You are viewing a plain text version of this content. The canonical link for it is here.
Posted to axis-cvs@ws.apache.org by di...@apache.org on 2008/04/05 19:06:30 UTC
svn commit: r645138 - in /webservices/axis2/trunk/java/modules:
kernel/src/org/apache/axis2/wsdl/util/
metadata/src/org/apache/axis2/jaxws/description/impl/
metadata/src/org/apache/axis2/jaxws/util/
Author: dims
Date: Sat Apr 5 10:06:29 2008
New Revision: 645138
URL: http://svn.apache.org/viewvc?rev=645138&view=rev
Log:
Java2 Security Fixes
Modified:
webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/wsdl/util/WSDLWrapperReloadImpl.java
webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/ServiceDescriptionImpl.java
webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java
Modified: webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/wsdl/util/WSDLWrapperReloadImpl.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/wsdl/util/WSDLWrapperReloadImpl.java?rev=645138&r1=645137&r2=645138&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/wsdl/util/WSDLWrapperReloadImpl.java (original)
+++ webservices/axis2/trunk/java/modules/kernel/src/org/apache/axis2/wsdl/util/WSDLWrapperReloadImpl.java Sat Apr 5 10:06:29 2008
@@ -1343,8 +1343,14 @@
}
- private URL getAbsoluteURL(ClassLoader classLoader, String filePath) throws WSDLException {
- URL url = classLoader.getResource(filePath);
+ private URL getAbsoluteURL(final ClassLoader classLoader, final String filePath) throws WSDLException {
+ URL url = (URL) AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return classLoader.getResource(filePath);
+ }
+ }
+ );
if (url == null) {
if (log.isDebugEnabled()) {
log.debug("Could not get URL from classloader. Looking in a jar.");
Modified: webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/ServiceDescriptionImpl.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/ServiceDescriptionImpl.java?rev=645138&r1=645137&r2=645138&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/ServiceDescriptionImpl.java (original)
+++ webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/description/impl/ServiceDescriptionImpl.java Sat Apr 5 10:06:29 2008
@@ -907,14 +907,14 @@
ClassLoader loader = composite.getClassLoader();
URL url = null;
if (loader != null) {
- url = loader.getResource(wsdlLocation);
+ url = getResource(wsdlLocation, loader);
}
// Try the context class loader
if(url == null){
ClassLoader classLoader = getContextClassLoader(null);
if(classLoader != loader){
- url = classLoader.getResource(wsdlLocation);
+ url = getResource(wsdlLocation, classLoader);
}
}
@@ -951,6 +951,16 @@
}
}
return url;
+ }
+
+ private URL getResource(final String wsdlLocation, final ClassLoader loader) {
+ return (URL) AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return loader.getResource(wsdlLocation);
+ }
+ }
+ );
}
// TODO: Remove these and replace with appropraite get* methods for WSDL information
Modified: webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java
URL: http://svn.apache.org/viewvc/webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java?rev=645138&r1=645137&r2=645138&view=diff
==============================================================================
--- webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java (original)
+++ webservices/axis2/trunk/java/modules/metadata/src/org/apache/axis2/jaxws/util/WSDL4JWrapper.java Sat Apr 5 10:06:29 2008
@@ -372,7 +372,7 @@
if ("file".equals(url.getProtocol())) {
File f = new File(url.getPath());
// If file is not of type directory then its a jar file
- if (f.exists() && !f.isDirectory()) {
+ if (isAFile(f)) {
try {
JarFile jf = new JarFile(f);
Enumeration<JarEntry> entries = jf.entries();
@@ -409,6 +409,17 @@
}
return null;
+ }
+
+ private boolean isAFile(final File f) {
+ Boolean ret = (Boolean) AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ return new Boolean(f.exists() && !f.isDirectory());
+ }
+ }
+ );
+ return ret.booleanValue();
}
private static WSDLReader getWSDLReader() throws WSDLException {
---------------------------------------------------------------------
To unsubscribe, e-mail: axis-cvs-unsubscribe@ws.apache.org
For additional commands, e-mail: axis-cvs-help@ws.apache.org