axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rich Scheuerle (JIRA)" <>
Subject [jira] Created: (AXIS2-4390) JAXWS: Java2Security Violation Fixes
Date Wed, 17 Jun 2009 16:10:07 GMT
JAXWS: Java2Security Violation Fixes

                 Key: AXIS2-4390
             Project: Axis 2.0 (Axis2)
          Issue Type: Bug
            Reporter: Rich Scheuerle
            Assignee: Rich Scheuerle

Two Java2Security violations were detected during IBM testing.

The first violation occurs in org/apache/axis2/jaxws/description/impl/DescriptionUtils.openHandlerConfig
The non-priv code causes the handler configuration access to fail.  This can cause user applications
to fail.

The second violation occurs in the JAX-WS JavaBeanDispatcher while getting the Context ClassLoader.

   I am correcting the code to add the appropriate ammount of doPriv stanzas.

Kudos to Paul Mariduena for his cooperation on the design and testing of these fixes.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

View raw message