cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Kulp <dk...@apache.org>
Subject Re: svn commit: r1240006 - /cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl.java
Date Fri, 03 Feb 2012 14:54:56 GMT

Freeman,

If there is a security manager in place with permissions required, 
particularly around system properties, this commit can now likely cause a 
different SecurityException.   Can you update the code to use the:

org.apache.cxf.common.util.SystemPropertyAction

stuff to get the system property to trap that potential issue?


Thanks!
Dan



On Friday, February 03, 2012 6:37:47 AM ffang@apache.org wrote:
> Author: ffang
> Date: Fri Feb  3 06:37:47 2012
> New Revision: 1240006
> 
> URL: http://svn.apache.org/viewvc?rev=1240006&view=rev
> Log:
> [CXF-4085]introduce
> org.apache.cxf.jaxws.checkPublishEndpointPermissionWithSecurityManager for
> EndpointImpl so that get chance to bypass SecurityManager Check in some
> cases
> 
> Modified:
>    
> cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl
> .java
> 
> Modified:
> cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl
> .java URL:
> http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxws/src/main/java/org/
> apache/cxf/jaxws/EndpointImpl.java?rev=1240006&r1=1240005&r2=1240006&view=di
> ff
> ===========================================================================
> === ---
> cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl
> .java (original) +++
> cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl
> .java Fri Feb  3 06:37:47 2012 @@ -79,6 +79,9 @@ public class EndpointImpl
> extends javax.
>      public static final String CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY =
>          "org.apache.cxf.jaxws.checkPublishEndpointPermission";
> 
> +    public static final String
> CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY_WITH_SECURITY_MANAGER = +       
> "org.apache.cxf.jaxws.checkPublishEndpointPermissionWithSecurityManager"; +
>      private static final WebServicePermission PUBLISH_PERMISSION =
>          new WebServicePermission("publishEndpoint");
>      private static final Logger LOG =
> LogUtils.getL7dLogger(EndpointImpl.class); @@ -492,7 +495,12 @@ public
> class EndpointImpl extends javax.
> 
>      protected void checkPublishPermission() {
>          SecurityManager sm = System.getSecurityManager();
> -        if (sm != null) {
> +        boolean checkPublishEndpointPermissionWithSecurityManager
> +            = Boolean.valueOf(
> +                      System.getProperty(
> +                                        
> CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY_WITH_SECURITY_MANAGER, +         
>                                "true"));
> +        if (checkPublishEndpointPermissionWithSecurityManager && sm !=
> null) { sm.checkPermission(PUBLISH_PERMISSION);
>          } else if
> (Boolean.getBoolean(CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY)) {
> AccessController.checkPermission(PUBLISH_PERMISSION);
-- 
Daniel Kulp
dkulp@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com

Mime
View raw message