You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@xalan.apache.org by Tom Amiro <To...@Sun.COM> on 2002/11/15 17:37:04 UTC
Re: [PATCH] For allowing xalan to read property files without opening up
container permissions
Hi,
I remember running into this problem with the Petstore application
and getting around it by opening up the permissions. But we,
Santiago and I, discussed changing Xalan so it would use
reasonable defaults if it couldn't read the output properties
file. For some reason, we never got around to doing anything about
itt. Ramesh, I'm glad you resurrected this probem and even present a solution.
Anyone on the Toronto team want to check the patch out and
commit it if it looks good?
Tom
Ramesh Mandava wrote:
>
> Hi:
> Xalan as it stands right now, throws the following exception when tried to use
> as part of secure container, such as J2EE RI.
>
> ==
>
> org.apache.xml.utils.WrappedRuntimeException: Could not load
> output_text.properties (check CLASSPATH), now using just the
> defaults
> at
> org.apache.xalan.templates.OutputProperties.loadPropertiesFile(OutputProp
> erties.java:219)
> at
> org.apache.xalan.templates.OutputProperties.getDefaultMethodProperties(Ou
> tputProperties.java:333)
> at
> org.apache.xalan.templates.OutputProperties.setMethodDefaults(OutputPrope
> rties.java:635)
> at
> org.apache.xalan.templates.OutputProperties.setProperty(OutputProperties.
> java:419)
> at
> org.apache.xalan.templates.OutputProperties.setQNameProperty(OutputProper
> ties.java:652)
> at
> org.apache.xalan.processor.ProcessorOutputElem.setMethod(ProcessorOutputE
> lem.java:155
>
> ==
>
> For avoiding this we need to give File read permission for the jar file.
>
> This is happening because we don't have doPrivileged block in
>
> "org.apache.xalan.templates.OutputProperties.java"
>
> while trying to read property files. And as xalan is trying to read internal
> property file, forcing users to opening the permission is not a good idea.
>
> I am providing the patched file as an attachment to this email. I am also
> attaching "cvs diff" as "diffs".
>
> Can somebody review the code and check-in the code.
>
> Thanks
> -Ramesh
>
>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> Name: OutputProperties.java
> OutputProperties.java Type: unspecified type (APPLICATION/octet-stream)
> Encoding: BASE64
> Description: OutputProperties.java
>
> --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
> Index: OutputProperties.java
> ===================================================================
> RCS file: /home/cvspublic/xml-xalan/java/src/org/apache/xalan/templates/OutputProperties.java,v
> retrieving revision 1.22
> diff -r1.22 OutputProperties.java
> 68a69,70
> > import java.security.AccessController;
> > import java.security.PrivilegedAction;
> 192c194
> < static private Properties loadPropertiesFile(String resourceName, Properties defaults)
> ---
> > static private Properties loadPropertiesFile(final String resourceName, Properties defaults)
> 207,211c209,228
> < java.lang.reflect.Method getCCL = Thread.class.getMethod("getContextClassLoader", NO_CLASSES);
> < if (getCCL != null) {
> < ClassLoader contextClassLoader = (ClassLoader) getCCL.invoke(Thread.currentThread(), NO_OBJS);
> < is = contextClassLoader.getResourceAsStream("org/apache/xalan/templates/" + resourceName);
> < }
> ---
> > // Using doPrivileged to be able to read property file without opening
> > // up secured container permissions like J2EE container
> > is =(InputStream)AccessController.doPrivileged( new PrivilegedAction() {
> > public Object run() {
> > try {
> > java.lang.reflect.Method getCCL = Thread.class.getMethod(
> > "getContextClassLoader", NO_CLASSES);
> > if (getCCL != null) {
> > ClassLoader contextClassLoader = (ClassLoader)
> > getCCL.invoke(Thread.currentThread(), NO_OBJS);
> > return ( contextClassLoader.getResourceAsStream (
> > "org/apache/xalan/templates/" + resourceName) );
> > }
> > }
> > catch ( Exception e ) { }
> >
> > return null;
> >
> > }
> > });
> 216c233,238
> < is = OutputProperties.class.getResourceAsStream(resourceName);
> ---
> > is = (InputStream)AccessController.doPrivileged( new PrivilegedAction(){
> > public Object run() {
> > return OutputProperties.class.getResourceAsStream(resourceName);
> > }
> > });
> >
--
Tom Amiro -- SQE Engineer
WTS - Interoperability and Quality
voice: 781-442-0589 Fax: 781-442-1437
eMail: tom.amiro@.sun.com