You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wink.apache.org by ro...@apache.org on 2010/07/28 17:07:46 UTC
svn commit: r980086 - in /incubator/wink/trunk:
wink-client/src/main/java/org/apache/wink/client/
wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/
wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/xml/
Author: rott
Date: Wed Jul 28 15:07:46 2010
New Revision: 980086
URL: http://svn.apache.org/viewvc?rev=980086&view=rev
Log:
java2security support
Modified:
incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/ClientConfig.java
incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/FileProvider.java
incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/xml/AbstractJAXBProvider.java
incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/xml/JAXBXmlProvider.java
Modified: incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/ClientConfig.java
URL: http://svn.apache.org/viewvc/incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/ClientConfig.java?rev=980086&r1=980085&r2=980086&view=diff
==============================================================================
--- incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/ClientConfig.java (original)
+++ incubator/wink/trunk/wink-client/src/main/java/org/apache/wink/client/ClientConfig.java Wed Jul 28 15:07:46 2010
@@ -21,6 +21,9 @@
package org.apache.wink.client;
import java.io.FileNotFoundException;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Collections;
import java.util.LinkedList;
import java.util.List;
@@ -103,22 +106,29 @@ public class ClientConfig implements Clo
}
try {
- final Set<Class<?>> classes =
- new ApplicationFileLoader(loadWinkApplications).getClasses();
-
- applications(new WinkApplication() {
- @Override
- public Set<Class<?>> getClasses() {
- return classes;
- }
-
- @Override
- public double getPriority() {
- return WinkApplication.SYSTEM_PRIORITY;
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+
+ public Object run() throws FileNotFoundException{
+ final Set<Class<?>> classes =
+ new ApplicationFileLoader(loadWinkApplications).getClasses();
+
+ applications(new WinkApplication() {
+ @Override
+ public Set<Class<?>> getClasses() {
+ return classes;
+ }
+
+ @Override
+ public double getPriority() {
+ return WinkApplication.SYSTEM_PRIORITY;
+ }
+ });
+ return null;
}
+
});
- } catch (FileNotFoundException e) {
- throw new ClientConfigException(e);
+ } catch(PrivilegedActionException e) {
+ throw new ClientConfigException(e.getException());
}
}
Modified: incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/FileProvider.java
URL: http://svn.apache.org/viewvc/incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/FileProvider.java?rev=980086&r1=980085&r2=980086&view=diff
==============================================================================
--- incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/FileProvider.java (original)
+++ incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/FileProvider.java Wed Jul 28 15:07:46 2010
@@ -27,6 +27,9 @@ import java.io.InputStream;
import java.io.OutputStream;
import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import javax.ws.rs.Consumes;
import javax.ws.rs.Produces;
@@ -67,27 +70,43 @@ public class FileProvider implements Mes
return File.class.isAssignableFrom(type);
}
- public void writeTo(File t,
+ public void writeTo(final File t,
Class<?> type,
Type genericType,
Annotation[] annotations,
MediaType mediaType,
MultivaluedMap<String, Object> httpHeaders,
- OutputStream entityStream) throws IOException, WebApplicationException {
- if (!t.canRead() || t.isDirectory()) {
- if (logger.isWarnEnabled()) {
- logger.warn(Messages.getMessage("cannotUseFileAsResponse", t.getAbsoluteFile())); //$NON-NLS-1$
- }
- throw new WebApplicationException();
- } else {
- FileInputStream fis = new FileInputStream(t);
- try {
- pipe(fis, entityStream);
- } finally {
- fis.close();
- }
- }
+ final OutputStream entityStream) throws IOException,
+ WebApplicationException {
+ try {
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+
+ public Object run() throws IOException {
+ if (!t.canRead() || t.isDirectory()) {
+ if(logger.isWarnEnabled()) {
+ logger.warn(Messages.getMessage("cannotUseFileAsResponse", //$NON-NLS-1$
+ t.getAbsoluteFile()));
+ }
+ throw new WebApplicationException();
+ } else {
+ FileInputStream fis = new FileInputStream(t);
+ try {
+ pipe(fis, entityStream);
+ } finally {
+ fis.close();
+ }
+ }
+ return null;
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ if (e.getException() instanceof IOException)
+ throw (IOException)e.getException();
+ if (e.getException() instanceof WebApplicationException)
+ throw (WebApplicationException)e.getException();
+ throw new WebApplicationException(e.getException());
+ }
}
/********************** Reader **************************************/
@@ -104,7 +123,7 @@ public class FileProvider implements Mes
Annotation[] annotations,
MediaType mediaType,
MultivaluedMap<String, String> httpHeaders,
- InputStream entityStream) throws IOException, WebApplicationException {
+ final InputStream entityStream) throws IOException, WebApplicationException {
File dir = null;
if (uploadDir != null) {
dir = new File(uploadDir);
@@ -117,15 +136,29 @@ public class FileProvider implements Mes
}
}
- File f = File.createTempFile(prefix, suffix, dir);
-
- FileOutputStream fos = new FileOutputStream(f);
+ final File _dir = dir;
try {
- pipe(entityStream, fos);
- } finally {
- fos.close();
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<File>() {
+
+ public File run() throws Exception {
+ File f = File.createTempFile(prefix, suffix, _dir);
+ FileOutputStream fos = new FileOutputStream(f);
+ try {
+ pipe(entityStream, fos);
+ } finally {
+ fos.close();
+ }
+ return f;
+ }
+
+ });
+ } catch(PrivilegedActionException e) {
+ if (e.getException() instanceof IOException)
+ throw (IOException)e.getException();
+ if (e.getException() instanceof WebApplicationException)
+ throw (WebApplicationException)e.getException();
+ throw new WebApplicationException(e.getException());
}
- return f;
}
/********************** Help methods ************************************/
Modified: incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/xml/AbstractJAXBProvider.java
URL: http://svn.apache.org/viewvc/incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/xml/AbstractJAXBProvider.java?rev=980086&r1=980085&r2=980086&view=diff
==============================================================================
--- incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/xml/AbstractJAXBProvider.java (original)
+++ incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/xml/AbstractJAXBProvider.java Wed Jul 28 15:07:46 2010
@@ -517,34 +517,44 @@ public abstract class AbstractJAXBProvid
return context;
}
- private JAXBContext getDefaultContext(Class<?> type, Type genericType) throws JAXBException {
+ private JAXBContext getDefaultContext(final Class<?> type, final Type genericType) throws JAXBException {
logger.trace("getDefaultContext({}, {}) entry", type, genericType); //$NON-NLS-1$
- JAXBContext context = jaxbDefaultContexts.get(type);
- if (context == null) {
+ try {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<JAXBContext>() {
- // CAUTION: be careful with this. Adding a second or more classes to
- // the JAXBContext has the side
- // effect of putting a namespace prefix and the namespace decl on
- // the subelements of the
- // desired type, thus degrading performance.
-
- if (!isXMLRootElement(type) && !isXMLType(type)) { // use
- // genericType.
- // If that fails,
- // we'll know
- // soon enough
- logger.trace("Using genericType to create context"); //$NON-NLS-1$
- context = JAXBContext.newInstance((Class<?>)genericType);
- } else {
- logger.trace("Using type to create context"); //$NON-NLS-1$
- context = JAXBContext.newInstance(type);
- }
+ public JAXBContext run() throws Exception {
+ JAXBContext context = jaxbDefaultContexts.get(type);
+ if (context == null) {
+
+ // CAUTION: be careful with this. Adding a second or more classes to
+ // the JAXBContext has the side
+ // effect of putting a namespace prefix and the namespace decl on
+ // the subelements of the
+ // desired type, thus degrading performance.
+
+ if (!isXMLRootElement(type) && !isXMLType(type)) { // use
+ // genericType.
+ // If that fails,
+ // we'll know
+ // soon enough
+ logger.trace("Using genericType to create context"); //$NON-NLS-1$
+ context = JAXBContext.newInstance((Class<?>)genericType);
+ } else {
+ logger.trace("Using type to create context"); //$NON-NLS-1$
+ context = JAXBContext.newInstance(type);
+ }
- jaxbDefaultContexts.put(type, context);
+ jaxbDefaultContexts.put(type, context);
+ }
+ logger.trace("getDefaultContext() exit returning", context); //$NON-NLS-1$
+ logger.trace("returning context {}@{}", context.getClass().getName(), System.identityHashCode(context)); //$NON-NLS-1$
+ return context;
+ }
+
+ });
+ } catch(PrivilegedActionException e) {
+ throw (JAXBException)e.getException();
}
- logger.trace("getDefaultContext() exit returning", context); //$NON-NLS-1$
- logger.trace("returning context {}@{}", context.getClass().getName(), System.identityHashCode(context)); //$NON-NLS-1$
- return context;
}
/**
@@ -616,12 +626,16 @@ public abstract class AbstractJAXBProvid
// return null;
// }
// Search for Factory
- StringBuilder b = new StringBuilder(type.getPackage().getName());
+ final StringBuilder b = new StringBuilder(type.getPackage().getName());
b.append(".ObjectFactory"); //$NON-NLS-1$
Class<?> factoryClass = null;
try {
- factoryClass = Thread.currentThread().getContextClassLoader().loadClass(b.toString());
- } catch (ClassNotFoundException e) {
+ factoryClass = AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws ClassNotFoundException {
+ return Thread.currentThread().getContextClassLoader().loadClass(b.toString());
+ }
+ });
+ } catch(PrivilegedActionException e) {
if (logger.isErrorEnabled()) {
logger.error(Messages.getMessage("jaxbObjectFactoryNotFound", type.getName())); //$NON-NLS-1$
}
Modified: incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/xml/JAXBXmlProvider.java
URL: http://svn.apache.org/viewvc/incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/xml/JAXBXmlProvider.java?rev=980086&r1=980085&r2=980086&view=diff
==============================================================================
--- incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/xml/JAXBXmlProvider.java (original)
+++ incubator/wink/trunk/wink-common/src/main/java/org/apache/wink/common/internal/providers/entity/xml/JAXBXmlProvider.java Wed Jul 28 15:07:46 2010
@@ -24,6 +24,9 @@ import java.io.InputStream;
import java.io.OutputStream;
import java.lang.annotation.Annotation;
import java.lang.reflect.Type;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import javax.ws.rs.Consumes;
import javax.ws.rs.Produces;
@@ -63,12 +66,13 @@ public class JAXBXmlProvider extends Abs
return isJAXBObject(type, genericType) && isSupportedMediaType(mediaType);
}
- public Object readFrom(Class<Object> type,
+ public Object readFrom(final Class<Object> type,
Type genericType,
Annotation[] annotations,
MediaType mediaType,
MultivaluedMap<String, String> httpHeaders,
- InputStream entityStream) throws IOException, WebApplicationException {
+ final InputStream entityStream) throws IOException,
+ WebApplicationException {
Unmarshaller unmarshaller = null;
Object unmarshaledResource = null;
XMLStreamReader xmlStreamReader = null;
@@ -94,8 +98,29 @@ public class JAXBXmlProvider extends Abs
unmarshaledResource = ((JAXBElement)unmarshaledResource).getValue();
}
} else {
- unmarshaledResource = unmarshaller.unmarshal(xmlStreamReader, type).getValue();
- closeXMLStreamReader(xmlStreamReader);
+ try {
+ final Unmarshaller _unmarshaller = unmarshaller;
+ final XMLStreamReader _xmlStreamReader = xmlStreamReader;
+ unmarshaledResource =
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() {
+ public Object run() throws PrivilegedActionException {
+ try {
+ Object obj = _unmarshaller.unmarshal(_xmlStreamReader, type).getValue();
+ closeXMLStreamReader(_xmlStreamReader);
+ return obj;
+ } catch (JAXBException e) {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ closeXMLStreamReader(xmlStreamReader);
+ if (logger.isErrorEnabled()) {
+ logger
+ .error(Messages.getMessage("jaxbFailToUnmarshal", type.getName()), e.getException()); //$NON-NLS-1$
+ }
+ throw new WebApplicationException(e.getException(), Response.Status.BAD_REQUEST);
+ }
}
releaseJAXBUnmarshaller(context, unmarshaller);