cxf git commit: [CXF-7467] WSDLManagerImpl requires privileged actions in order to work under a security manager, patch from iweiss applied, This closes #303

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

cxf git commit: [CXF-7467] WSDLManagerImpl requires privileged actions in order to work under a security manager, patch from iweiss applied, This closes #303

sergeyb
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes dbe1d6f39 -> e4899b534


[CXF-7467] WSDLManagerImpl requires privileged actions in order to work under a security manager, patch from iweiss applied, This closes #303


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/e4899b53
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/e4899b53
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/e4899b53

Branch: refs/heads/3.1.x-fixes
Commit: e4899b534040332c9d0f9b8a884c303c6fb1fccc
Parents: dbe1d6f
Author: Sergey Beryozkin <[hidden email]>
Authored: Fri Aug 11 16:09:37 2017 +0100
Committer: Sergey Beryozkin <[hidden email]>
Committed: Fri Aug 11 16:09:37 2017 +0100

----------------------------------------------------------------------
 .../org/apache/cxf/wsdl11/WSDLManagerImpl.java  | 87 +++++++++++++++++---
 1 file changed, 75 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/e4899b53/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java
----------------------------------------------------------------------
diff --git a/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java b/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java
index 75e3ff7..94c0ec8 100644
--- a/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java
+++ b/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java
@@ -19,6 +19,9 @@
 
 package org.apache.cxf.wsdl11;
 
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -81,7 +84,21 @@ public class WSDLManagerImpl implements WSDLManager {
     }
     private WSDLManagerImpl(Bus b) throws BusException {
         try {
-            factory = WSDLFactory.newInstance();
+            // This is needed to avoid security exceptions when running with a security manager
+            if (System.getSecurityManager() == null) {
+                factory = WSDLFactory.newInstance();
+            } else {
+                try {
+                    factory = AccessController.doPrivileged(new PrivilegedExceptionAction<WSDLFactory>() {
+                        @Override
+                        public WSDLFactory run() throws Exception {
+                            return WSDLFactory.newInstance();
+                        }
+                    });
+                } catch (PrivilegedActionException paex) {
+                    throw new BusException(paex);
+                }
+            }
             registry = factory.newPopulatedExtensionRegistry();
             registry.registerSerializer(Types.class,
                                         WSDLConstants.QNAME_SCHEMA,
@@ -167,16 +184,34 @@ public class WSDLManagerImpl implements WSDLManager {
         return def;
     }
 
-    public Definition getDefinition(Element el) throws WSDLException {
+    public Definition getDefinition(final Element el) throws WSDLException {
         synchronized (definitionsMap) {
             if (definitionsMap.containsKey(el)) {
                 return definitionsMap.get(el);
             }
         }
-        WSDLReader reader = factory.newWSDLReader();
+        final WSDLReader reader = factory.newWSDLReader();
         reader.setFeature("javax.wsdl.verbose", false);
         reader.setExtensionRegistry(registry);      
-        Definition def = reader.readWSDL("", el);
+
+        final Definition def;
+
+        // This is needed to avoid security exceptions when running with a security manager
+        if (System.getSecurityManager() == null) {
+            def = reader.readWSDL("", el);
+        } else {
+            try {
+                def = AccessController.doPrivileged(new PrivilegedExceptionAction<Definition>() {
+                    @Override
+                    public Definition run() throws Exception {
+                        return reader.readWSDL("", el);
+                    }
+                });
+            } catch (PrivilegedActionException paex) {
+                throw new WSDLException(WSDLException.PARSER_ERROR, paex.getMessage(), paex);
+            }
+        }
+
         synchronized (definitionsMap) {
             definitionsMap.put(el, def);
         }
@@ -191,11 +226,11 @@ public class WSDLManagerImpl implements WSDLManager {
     }
 
     protected Definition loadDefinition(String url) throws WSDLException {
-        WSDLReader reader = factory.newWSDLReader();
+        final WSDLReader reader = factory.newWSDLReader();
         reader.setFeature("javax.wsdl.verbose", false);
         reader.setFeature("javax.wsdl.importDocuments", true);
         reader.setExtensionRegistry(registry);
-        
+
         //we'll create a new String here to make sure the passed in key is not referenced in the loading of
         //the wsdl and thus would be held onto from the cached map from both the weak reference (key) and
         //from the strong reference (Definition).  For example, the Definition sometimes keeps the original
@@ -203,13 +238,13 @@ public class WSDLManagerImpl implements WSDLManager {
         //from the definition.  With this, the String the definition holds onto would be unique
         url = new String(url);
         CatalogWSDLLocator catLocator = new CatalogWSDLLocator(url, bus);
-        ResourceManagerWSDLLocator wsdlLocator = new ResourceManagerWSDLLocator(url,
+        final ResourceManagerWSDLLocator wsdlLocator = new ResourceManagerWSDLLocator(url,
                                                                                 catLocator,
                                                                                 bus);
         InputSource src = wsdlLocator.getBaseInputSource();
         Definition def = null;
         if (src.getByteStream() != null || src.getCharacterStream() != null) {
-            Document doc;
+            final Document doc;
             XMLStreamReader xmlReader = null;
             try {
                 xmlReader = StaxUtils.createXMLStreamReader(src);
@@ -233,14 +268,42 @@ public class WSDLManagerImpl implements WSDLManager {
                     throw new WSDLException(WSDLException.PARSER_ERROR, ex.getMessage(), ex);
                 }
             }
-            def = reader.readWSDL(wsdlLocator, doc.getDocumentElement());
+
+            // This is needed to avoid security exceptions when running with a security manager
+            if (System.getSecurityManager() == null) {
+                def = reader.readWSDL(wsdlLocator, doc.getDocumentElement());
+            } else {
+                try {
+                    def = AccessController.doPrivileged(new PrivilegedExceptionAction<Definition>() {
+                        @Override
+                        public Definition run() throws Exception {
+                            return reader.readWSDL(wsdlLocator, doc.getDocumentElement());
+                        }
+                    });
+                } catch (PrivilegedActionException paex) {
+                    throw new WSDLException(WSDLException.PARSER_ERROR, paex.getMessage(), paex);
+                }
+            }
         } else {
-            def = reader.readWSDL(wsdlLocator);
+            if (System.getSecurityManager() == null) {
+                def = reader.readWSDL(wsdlLocator);
+            } else {
+                try {
+                    def = AccessController.doPrivileged(new PrivilegedExceptionAction<Definition>() {
+                        @Override
+                        public Definition run() throws Exception {
+                            return reader.readWSDL(wsdlLocator);
+                        }
+                    });
+                } catch (PrivilegedActionException paex) {
+                    throw new WSDLException(WSDLException.PARSER_ERROR, paex.getMessage(), paex);
+                }
+            }
         }
-        
+
         return def;
     }
-    
+
     public void setXMLStreamReaderWrapper(XMLStreamReaderWrapper wrapper) {
         this.xmlStreamReaderWrapper = wrapper;
     }

Loading...