You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-dev@axis.apache.org by di...@apache.org on 2008/03/26 03:37:28 UTC
svn commit: r641119 - in
/webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws:
description/impl/URIResolverImpl.java util/WSDL4JWrapper.java
Author: dims
Date: Tue Mar 25 19:37:13 2008
New Revision: 641119
URL: http://svn.apache.org/viewvc?rev=641119&view=rev
Log:
Few more locations fixed for java2 security
Modified:
webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/URIResolverImpl.java
webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java
Modified: webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/URIResolverImpl.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/URIResolverImpl.java?rev=641119&r1=641118&r2=641119&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/URIResolverImpl.java (original)
+++ webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/URIResolverImpl.java Tue Mar 25 19:37:13 2008
@@ -21,6 +21,7 @@
import org.apache.axis2.jaxws.ExceptionFactory;
import org.apache.axis2.jaxws.i18n.Messages;
+import org.apache.axis2.java.security.AccessController;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.commons.schema.resolver.URIResolver;
@@ -28,10 +29,14 @@
import java.io.File;
import java.io.InputStream;
+import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedExceptionAction;
+import java.security.PrivilegedActionException;
/** This class is used to locate xml schemas that are imported by wsdl documents. */
public class URIResolverImpl implements URIResolver {
@@ -224,7 +229,7 @@
try {
streamURL = new URL(uri);
- is = streamURL.openStream();
+ is = openStream_doPriv(streamURL);
} catch (Throwable t) {
//Exception handling not needed
}
@@ -233,7 +238,7 @@
try {
pathURI = new URI(uri);
streamURL = pathURI.toURL();
- is = streamURL.openStream();
+ is = openStream_doPriv(streamURL);
} catch (Throwable t) {
//Exception handling not needed
}
@@ -241,14 +246,34 @@
if (is == null) {
try {
- File file = new File(uri);
- streamURL = file.toURL();
- is = streamURL.openStream();
+ final File file = new File(uri);
+ streamURL = (URL) AccessController.doPrivileged(
+ new PrivilegedExceptionAction() {
+ public Object run() throws MalformedURLException {
+ return file.toURL();
+ }
+ }
+ );
+ is = openStream_doPriv(streamURL);
} catch (Throwable t) {
//Exception handling not needed
}
}
return is;
+ }
+
+ private InputStream openStream_doPriv(final URL streamURL) throws IOException {
+ try {
+ return (InputStream) AccessController.doPrivileged(
+ new PrivilegedExceptionAction() {
+ public Object run() throws IOException {
+ return streamURL.openStream();
+ }
+ }
+ );
+ } catch (PrivilegedActionException e) {
+ throw (IOException) e.getException();
+ }
}
private String constructPath(URL baseURL, URI resolvedURI) {
Modified: webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java?rev=641119&r1=641118&r2=641119&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java (original)
+++ webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java Tue Mar 25 19:37:13 2008
@@ -300,8 +300,14 @@
});
}
- private URL getAbsoluteURL(ClassLoader classLoader, String filePath){
- URL url = classLoader.getResource(filePath);
+ private URL getAbsoluteURL(final ClassLoader classLoader, final String filePath){
+ URL url = (URL) AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return classLoader.getResource(filePath);
+ }
+ }
+ );
if(url == null) {
if(log.isDebugEnabled()) {
log.debug("Could not get URL from classloader. Looking in a jar.");
@@ -329,7 +335,14 @@
break;
}
- root = root.getParent();
+ final ClassLoader current = root;
+ root = (ClassLoader) AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return current.getParent();
+ }
+ }
+ );
if (log.isDebugEnabled() && root != null) {
log.debug("Checking parent ClassLoader: " + root.getClass().getName());
}
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org