CXF-7292 additional privileged blocks required when Security Manager is enabled
This closes #248
Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/45a04b3e
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/45a04b3e
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/45a04b3e
Branch: refs/heads/3.1.x-fixes
Commit: 45a04b3ec3281ea04a06e0dfc88502d2f182f4b6
Parents: 1eac82a
Author: Ivo Studensky <istudens@redhat.com>
Authored: Thu Feb 18 14:00:29 2016 +0100
Committer: Daniel Kulp <dkulp@apache.org>
Committed: Fri Mar 24 13:43:12 2017 -0400
----------------------------------------------------------------------
.../apache/cxf/catalog/OASISCatalogManager.java | 38 +++++++++++++++--
.../common/classloader/ClassLoaderUtils.java | 41 +++++++++++++++---
.../org/apache/cxf/common/i18n/BundleUtils.java | 35 +++++++++++++--
.../cxf/common/injection/ResourceInjector.java | 2 +-
.../org/apache/cxf/common/jaxb/JAXBUtils.java | 19 +++++++--
.../org/apache/cxf/common/logging/LogUtils.java | 45 ++++++++++++++++----
.../org/apache/cxf/common/util/ProxyHelper.java | 31 ++++++++++++--
.../java/org/apache/cxf/helpers/DOMUtils.java | 32 ++++++++++++--
.../java/org/apache/cxf/helpers/XPathUtils.java | 18 +++++++-
.../org/apache/cxf/resource/URIResolver.java | 14 ++++--
.../cxf/binding/soap/SOAPBindingUtil.java | 39 ++++++++++++++---
.../handler/AnnotationHandlerChainBuilder.java | 16 ++++++-
.../cxf/frontend/ClientProxyFactoryBean.java | 17 +++++++-
.../cxf/transport/http/CXFAuthenticator.java | 8 ++--
.../http/URLConnectionHTTPConduit.java | 19 ++++++++-
15 files changed, 322 insertions(+), 52 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/core/src/main/java/org/apache/cxf/catalog/OASISCatalogManager.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/catalog/OASISCatalogManager.java b/core/src/main/java/org/apache/cxf/catalog/OASISCatalogManager.java
index 2aa061e..5a6911f 100644
--- a/core/src/main/java/org/apache/cxf/catalog/OASISCatalogManager.java
+++ b/core/src/main/java/org/apache/cxf/catalog/OASISCatalogManager.java
@@ -24,6 +24,10 @@ import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Enumeration;
import java.util.Set;
import java.util.concurrent.CopyOnWriteArraySet;
@@ -133,7 +137,7 @@ public class OASISCatalogManager {
}
public final void loadContextCatalogs(String name) {
try {
- loadCatalogs(Thread.currentThread().getContextClassLoader(), name);
+ loadCatalogs(getContextClassLoader(), name);
} catch (IOException e) {
LOG.log(Level.WARNING, "Error loading " + name + " catalog files", e);
}
@@ -146,12 +150,27 @@ public class OASISCatalogManager {
Enumeration<URL> catalogs = classLoader.getResources(name);
while (catalogs.hasMoreElements()) {
- URL catalogURL = catalogs.nextElement();
+ final URL catalogURL = catalogs.nextElement();
if (catalog == null) {
LOG.log(Level.WARNING, "Catalog found at {0} but no org.apache.xml.resolver.CatalogManager
was found."
+ " Check the classpatch for an xmlresolver jar.", catalogURL.toString());
} else if (!loadedCatalogs.contains(catalogURL.toString())) {
- ((Catalog)catalog).parseCatalog(catalogURL);
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm == null) {
+ ((Catalog)catalog).parseCatalog(catalogURL);
+ } else {
+ try {
+ AccessController.doPrivileged(new PrivilegedExceptionAction<Void>()
{
+ @Override
+ public Void run() throws Exception {
+ ((Catalog)catalog).parseCatalog(catalogURL);
+ return null;
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (IOException) e.getException();
+ }
+ }
loadedCatalogs.add(catalogURL.toString());
}
}
@@ -230,4 +249,17 @@ public class OASISCatalogManager {
return resolver;
}
+ private static ClassLoader getContextClassLoader() {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ @Override
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ return Thread.currentThread().getContextClassLoader();
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/core/src/main/java/org/apache/cxf/common/classloader/ClassLoaderUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/classloader/ClassLoaderUtils.java b/core/src/main/java/org/apache/cxf/common/classloader/ClassLoaderUtils.java
index cbd3f43..cc73cf8 100644
--- a/core/src/main/java/org/apache/cxf/common/classloader/ClassLoaderUtils.java
+++ b/core/src/main/java/org/apache/cxf/common/classloader/ClassLoaderUtils.java
@@ -250,7 +250,7 @@ public final class ClassLoaderUtils {
public static Class<?> loadClass(String className, Class<?> callingClass)
throws ClassNotFoundException {
try {
- ClassLoader cl = Thread.currentThread().getContextClassLoader();
+ ClassLoader cl = getContextClassLoader();
if (cl != null) {
return cl.loadClass(className);
@@ -263,7 +263,7 @@ public final class ClassLoaderUtils {
public static <T> Class<? extends T> loadClass(String className, Class<?>
callingClass, Class<T> type)
throws ClassNotFoundException {
try {
- ClassLoader cl = Thread.currentThread().getContextClassLoader();
+ ClassLoader cl = getContextClassLoader();
if (cl != null) {
return cl.loadClass(className).asSubclass(type);
@@ -279,15 +279,44 @@ public final class ClassLoaderUtils {
return Class.forName(className);
} catch (ClassNotFoundException ex) {
try {
- if (ClassLoaderUtils.class.getClassLoader() != null) {
- return ClassLoaderUtils.class.getClassLoader().loadClass(className);
+ final ClassLoader loader = getClassLoader(ClassLoaderUtils.class);
+ if (loader != null) {
+ return loader.loadClass(className);
}
} catch (ClassNotFoundException exc) {
- if (callingClass != null && callingClass.getClassLoader() != null)
{
- return callingClass.getClassLoader().loadClass(className);
+ if (callingClass != null) {
+ final ClassLoader callingClassLoader = getClassLoader(callingClass);
+ if (callingClassLoader != null) {
+ return callingClassLoader.loadClass(className);
+ }
}
}
throw ex;
}
}
+
+ private static ClassLoader getContextClassLoader() {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ return Thread.currentThread().getContextClassLoader();
+ }
+
+ private static ClassLoader getClassLoader(final Class<?> clazz) {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+ return clazz.getClassLoader();
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/core/src/main/java/org/apache/cxf/common/i18n/BundleUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/i18n/BundleUtils.java b/core/src/main/java/org/apache/cxf/common/i18n/BundleUtils.java
index 5fdd3b4..9945c97 100644
--- a/core/src/main/java/org/apache/cxf/common/i18n/BundleUtils.java
+++ b/core/src/main/java/org/apache/cxf/common/i18n/BundleUtils.java
@@ -19,6 +19,8 @@
package org.apache.cxf.common.i18n;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.text.MessageFormat;
import java.util.Locale;
import java.util.MissingResourceException;
@@ -77,7 +79,7 @@ public final class BundleUtils {
public static ResourceBundle getBundle(Class<?> cls) {
try {
- ClassLoader loader = cls.getClassLoader();
+ ClassLoader loader = getClassLoader(cls);
if (loader == null) {
return ResourceBundle.getBundle(getBundleName(cls), Locale.getDefault());
}
@@ -85,7 +87,7 @@ public final class BundleUtils {
Locale.getDefault(),
loader);
} catch (MissingResourceException ex) {
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = getContextClassLoader();
if (loader == null) {
return ResourceBundle.getBundle(getBundleName(cls), Locale.getDefault());
}
@@ -106,7 +108,7 @@ public final class BundleUtils {
*/
public static ResourceBundle getBundle(Class<?> cls, String name) {
try {
- ClassLoader loader = cls.getClassLoader();
+ ClassLoader loader = getClassLoader(cls);
if (loader == null) {
return ResourceBundle.getBundle(getBundleName(cls, name), Locale.getDefault());
}
@@ -114,7 +116,7 @@ public final class BundleUtils {
Locale.getDefault(),
loader);
} catch (MissingResourceException ex) {
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = getContextClassLoader();
if (loader == null) {
return ResourceBundle.getBundle(getBundleName(cls, name), Locale.getDefault());
}
@@ -136,4 +138,29 @@ public final class BundleUtils {
public static String getFormattedString(ResourceBundle b, String key, Object ... params)
{
return MessageFormat.format(b.getString(key), params);
}
+
+ private static ClassLoader getContextClassLoader() {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ return Thread.currentThread().getContextClassLoader();
+ }
+
+ private static ClassLoader getClassLoader(final Class<?> clazz) {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+ return clazz.getClassLoader();
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/core/src/main/java/org/apache/cxf/common/injection/ResourceInjector.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/injection/ResourceInjector.java b/core/src/main/java/org/apache/cxf/common/injection/ResourceInjector.java
index 2e6eb3b..56734ef 100644
--- a/core/src/main/java/org/apache/cxf/common/injection/ResourceInjector.java
+++ b/core/src/main/java/org/apache/cxf/common/injection/ResourceInjector.java
@@ -79,7 +79,7 @@ public class ResourceInjector extends AbstractAnnotationVisitor {
return null;
}
try {
- return cls.getDeclaredField(name);
+ return ReflectionUtil.getDeclaredField(cls, name);
} catch (Exception ex) {
return getField(cls.getSuperclass(), name);
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/core/src/main/java/org/apache/cxf/common/jaxb/JAXBUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/jaxb/JAXBUtils.java b/core/src/main/java/org/apache/cxf/common/jaxb/JAXBUtils.java
index be86175..46d0db0 100644
--- a/core/src/main/java/org/apache/cxf/common/jaxb/JAXBUtils.java
+++ b/core/src/main/java/org/apache/cxf/common/jaxb/JAXBUtils.java
@@ -38,6 +38,8 @@ import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLClassLoader;
import java.nio.charset.StandardCharsets;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
@@ -875,7 +877,7 @@ public final class JAXBUtils {
Package pkg = jcls.getPackage();
packages.put(pkgName, jcls.getResourceAsStream("jaxb.index"));
- packageLoaders.put(pkgName, jcls.getClassLoader());
+ packageLoaders.put(pkgName, getClassLoader(jcls));
String objectFactoryClassName = pkgName + "." + "ObjectFactory";
Class<?> ofactory = null;
CachedClass cachedFactory = null;
@@ -889,8 +891,7 @@ public final class JAXBUtils {
}
if (ofactory == null) {
try {
- ofactory = Class.forName(objectFactoryClassName, false, jcls
- .getClassLoader());
+ ofactory = Class.forName(objectFactoryClassName, false, getClassLoader(jcls));
objectFactories.add(ofactory);
addToObjectFactoryCache(pkg, ofactory, objectFactoryCache);
} catch (ClassNotFoundException e) {
@@ -945,6 +946,18 @@ public final class JAXBUtils {
classes.addAll(objectFactories);
}
+ private static ClassLoader getClassLoader(final Class<?> clazz) {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ @Override
+ public ClassLoader run() {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+ return clazz.getClassLoader();
+ }
private static void addToObjectFactoryCache(Package objectFactoryPkg,
Class<?> ofactory,
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/core/src/main/java/org/apache/cxf/common/logging/LogUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/logging/LogUtils.java b/core/src/main/java/org/apache/cxf/common/logging/LogUtils.java
index 83faf0f..54e05ad 100644
--- a/core/src/main/java/org/apache/cxf/common/logging/LogUtils.java
+++ b/core/src/main/java/org/apache/cxf/common/logging/LogUtils.java
@@ -229,8 +229,8 @@ public final class LogUtils {
protected static Logger createLogger(Class<?> cls,
String name,
String loggerName) {
- ClassLoader orig = Thread.currentThread().getContextClassLoader();
- ClassLoader n = cls.getClassLoader();
+ ClassLoader orig = getContextClassLoader();
+ ClassLoader n = getClassLoader(cls);
if (n != null) {
setContextClassLoader(n);
}
@@ -307,12 +307,41 @@ public final class LogUtils {
}
private static void setContextClassLoader(final ClassLoader classLoader) {
- AccessController.doPrivileged(new PrivilegedAction<Object>() {
- public Object run() {
- Thread.currentThread().setContextClassLoader(classLoader);
- return null;
- }
- });
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ AccessController.doPrivileged(new PrivilegedAction<Object>() {
+ public Object run() {
+ Thread.currentThread().setContextClassLoader(classLoader);
+ return null;
+ }
+ });
+ } else {
+ Thread.currentThread().setContextClassLoader(classLoader);
+ }
+ }
+
+ private static ClassLoader getContextClassLoader() {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ return Thread.currentThread().getContextClassLoader();
+ }
+
+ private static ClassLoader getClassLoader(final Class<?> clazz) {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+ return clazz.getClassLoader();
}
/**
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/core/src/main/java/org/apache/cxf/common/util/ProxyHelper.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/common/util/ProxyHelper.java b/core/src/main/java/org/apache/cxf/common/util/ProxyHelper.java
index 413098c..3b69faa 100644
--- a/core/src/main/java/org/apache/cxf/common/util/ProxyHelper.java
+++ b/core/src/main/java/org/apache/cxf/common/util/ProxyHelper.java
@@ -22,6 +22,8 @@ package org.apache.cxf.common.util;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
/**
*
@@ -55,17 +57,40 @@ public class ProxyHelper {
* @param interfaces
* @return classloader that sees all interfaces
*/
- private ClassLoader getClassLoaderForInterfaces(ClassLoader loader, Class<?>[]
interfaces) {
+ private ClassLoader getClassLoaderForInterfaces(final ClassLoader loader, final Class<?>[]
interfaces) {
if (canSeeAllInterfaces(loader, interfaces)) {
return loader;
}
- ProxyClassLoader combined = new ProxyClassLoader(loader, interfaces);
+ ProxyClassLoader combined;
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm == null) {
+ combined = new ProxyClassLoader(loader, interfaces);
+ } else {
+ combined = AccessController.doPrivileged(new PrivilegedAction<ProxyClassLoader>()
{
+ @Override
+ public ProxyClassLoader run() {
+ return new ProxyClassLoader(loader, interfaces);
+ }
+ });
+ }
for (Class<?> currentInterface : interfaces) {
- combined.addLoader(currentInterface.getClassLoader());
+ combined.addLoader(getClassLoader(currentInterface));
}
return combined;
}
+ private static ClassLoader getClassLoader(final Class<?> clazz) {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+ return clazz.getClassLoader();
+ }
+
private boolean canSeeAllInterfaces(ClassLoader loader, Class<?>[] interfaces)
{
for (Class<?> currentInterface : interfaces) {
String ifName = currentInterface.getName();
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java b/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
index 66c70a2..43a4d69 100644
--- a/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
+++ b/core/src/main/java/org/apache/cxf/helpers/DOMUtils.java
@@ -21,6 +21,8 @@ package org.apache.cxf.helpers;
import java.io.IOException;
import java.io.StringReader;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.LinkedHashSet;
@@ -62,9 +64,9 @@ public final class DOMUtils {
}
private static DocumentBuilder getDocumentBuilder() throws ParserConfigurationException
{
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = getContextClassLoader();
if (loader == null) {
- loader = DOMUtils.class.getClassLoader();
+ loader = getClassLoader(DOMUtils.class);
}
if (loader == null) {
return DocumentBuilderFactory.newInstance().newDocumentBuilder();
@@ -78,7 +80,31 @@ public final class DOMUtils {
}
return factory;
}
-
+
+ private static ClassLoader getContextClassLoader() {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ return Thread.currentThread().getContextClassLoader();
+ }
+
+ private static ClassLoader getClassLoader(final Class<?> clazz) {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+ return clazz.getClassLoader();
+ }
+
/**
* Creates a new Document object
* @throws ParserConfigurationException
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/core/src/main/java/org/apache/cxf/helpers/XPathUtils.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/helpers/XPathUtils.java b/core/src/main/java/org/apache/cxf/helpers/XPathUtils.java
index cb67d4a..ec3e06c 100644
--- a/core/src/main/java/org/apache/cxf/helpers/XPathUtils.java
+++ b/core/src/main/java/org/apache/cxf/helpers/XPathUtils.java
@@ -19,6 +19,8 @@
package org.apache.cxf.helpers;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Map;
import javax.xml.namespace.NamespaceContext;
@@ -58,8 +60,8 @@ public class XPathUtils {
}
public Object getValue(String xpathExpression, Node node, QName type) {
- ClassLoaderHolder loader
- = ClassLoaderUtils.setThreadContextClassloader(xpath.getClass().getClassLoader());
+ ClassLoaderHolder loader
+ = ClassLoaderUtils.setThreadContextClassloader(getClassLoader(xpath.getClass()));
try {
return xpath.evaluate(xpathExpression, node, type);
} catch (Exception e) {
@@ -84,4 +86,16 @@ public class XPathUtils {
return getValue(xpathExpression, node, type) != null;
}
+ private static ClassLoader getClassLoader(final Class<?> clazz) {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+ return clazz.getClassLoader();
+ }
+
}
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/core/src/main/java/org/apache/cxf/resource/URIResolver.java
----------------------------------------------------------------------
diff --git a/core/src/main/java/org/apache/cxf/resource/URIResolver.java b/core/src/main/java/org/apache/cxf/resource/URIResolver.java
index ed42fd1..43c7272 100644
--- a/core/src/main/java/org/apache/cxf/resource/URIResolver.java
+++ b/core/src/main/java/org/apache/cxf/resource/URIResolver.java
@@ -30,6 +30,8 @@ import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
import java.net.URLDecoder;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
@@ -132,10 +134,14 @@ public class URIResolver {
// It is possible that spaces have been encoded. We should decode them first.
uriStr = uriStr.replaceAll("%20", " ");
- File uriFile = new File(uriStr);
-
-
- uriFile = new File(uriFile.getAbsolutePath());
+ final File uriFileTemp = new File(uriStr);
+
+ File uriFile = new File(AccessController.doPrivileged(new PrivilegedAction<String>()
{
+ @Override
+ public String run() {
+ return uriFileTemp.getAbsolutePath();
+ }
+ }));
if (!SecurityActions.fileExists(uriFile, CXFPermissions.RESOLVE_URI)) {
try {
URI urif = new URI(URLDecoder.decode(orig, "ASCII"));
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/SOAPBindingUtil.java
----------------------------------------------------------------------
diff --git a/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/SOAPBindingUtil.java
b/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/SOAPBindingUtil.java
index 23327e8..f537574 100644
--- a/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/SOAPBindingUtil.java
+++ b/rt/bindings/soap/src/main/java/org/apache/cxf/binding/soap/SOAPBindingUtil.java
@@ -21,6 +21,8 @@ package org.apache.cxf.binding.soap;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Proxy;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -87,14 +89,15 @@ public final class SOAPBindingUtil {
*/
Object proxy = null;
try {
- proxy = Proxy.newProxyInstance(Thread.currentThread().getContextClassLoader(),
+ proxy = Proxy.newProxyInstance(getContextClassLoader(),
new Class[] {cls}, ih);
} catch (Throwable ex) {
- // Using cls classloader as a fallback to make it work within OSGi
- ClassLoader contextLoader = Thread.currentThread().getContextClassLoader();
- if (contextLoader != cls.getClassLoader()) {
- proxy = Proxy.newProxyInstance(cls.getClassLoader(),
- new Class[] {cls}, ih);
+ // Using cls classloader as a fallback to make it work within OSGi
+ ClassLoader contextLoader = getContextClassLoader();
+ final ClassLoader clsClassLoader = getClassLoader(cls);
+ if (contextLoader != clsClassLoader) {
+ proxy = Proxy.newProxyInstance(clsClassLoader,
+ new Class[] {cls}, ih);
} else {
if (ex instanceof RuntimeException) {
throw (RuntimeException)ex;
@@ -105,6 +108,30 @@ public final class SOAPBindingUtil {
return cls.cast(proxy);
}
+ private static ClassLoader getContextClassLoader() {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ return Thread.currentThread().getContextClassLoader();
+ }
+
+ private static ClassLoader getClassLoader(final Class<?> clazz) {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+ return clazz.getClassLoader();
+ }
+
public static boolean isSOAPBinding(Binding binding) {
for (Object obj : binding.getExtensibilityElements()) {
if (isSOAPBinding(obj)) {
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java
----------------------------------------------------------------------
diff --git a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java
b/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java
index b72a721..879ffd3 100644
--- a/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java
+++ b/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/handler/AnnotationHandlerChainBuilder.java
@@ -20,6 +20,8 @@
package org.apache.cxf.jaxws.handler;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.List;
import java.util.ResourceBundle;
@@ -74,7 +76,7 @@ public class AnnotationHandlerChainBuilder extends HandlerChainBuilder {
public List<Handler> buildHandlerChainFromClass(Class<?> clz, List<Handler>
existingHandlers,
QName portQName, QName serviceQName,
String bindingID) {
LOG.fine("building handler chain");
- classLoader = clz.getClassLoader();
+ classLoader = getClassLoader(clz);
HandlerChainAnnotation hcAnn = findHandlerChainAnnotation(clz, true);
List<Handler> chain = null;
if (hcAnn == null) {
@@ -139,6 +141,18 @@ public class AnnotationHandlerChainBuilder extends HandlerChainBuilder
{
return sortHandlers(chain);
}
+ private static ClassLoader getClassLoader(final Class<?> clazz) {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+ return clazz.getClassLoader();
+ }
+
private void processHandlerChainElement(Element el, List<Handler> chain,
QName portQName, QName serviceQName, String bindingID)
{
Node node = el.getFirstChild();
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ClientProxyFactoryBean.java
----------------------------------------------------------------------
diff --git a/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ClientProxyFactoryBean.java
b/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ClientProxyFactoryBean.java
index 7564407..8fde6b0 100644
--- a/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ClientProxyFactoryBean.java
+++ b/rt/frontend/simple/src/main/java/org/apache/cxf/frontend/ClientProxyFactoryBean.java
@@ -19,6 +19,8 @@
package org.apache.cxf.frontend;
import java.io.Closeable;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
@@ -171,8 +173,7 @@ public class ClientProxyFactoryBean extends AbstractBasicInterceptorProvider
{
ClientProxy handler = clientClientProxy(c);
Class<?> classes[] = getImplementingClasses();
-
- Object obj = ProxyHelper.getProxy(clientFactoryBean.getServiceClass().getClassLoader(),
+ Object obj = ProxyHelper.getProxy(getClassLoader(clientFactoryBean.getServiceClass()),
classes,
handler);
@@ -186,6 +187,18 @@ public class ClientProxyFactoryBean extends AbstractBasicInterceptorProvider
{
}
}
+ private static ClassLoader getClassLoader(final Class<?> clazz) {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run() {
+ return clazz.getClassLoader();
+ }
+ });
+ }
+ return clazz.getClassLoader();
+ }
+
protected Class<?>[] getImplementingClasses() {
Class<?> cls = clientFactoryBean.getServiceClass();
return new Class[] {cls, Closeable.class, Client.class};
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java
index 7a29374..14f532b 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/CXFAuthenticator.java
@@ -50,7 +50,7 @@ public class CXFAuthenticator extends Authenticator {
if (instance == null) {
instance = new CXFAuthenticator();
Authenticator wrapped = null;
- for (final Field f : Authenticator.class.getDeclaredFields()) {
+ for (final Field f : ReflectionUtil.getDeclaredFields(Authenticator.class)) {
if (f.getType().equals(Authenticator.class)) {
ReflectionUtil.setAccessible(f);
try {
@@ -74,9 +74,7 @@ public class CXFAuthenticator extends Authenticator {
return new URLClassLoader(new URL[0], ClassLoader.getSystemClassLoader());
}
}, null);
-
-
- Method m = ClassLoader.class.getDeclaredMethod("defineClass", String.class,
+ Method m = ReflectionUtil.getDeclaredMethod(ClassLoader.class, "defineClass",
String.class,
byte[].class, Integer.TYPE,
Integer.TYPE);
InputStream ins = ReferencingAuthenticator.class
@@ -102,7 +100,7 @@ public class CXFAuthenticator extends Authenticator {
}
try {
//clear the acc field that can hold onto the webapp classloader
- Field f = loader.getClass().getDeclaredField("acc");
+ Field f = ReflectionUtil.getDeclaredField(loader.getClass(), "acc");
ReflectionUtil.setAccessible(f).set(loader, null);
} catch (Throwable t) {
//ignore
http://git-wip-us.apache.org/repos/asf/cxf/blob/45a04b3e/rt/transports/http/src/main/java/org/apache/cxf/transport/http/URLConnectionHTTPConduit.java
----------------------------------------------------------------------
diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/URLConnectionHTTPConduit.java
b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/URLConnectionHTTPConduit.java
index a429ddf..00fb97b 100644
--- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/URLConnectionHTTPConduit.java
+++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/URLConnectionHTTPConduit.java
@@ -30,6 +30,9 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLConnection;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.logging.Level;
import javax.net.ssl.HttpsURLConnection;
@@ -254,7 +257,21 @@ public class URLConnectionHTTPConduit extends HTTPConduit {
OutputStream cout = null;
try {
try {
- cout = connection.getOutputStream();
+// cout = connection.getOutputStream();
+ if (System.getSecurityManager() != null) {
+ try {
+ cout = AccessController.doPrivileged(new PrivilegedExceptionAction<OutputStream>()
{
+ @Override
+ public OutputStream run() throws IOException {
+ return connection.getOutputStream();
+ }
+ });
+ } catch (PrivilegedActionException e) {
+ throw (IOException) e.getException();
+ }
+ } else {
+ cout = connection.getOutputStream();
+ }
} catch (ProtocolException pe) {
Boolean b = (Boolean)outMessage.get(HTTPURL_CONNECTION_METHOD_REFLECTION);
cout = connectAndGetOutputStream(b);
|