You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by se...@apache.org on 2017/08/11 11:49:24 UTC
cxf git commit: [CXF-7467] WSDLManagerImpl requires privileged
actions in order to work under a security manager, patch from iweiss applied,
This closes #304
Repository: cxf
Updated Branches:
refs/heads/master 39e6c2a44 -> 12e0f151d
[CXF-7467] WSDLManagerImpl requires privileged actions in order to work under a security manager, patch from iweiss applied, This closes #304
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/12e0f151
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/12e0f151
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/12e0f151
Branch: refs/heads/master
Commit: 12e0f151dc739ce927548875010a380ce5852ea3
Parents: 39e6c2a
Author: Sergey Beryozkin <sb...@gmail.com>
Authored: Fri Aug 11 12:49:06 2017 +0100
Committer: Sergey Beryozkin <sb...@gmail.com>
Committed: Fri Aug 11 12:49:06 2017 +0100
----------------------------------------------------------------------
.../org/apache/cxf/wsdl11/WSDLManagerImpl.java | 65 +++++++++++++++++---
1 file changed, 56 insertions(+), 9 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/12e0f151/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java
----------------------------------------------------------------------
diff --git a/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java b/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java
index 6df69ce..bb57d4e 100644
--- a/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java
+++ b/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java
@@ -19,6 +19,9 @@
package org.apache.cxf.wsdl11;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -81,7 +84,17 @@ public class WSDLManagerImpl implements WSDLManager {
}
private WSDLManagerImpl(Bus b) throws BusException {
try {
- factory = WSDLFactory.newInstance();
+ // This is needed to avoid security exceptions when running with a security manager
+ if (System.getSecurityManager() == null) {
+ factory = WSDLFactory.newInstance();
+ } else {
+ try {
+ factory = AccessController.doPrivileged(
+ (PrivilegedExceptionAction<WSDLFactory>) WSDLFactory::newInstance);
+ } catch (PrivilegedActionException paex) {
+ throw new BusException(paex);
+ }
+ }
registry = factory.newPopulatedExtensionRegistry();
registry.registerSerializer(Types.class,
WSDLConstants.QNAME_SCHEMA,
@@ -167,16 +180,30 @@ public class WSDLManagerImpl implements WSDLManager {
return def;
}
- public Definition getDefinition(Element el) throws WSDLException {
+ public Definition getDefinition(final Element el) throws WSDLException {
synchronized (definitionsMap) {
if (definitionsMap.containsKey(el)) {
return definitionsMap.get(el);
}
}
- WSDLReader reader = factory.newWSDLReader();
+ final WSDLReader reader = factory.newWSDLReader();
reader.setFeature("javax.wsdl.verbose", false);
reader.setExtensionRegistry(registry);
- Definition def = reader.readWSDL("", el);
+
+ final Definition def;
+
+ // This is needed to avoid security exceptions when running with a security manager
+ if (System.getSecurityManager() == null) {
+ def = reader.readWSDL("", el);
+ } else {
+ try {
+ def = AccessController.doPrivileged(
+ (PrivilegedExceptionAction<Definition>) () -> reader.readWSDL("", el));
+ } catch (PrivilegedActionException paex) {
+ throw new WSDLException(WSDLException.PARSER_ERROR, paex.getMessage(), paex);
+ }
+ }
+
synchronized (definitionsMap) {
definitionsMap.put(el, def);
}
@@ -191,7 +218,7 @@ public class WSDLManagerImpl implements WSDLManager {
}
protected Definition loadDefinition(String url) throws WSDLException {
- WSDLReader reader = factory.newWSDLReader();
+ final WSDLReader reader = factory.newWSDLReader();
reader.setFeature("javax.wsdl.verbose", false);
reader.setFeature("javax.wsdl.importDocuments", true);
reader.setExtensionRegistry(registry);
@@ -203,13 +230,13 @@ public class WSDLManagerImpl implements WSDLManager {
//from the definition. With this, the String the definition holds onto would be unique
url = new String(url);
CatalogWSDLLocator catLocator = new CatalogWSDLLocator(url, bus);
- ResourceManagerWSDLLocator wsdlLocator = new ResourceManagerWSDLLocator(url,
+ final ResourceManagerWSDLLocator wsdlLocator = new ResourceManagerWSDLLocator(url,
catLocator,
bus);
InputSource src = wsdlLocator.getBaseInputSource();
Definition def = null;
if (src.getByteStream() != null || src.getCharacterStream() != null) {
- Document doc;
+ final Document doc;
XMLStreamReader xmlReader = null;
try {
xmlReader = StaxUtils.createXMLStreamReader(src);
@@ -233,9 +260,29 @@ public class WSDLManagerImpl implements WSDLManager {
throw new WSDLException(WSDLException.PARSER_ERROR, ex.getMessage(), ex);
}
}
- def = reader.readWSDL(wsdlLocator, doc.getDocumentElement());
+
+ // This is needed to avoid security exceptions when running with a security manager
+ if (System.getSecurityManager() == null) {
+ def = reader.readWSDL(wsdlLocator, doc.getDocumentElement());
+ } else {
+ try {
+ def = AccessController.doPrivileged((PrivilegedExceptionAction<Definition>) () ->
+ reader.readWSDL(wsdlLocator, doc.getDocumentElement()));
+ } catch (PrivilegedActionException paex) {
+ throw new WSDLException(WSDLException.PARSER_ERROR, paex.getMessage(), paex);
+ }
+ }
} else {
- def = reader.readWSDL(wsdlLocator);
+ if (System.getSecurityManager() == null) {
+ def = reader.readWSDL(wsdlLocator);
+ } else {
+ try {
+ def = AccessController.doPrivileged((PrivilegedExceptionAction<Definition>) () ->
+ reader.readWSDL(wsdlLocator));
+ } catch (PrivilegedActionException paex) {
+ throw new WSDLException(WSDLException.PARSER_ERROR, paex.getMessage(), paex);
+ }
+ }
}
return def;