cxf git commit: [CXF-7467] WSDLManagerImpl requires privileged actions in order to work under a security manager, patch from iweiss applied, This closes #304

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

cxf git commit: [CXF-7467] WSDLManagerImpl requires privileged actions in order to work under a security manager, patch from iweiss applied, This closes #304

sergeyb
Repository: cxf
Updated Branches:
  refs/heads/master 39e6c2a44 -> 12e0f151d


[CXF-7467] WSDLManagerImpl requires privileged actions in order to work under a security manager, patch from iweiss applied, This closes #304


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/12e0f151
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/12e0f151
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/12e0f151

Branch: refs/heads/master
Commit: 12e0f151dc739ce927548875010a380ce5852ea3
Parents: 39e6c2a
Author: Sergey Beryozkin <[hidden email]>
Authored: Fri Aug 11 12:49:06 2017 +0100
Committer: Sergey Beryozkin <[hidden email]>
Committed: Fri Aug 11 12:49:06 2017 +0100

----------------------------------------------------------------------
 .../org/apache/cxf/wsdl11/WSDLManagerImpl.java  | 65 +++++++++++++++++---
 1 file changed, 56 insertions(+), 9 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cxf/blob/12e0f151/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java
----------------------------------------------------------------------
diff --git a/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java b/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java
index 6df69ce..bb57d4e 100644
--- a/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java
+++ b/rt/wsdl/src/main/java/org/apache/cxf/wsdl11/WSDLManagerImpl.java
@@ -19,6 +19,9 @@
 
 package org.apache.cxf.wsdl11;
 
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
@@ -81,7 +84,17 @@ public class WSDLManagerImpl implements WSDLManager {
     }
     private WSDLManagerImpl(Bus b) throws BusException {
         try {
-            factory = WSDLFactory.newInstance();
+            // This is needed to avoid security exceptions when running with a security manager
+            if (System.getSecurityManager() == null) {
+                factory = WSDLFactory.newInstance();
+            } else {
+                try {
+                    factory = AccessController.doPrivileged(
+                            (PrivilegedExceptionAction<WSDLFactory>) WSDLFactory::newInstance);
+                } catch (PrivilegedActionException paex) {
+                    throw new BusException(paex);
+                }
+            }
             registry = factory.newPopulatedExtensionRegistry();
             registry.registerSerializer(Types.class,
                                         WSDLConstants.QNAME_SCHEMA,
@@ -167,16 +180,30 @@ public class WSDLManagerImpl implements WSDLManager {
         return def;
     }
 
-    public Definition getDefinition(Element el) throws WSDLException {
+    public Definition getDefinition(final Element el) throws WSDLException {
         synchronized (definitionsMap) {
             if (definitionsMap.containsKey(el)) {
                 return definitionsMap.get(el);
             }
         }
-        WSDLReader reader = factory.newWSDLReader();
+        final WSDLReader reader = factory.newWSDLReader();
         reader.setFeature("javax.wsdl.verbose", false);
         reader.setExtensionRegistry(registry);
-        Definition def = reader.readWSDL("", el);
+
+        final Definition def;
+
+        // This is needed to avoid security exceptions when running with a security manager
+        if (System.getSecurityManager() == null) {
+            def = reader.readWSDL("", el);
+        } else {
+            try {
+                def = AccessController.doPrivileged(
+                        (PrivilegedExceptionAction<Definition>) () -> reader.readWSDL("", el));
+            } catch (PrivilegedActionException paex) {
+                throw new WSDLException(WSDLException.PARSER_ERROR, paex.getMessage(), paex);
+            }
+        }
+
         synchronized (definitionsMap) {
             definitionsMap.put(el, def);
         }
@@ -191,7 +218,7 @@ public class WSDLManagerImpl implements WSDLManager {
     }
 
     protected Definition loadDefinition(String url) throws WSDLException {
-        WSDLReader reader = factory.newWSDLReader();
+        final WSDLReader reader = factory.newWSDLReader();
         reader.setFeature("javax.wsdl.verbose", false);
         reader.setFeature("javax.wsdl.importDocuments", true);
         reader.setExtensionRegistry(registry);
@@ -203,13 +230,13 @@ public class WSDLManagerImpl implements WSDLManager {
         //from the definition.  With this, the String the definition holds onto would be unique
         url = new String(url);
         CatalogWSDLLocator catLocator = new CatalogWSDLLocator(url, bus);
-        ResourceManagerWSDLLocator wsdlLocator = new ResourceManagerWSDLLocator(url,
+        final ResourceManagerWSDLLocator wsdlLocator = new ResourceManagerWSDLLocator(url,
                                                                                 catLocator,
                                                                                 bus);
         InputSource src = wsdlLocator.getBaseInputSource();
         Definition def = null;
         if (src.getByteStream() != null || src.getCharacterStream() != null) {
-            Document doc;
+            final Document doc;
             XMLStreamReader xmlReader = null;
             try {
                 xmlReader = StaxUtils.createXMLStreamReader(src);
@@ -233,9 +260,29 @@ public class WSDLManagerImpl implements WSDLManager {
                     throw new WSDLException(WSDLException.PARSER_ERROR, ex.getMessage(), ex);
                 }
             }
-            def = reader.readWSDL(wsdlLocator, doc.getDocumentElement());
+
+            // This is needed to avoid security exceptions when running with a security manager
+            if (System.getSecurityManager() == null) {
+                def = reader.readWSDL(wsdlLocator, doc.getDocumentElement());
+            } else {
+                try {
+                    def = AccessController.doPrivileged((PrivilegedExceptionAction<Definition>) () ->
+                                    reader.readWSDL(wsdlLocator, doc.getDocumentElement()));
+                } catch (PrivilegedActionException paex) {
+                    throw new WSDLException(WSDLException.PARSER_ERROR, paex.getMessage(), paex);
+                }
+            }
         } else {
-            def = reader.readWSDL(wsdlLocator);
+            if (System.getSecurityManager() == null) {
+                def = reader.readWSDL(wsdlLocator);
+            } else {
+                try {
+                    def = AccessController.doPrivileged((PrivilegedExceptionAction<Definition>) () ->
+                                    reader.readWSDL(wsdlLocator));
+                } catch (PrivilegedActionException paex) {
+                    throw new WSDLException(WSDLException.PARSER_ERROR, paex.getMessage(), paex);
+                }
+            }
         }
 
         return def;

Loading...