715,7 +724,7 @@
- private void resolveWireCreateDummyBundles(Class interfaceClass) throws Exception {
+ private void resolveWireCreateDummyBundles(final Class interfaceClass) throws Exception {
try {
@@ -726,8 +735,13 @@
// The interface used by the proxy is not in the source bundle
// A dummy bundle needs to be installed to create the proxy
-
- Bundle dummyBundle = installDummyBundle(interfaceClass);
+ // Allow privileged access to file system. Requires FileSystem permission in security
+ // policy.
+ Bundle dummyBundle = AccessController.doPrivileged(new PrivilegedExceptionAction<Bundle>() {
+ public Bundle run() throws Exception {
+ return installDummyBundle(interfaceClass);
+ }
+ });
if (packageAdmin != null) {
@@ -826,7 +840,7 @@
// Register proxy service
- private void resolveWireRegisterProxyService(Bundle bundle, Class interfaceClass, RuntimeWire wire) throws Exception {
+ private void resolveWireRegisterProxyService(final Bundle bundle, final Class interfaceClass, RuntimeWire wire) throws Exception {
ComponentReference scaRef = componentReferenceWires.get(wire);
Hashtable<String, Object> targetProperties = new Hashtable<String, Object>();
@@ -841,14 +855,23 @@
JDKProxyFactory proxyService = new JDKProxyFactory();
-
- Class<?> proxyInterface = bundle.loadClass(interfaceClass.getName());
-
- Object proxy = proxyService.createProxy(proxyInterface, wire);
-
-
- bundleContext.registerService(proxyInterface.getName(), proxy, targetProperties);
+ // Allow privileged access to load classes. Requires getClassLoader permission in security
+ // policy.
+ final Class<?> proxyInterface = AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws Exception {
+ return bundle.loadClass(interfaceClass.getName());
+ }
+ });
+
+ final Object proxy = proxyService.createProxy(proxyInterface, wire);
+ final Hashtable<String, Object> finalTargetProperties = targetProperties;
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+ public Object run() throws Exception {
+ bundleContext.registerService(proxyInterface.getName(), proxy, finalTargetProperties);
+ return null;
+ }
+ });
}
Modified: incubator/tuscany/java/sca/modules/implementation-script/src/main/java/org/apache/tuscany/sca/implementation/script/ScriptInvokerFactory.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/implementation-script/src/main/java/org/apache/tuscany/sca/implementation/script/ScriptInvokerFactory.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/implementation-script/src/main/java/org/apache/tuscany/sca/implementation/script/ScriptInvokerFactory.java (original)
+++ incubator/tuscany/java/sca/modules/implementation-script/src/main/java/org/apache/tuscany/sca/implementation/script/ScriptInvokerFactory.java Mon May 19 15:29:47 2008
@@ -20,6 +20,8 @@
package org.apache.tuscany.sca.implementation.script;
import java.io.StringReader;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import javax.script.Invocable;
import javax.script.ScriptEngine;
@@ -141,13 +143,20 @@
* Hack for now to work around a problem with the JRuby script engine
*/
protected ScriptEngine getScriptEngineByExtension(String scriptExtn) {
- ScriptEngineManager scriptEngineManager = new ScriptEngineManager();
if ("rb".equals(scriptExtn)) {
return new TuscanyJRubyScriptEngine();
} else {
if ("py".equals(scriptExtn)) {
pythonCachedir();
}
+ // Allow privileged access to run access classes. Requires RuntimePermission
+ // for accessClassInPackage.sun.misc.
+ ScriptEngineManager scriptEngineManager =
+ AccessController.doPrivileged(new PrivilegedAction<ScriptEngineManager>() {
+ public ScriptEngineManager run() {
+ return new ScriptEngineManager();
+ }
+ });
return scriptEngineManager.getEngineByExtension(scriptExtn);
}
}
Modified: incubator/tuscany/java/sca/modules/implementation-script/src/main/java/org/apache/tuscany/sca/implementation/script/engines/TuscanyJRubyScriptEngine.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/implementation-script/src/main/java/org/apache/tuscany/sca/implementation/script/engines/TuscanyJRubyScriptEngine.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/implementation-script/src/main/java/org/apache/tuscany/sca/implementation/script/engines/TuscanyJRubyScriptEngine.java (original)
+++ incubator/tuscany/java/sca/modules/implementation-script/src/main/java/org/apache/tuscany/sca/implementation/script/engines/TuscanyJRubyScriptEngine.java Mon May 19 15:29:47 2008
@@ -39,6 +39,8 @@
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
@@ -69,6 +71,7 @@
import org.jruby.runtime.Block;
import org.jruby.runtime.IAccessor;
import org.jruby.runtime.builtin.IRubyObject;
+import org.jruby.runtime.load.LoadService;
import com.sun.script.jruby.JRubyScriptEngineFactory;
@@ -88,7 +91,14 @@
private Ruby runtime;
public TuscanyJRubyScriptEngine() {
- init(System.getProperty("com.sun.script.jruby.loadpath"));
+ // Allow privileged access to ready properties. Requires PropertyPermission in security
+ // policy.
+ String rubyPath = AccessController.doPrivileged(new PrivilegedAction<String>() {
+ public String run() {
+ return System.getProperty("com.sun.script.jruby.loadpath");
+ }
+ });
+ init(rubyPath);
}
public TuscanyJRubyScriptEngine(String loadPath) {
@@ -420,10 +430,23 @@
}
}
- private void init(String loadPath) {
- runtime = Ruby.getDefaultInstance();
+ private void init(String loadPath) {
+ // Allow privileged access to ready properties. Requires PropertyPermission in security
+ // policy.
+ //runtime = Ruby.getDefaultInstance();
+ runtime = AccessController.doPrivileged(new PrivilegedAction<Ruby>() {
+ public Ruby run() {
+ return Ruby.getDefaultInstance();
+ }
+ });
if (loadPath == null) {
- loadPath = System.getProperty("java.class.path");
+ // Allow privileged access to ready properties. Requires PropertyPermission in security
+ // policy.
+ loadPath = AccessController.doPrivileged(new PrivilegedAction<String>() {
+ public String run() {
+ return System.getProperty("java.class.path");
+ }
+ });
}
List list = new ArrayList(Arrays.asList(loadPath.split(File.pathSeparator)));
list.add("META-INF/jruby.home/lib/ruby/site_ruby/1.8");
@@ -432,9 +455,18 @@
list.add("META-INF/jruby.home/lib/ruby/1.8");
list.add("META-INF/jruby.home/lib/ruby/1.8/java");
list.add("lib/ruby/1.8");
- runtime.getLoadService().init(list);
- runtime.getLoadService().require("java");
-
+ final List finalList = list;
+ // runtime.getLoadService().init(list);
+ // Allow privileged access to ready properties. Requires PropertyPermission in security
+ // policy.
+ final LoadService loadService = runtime.getLoadService();
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Ruby run() {
+ loadService.init(finalList);
+ // loadService.require("java");
+ return null;
+ }
+ });
}
private Object invokeImpl(final Object obj, String method,
@@ -465,4 +497,4 @@
throw new ScriptException(exp);
}
}
-}
\ No newline at end of file
+}
Modified: incubator/tuscany/java/sca/modules/interface-wsdl-xml/src/main/java/org/apache/tuscany/sca/interfacedef/wsdl/xml/XSDModelResolver.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/interface-wsdl-xml/src/main/java/org/apache/tuscany/sca/interfacedef/wsdl/xml/XSDModelResolver.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/interface-wsdl-xml/src/main/java/org/apache/tuscany/sca/interfacedef/wsdl/xml/XSDModelResolver.java (original)
+++ incubator/tuscany/java/sca/modules/interface-wsdl-xml/src/main/java/org/apache/tuscany/sca/interfacedef/wsdl/xml/XSDModelResolver.java Mon May 19 15:29:47 2008
@@ -21,6 +21,8 @@
import java.io.IOException;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -55,7 +57,15 @@
public XSDModelResolver(Contribution contribution, ModelFactoryExtensionPoint modelFactories) {
this.contribution = contribution;
- this.schemaCollection = new XmlSchemaCollection();
+ // Allow privileged access to read system property. Requires PropertyPermission in security
+ // policy.
+ this.schemaCollection =
+ AccessController.doPrivileged(new PrivilegedAction<XmlSchemaCollection>() {
+ public XmlSchemaCollection run() {
+ return new XmlSchemaCollection();
+ }
+ });
+
schemaCollection.setSchemaResolver(new URIResolverImpl(contribution));
this.factory = new DefaultWSDLFactory();
}
Modified: incubator/tuscany/java/sca/modules/interface-wsdl/src/main/java/org/apache/tuscany/sca/interfacedef/wsdl/impl/XSDefinitionImpl.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/interface-wsdl/src/main/java/org/apache/tuscany/sca/interfacedef/wsdl/impl/XSDefinitionImpl.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/interface-wsdl/src/main/java/org/apache/tuscany/sca/interfacedef/wsdl/impl/XSDefinitionImpl.java (original)
+++ incubator/tuscany/java/sca/modules/interface-wsdl/src/main/java/org/apache/tuscany/sca/interfacedef/wsdl/impl/XSDefinitionImpl.java Mon May 19 15:29:47 2008
@@ -20,6 +20,8 @@
package org.apache.tuscany.sca.interfacedef.wsdl.impl;
import java.net.URI;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Iterator;
import javax.xml.namespace.QName;
@@ -40,7 +42,16 @@
* @version $Rev$ $Date$
*/
public class XSDefinitionImpl implements XSDefinition {
- private XmlSchemaCollection schemaCollection = new XmlSchemaCollection();
+ // private XmlSchemaCollection schemaCollection = new XmlSchemaCollection();
+ // Allow privileged access to read system property. Requires PropertyPermission in security
+ // policy.
+ private XmlSchemaCollection schemaCollection =
+ AccessController.doPrivileged(new PrivilegedAction<XmlSchemaCollection>() {
+ public XmlSchemaCollection run() {
+ return new XmlSchemaCollection();
+ }
+ });
+
private XmlSchema schema;
private String namespace;
private URI location;
Modified: incubator/tuscany/java/sca/modules/osgi-runtime/src/test/java/org/apache/tuscany/sca/osgi/runtime/OSGiRuntimeTestCase.java
URL: http://svn.apache.org/viewvc/incubator/tuscany/java/sca/modules/osgi-runtime/src/test/java/org/apache/tuscany/sca/osgi/runtime/OSGiRuntimeTestCase.java?rev=658007&r1=658006&r2=658007&view=diff
==============================================================================
--- incubator/tuscany/java/sca/modules/osgi-runtime/src/test/java/org/apache/tuscany/sca/osgi/runtime/OSGiRuntimeTestCase.java (original)
+++ incubator/tuscany/java/sca/modules/osgi-runtime/src/test/java/org/apache/tuscany/sca/osgi/runtime/OSGiRuntimeTestCase.java Mon May 19 15:29:47 2008
@@ -36,7 +36,12 @@
*/
@Override
protected void setUp() throws Exception {
+ try {
this.runtime = OSGiRuntime.getRuntime();
+ } catch ( Throwable e ) {
+ System.out.println( "DOB: OSGiRuntimeTestCase.setUp error=" + e );
+ e.printStackTrace();
+ }
}
/**