You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by "Rich Scheuerle (JIRA)" <ji...@apache.org> on 2009/06/17 18:10:07 UTC
[jira] Created: (AXIS2-4390) JAXWS: Java2Security Violation Fixes
JAXWS: Java2Security Violation Fixes
------------------------------------
Key: AXIS2-4390
URL: https://issues.apache.org/jira/browse/AXIS2-4390
Project: Axis 2.0 (Axis2)
Issue Type: Bug
Reporter: Rich Scheuerle
Assignee: Rich Scheuerle
Two Java2Security violations were detected during IBM testing.
The first violation occurs in org/apache/axis2/jaxws/description/impl/DescriptionUtils.openHandlerConfig stream.
The non-priv code causes the handler configuration access to fail. This can cause user applications to fail.
The second violation occurs in the JAX-WS JavaBeanDispatcher while getting the Context ClassLoader.
Solution;
I am correcting the code to add the appropriate ammount of doPriv stanzas.
Kudos to Paul Mariduena for his cooperation on the design and testing of these fixes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (AXIS2-4390) JAXWS: Java2Security Violation Fixes
Posted by "Andreas Veithen (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-4390?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Andreas Veithen updated AXIS2-4390:
-----------------------------------
Fix Version/s: 1.6
> JAXWS: Java2Security Violation Fixes
> ------------------------------------
>
> Key: AXIS2-4390
> URL: https://issues.apache.org/jira/browse/AXIS2-4390
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Reporter: Rich Scheuerle
> Assignee: Rich Scheuerle
> Fix For: 1.6
>
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Two Java2Security violations were detected during IBM testing.
> The first violation occurs in org/apache/axis2/jaxws/description/impl/DescriptionUtils.openHandlerConfig stream.
> The non-priv code causes the handler configuration access to fail. This can cause user applications to fail.
> The second violation occurs in the JAX-WS JavaBeanDispatcher while getting the Context ClassLoader.
> Solution;
> I am correcting the code to add the appropriate ammount of doPriv stanzas.
> Kudos to Paul Mariduena for his cooperation on the design and testing of these fixes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Resolved: (AXIS2-4390) JAXWS: Java2Security Violation Fixes
Posted by "Rich Scheuerle (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/AXIS2-4390?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Rich Scheuerle resolved AXIS2-4390.
-----------------------------------
Resolution: Fixed
Committed revision 785720
> JAXWS: Java2Security Violation Fixes
> ------------------------------------
>
> Key: AXIS2-4390
> URL: https://issues.apache.org/jira/browse/AXIS2-4390
> Project: Axis 2.0 (Axis2)
> Issue Type: Bug
> Reporter: Rich Scheuerle
> Assignee: Rich Scheuerle
> Original Estimate: 24h
> Remaining Estimate: 24h
>
> Two Java2Security violations were detected during IBM testing.
> The first violation occurs in org/apache/axis2/jaxws/description/impl/DescriptionUtils.openHandlerConfig stream.
> The non-priv code causes the handler configuration access to fail. This can cause user applications to fail.
> The second violation occurs in the JAX-WS JavaBeanDispatcher while getting the Context ClassLoader.
> Solution;
> I am correcting the code to add the appropriate ammount of doPriv stanzas.
> Kudos to Paul Mariduena for his cooperation on the design and testing of these fixes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.