You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by di...@apache.org on 2008/04/05 19:06:30 UTC

svn commit: r645138 - in /webservices/axis2/trunk/java/modules: kernel/src/org/apache/axis2/wsdl/util/ metadata/src/org/apache/axis2/jaxws/description/impl/ metadata/src/org/apache/axis2/jaxws/util/

Author: dims
Date: Sat Apr  5 10:06:29 2008
New Revision: 645138

URL: http://svn.apache.org/viewvc?rev=645138&view=rev
Log:
Java2 Security Fixes

Modified:
    webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/wsdl/util/WSDLWrapperReloadImpl.java
    webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/ServiceDescriptionImpl.java
    webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java

Modified: webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/wsdl/util/WSDLWrapperReloadImpl.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/wsdl/util/WSDLWrapperReloadImpl.java?rev=645138&r1=645137&r2=645138&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/wsdl/util/WSDLWrapperReloadImpl.java (original)
+++ webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/wsdl/util/WSDLWrapperReloadImpl.java Sat Apr  5 10:06:29 2008
@@ -1343,8 +1343,14 @@
     }
 
 
-    private URL getAbsoluteURL(ClassLoader classLoader, String filePath) throws WSDLException {
-        URL url = classLoader.getResource(filePath);
+    private URL getAbsoluteURL(final ClassLoader classLoader, final String filePath) throws WSDLException {
+        URL url = (URL) AccessController.doPrivileged(
+                new PrivilegedAction() {
+                    public Object run() {
+                        return classLoader.getResource(filePath);
+                    }
+                }
+        );
         if (url == null) {
             if (log.isDebugEnabled()) {
                 log.debug("Could not get URL from classloader. Looking in a jar.");

Modified: webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/ServiceDescriptionImpl.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/ServiceDescriptionImpl.java?rev=645138&r1=645137&r2=645138&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/ServiceDescriptionImpl.java (original)
+++ webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/ServiceDescriptionImpl.java Sat Apr  5 10:06:29 2008
@@ -907,14 +907,14 @@
         ClassLoader loader = composite.getClassLoader();
         URL url = null;
         if (loader != null) {
-            url = loader.getResource(wsdlLocation);
+            url = getResource(wsdlLocation, loader); 
         }
         
         // Try the context class loader
         if(url == null){
             ClassLoader classLoader = getContextClassLoader(null);
             if(classLoader != loader){
-                url = classLoader.getResource(wsdlLocation);
+                url = getResource(wsdlLocation, classLoader);
             }
         }
 
@@ -951,6 +951,16 @@
             }
         }
         return url;
+    }
+
+    private URL getResource(final String wsdlLocation, final ClassLoader loader) {
+        return (URL) AccessController.doPrivileged(
+                new PrivilegedAction() {
+                    public Object run() {
+                        return loader.getResource(wsdlLocation);
+                    }
+                }
+        );
     }
 
     // TODO: Remove these and replace with appropraite get* methods for WSDL information

Modified: webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java?rev=645138&r1=645137&r2=645138&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java (original)
+++ webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java Sat Apr  5 10:06:29 2008
@@ -372,7 +372,7 @@
             if ("file".equals(url.getProtocol())) {
                 File f = new File(url.getPath());
                 // If file is not of type directory then its a jar file
-                if (f.exists() && !f.isDirectory()) {
+                if (isAFile(f)) { 
                     try {
                         JarFile jf = new JarFile(f);
                         Enumeration<JarEntry> entries = jf.entries();
@@ -409,6 +409,17 @@
         }
 
         return null;
+    }
+
+    private boolean isAFile(final File f) {
+        Boolean ret = (Boolean) AccessController.doPrivileged(
+                new PrivilegedAction() {
+                    public Object run() {
+                        return new Boolean(f.exists() && !f.isDirectory());
+                    }
+                }
+        );
+        return ret.booleanValue();
     }
 
     private static WSDLReader getWSDLReader() throws WSDLException {



---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org