You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by ni...@apache.org on 2007/03/19 10:36:16 UTC
svn commit: r519885 - in /incubator/cxf/trunk/rt/frontend/jaxws/src:
main/java/org/apache/cxf/jaxws/EndpointImpl.java
test/java/org/apache/cxf/jaxws/EndpointImplTest.java
Author: ningjiang
Date: Mon Mar 19 02:36:15 2007
New Revision: 519885
URL: http://svn.apache.org/viewvc?view=rev&rev=519885
Log:
[CXF-466] Applied jarek's patch for checking WebServicePermission
Modified:
incubator/cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl.java
incubator/cxf/trunk/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/EndpointImplTest.java
Modified: incubator/cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl.java?view=diff&rev=519885&r1=519884&r2=519885
==============================================================================
--- incubator/cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl.java (original)
+++ incubator/cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl.java Mon Mar 19 02:36:15 2007
@@ -20,6 +20,7 @@
package org.apache.cxf.jaxws;
import java.net.URL;
+import java.security.AccessController;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Executor;
@@ -31,9 +32,9 @@
//TODO JAX-WS 2.1
//import javax.xml.ws.EndpointReference;
import javax.xml.ws.WebServiceException;
+import javax.xml.ws.WebServicePermission;
import javax.xml.ws.handler.Handler;
-
import org.apache.cxf.Bus;
import org.apache.cxf.common.injection.ResourceInjector;
import org.apache.cxf.common.logging.LogUtils;
@@ -52,8 +53,19 @@
import org.apache.cxf.service.Service;
public class EndpointImpl extends javax.xml.ws.Endpoint {
+ /*
+ * This property controls whether the 'publishEndpoint' permission is checked
+ * using only the AccessController (i.e. when SecurityManager is not installed).
+ * By default this check is not done as the system property is not set.
+ */
+ public static final String CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY =
+ "org.apache.cxf.jaxws.checkPublishEndpointPermission";
+
private static final Logger LOG = LogUtils.getL7dLogger(EndpointImpl.class);
+ private static final WebServicePermission PUBLISH_PERMISSION =
+ new WebServicePermission("publishEndpoint");
+
protected boolean doInit;
private Bus bus;
@@ -145,8 +157,8 @@
@Override
public void publish(Object arg0) {
- // TODO Auto-generated method stub
-
+ // Since this does not do anything now, just check the permission
+ checkPublishPermission();
}
@Override
@@ -200,6 +212,7 @@
}
protected void doPublish(String address) {
+ checkPublishPermission();
JaxWsServerFactoryBean svrFactory = new JaxWsServerFactoryBean();
svrFactory.setBus(bus);
@@ -270,6 +283,15 @@
getBinding().setHandlerChain(chain);
}
+ protected void checkPublishPermission() {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPermission(PUBLISH_PERMISSION);
+ } else if (Boolean.getBoolean(CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY)) {
+ AccessController.checkPermission(PUBLISH_PERMISSION);
+ }
+ }
+
/*
//TODO JAX-WS 2.1
public EndpointReference getEndpointReference(Element... referenceParameters) {
@@ -283,4 +305,4 @@
throw new UnsupportedOperationException();
}
*/
-}
\ No newline at end of file
+}
Modified: incubator/cxf/trunk/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/EndpointImplTest.java
URL: http://svn.apache.org/viewvc/incubator/cxf/trunk/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/EndpointImplTest.java?view=diff&rev=519885&r1=519884&r2=519885
==============================================================================
--- incubator/cxf/trunk/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/EndpointImplTest.java (original)
+++ incubator/cxf/trunk/rt/frontend/jaxws/src/test/java/org/apache/cxf/jaxws/EndpointImplTest.java Mon Mar 19 02:36:15 2007
@@ -28,6 +28,7 @@
import org.apache.cxf.Bus;
import org.apache.cxf.BusException;
import org.apache.cxf.BusFactory;
+import org.apache.cxf.jaxws.service.Hello;
import org.apache.cxf.jaxws.support.JaxWsServiceFactoryBean;
import org.apache.cxf.message.Message;
import org.apache.cxf.service.invoker.BeanInvoker;
@@ -125,6 +126,25 @@
String expeced = "Method [sayHi] processing error: SOAPBinding can not on method with RPC style";
assertEquals(expeced, e.getMessage());
}
+ }
+
+ @Test
+ public void testPublishEndpointPermission() throws Exception {
+ Hello service = new Hello();
+ EndpointImpl ep = new EndpointImpl(getBus(), service, (String) null);
+
+ System.setProperty(EndpointImpl.CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY, "true");
+
+ try {
+ ep.publish("local://localhost:9090/hello");
+ fail("Did not throw exception as expected");
+ } catch (SecurityException e) {
+ // that's expected
+ } finally {
+ System.setProperty(EndpointImpl.CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY, "false");
+ }
+
+ ep.publish("local://localhost:9090/hello");
}
static class EchoObserver implements MessageObserver {