scheu 2002/06/27 10:22:32
Modified: java/src/org/apache/axis/encoding
SerializationContextImpl.java
java/src/org/apache/axis/encoding/ser
BaseDeserializerFactory.java
BaseSerializerFactory.java
java/src/org/apache/axis/utils ClassUtils.java
Log:
Add doPrivileged calls in ClassUtils for security.
Removed some eaten exceptions.
Revision Changes Path
1.34 +2 -8
xml-axis/java/src/org/apache/axis/encoding/SerializationContextImpl.java
Index: SerializationContextImpl.java
===================================================================
RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/encoding/SerializationContextImpl.java,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -r1.33 -r1.34
--- SerializationContextImpl.java 22 Jun 2002 16:40:56 -0000 1.33
+++ SerializationContextImpl.java 27 Jun 2002 17:22:32 -0000 1.34
@@ -1092,10 +1092,7 @@
// Using the serialization factory, create a serializer
Serializer ser = null;
if ( serFactory != null ) {
- try {
- ser = (Serializer) serFactory.getSerializerAs(Constants.AXIS_SAX);
- } catch (JAXRPCException e) {
- }
+ ser = (Serializer) serFactory.getSerializerAs(Constants.AXIS_SAX);
}
if (ser != null) {
info = new SerializerInfo();
@@ -1172,10 +1169,7 @@
// Using the serialization factory, create a serializer
Serializer ser = null;
if ( serFactory != null ) {
- try {
- ser = (Serializer) serFactory.getSerializerAs(Constants.AXIS_SAX);
- } catch (JAXRPCException e) {
- }
+ ser = (Serializer) serFactory.getSerializerAs(Constants.AXIS_SAX);
}
if (ser != null) {
info = new SerializerInfo();
1.7 +10 -9
xml-axis/java/src/org/apache/axis/encoding/ser/BaseDeserializerFactory.java
Index: BaseDeserializerFactory.java
===================================================================
RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/encoding/ser/BaseDeserializerFactory.java,v
retrieving revision 1.6
retrieving revision 1.7
diff -u -r1.6 -r1.7
--- BaseDeserializerFactory.java 20 Jun 2002 16:48:18 -0000 1.6
+++ BaseDeserializerFactory.java 27 Jun 2002 17:22:32 -0000 1.7
@@ -106,16 +106,17 @@
Deserializer deser = null;
// Need to add code to check against mechanisms vector.
+
+ // Try getting a specialized Deserializer
+ deser = getSpecialized(mechanismType);
+
+ // Try getting a general purpose Deserializer via constructor
+ // invocation
+ if (deser == null) {
+ deser = getGeneralPurpose(mechanismType);
+ }
+
try {
- // Try getting a specialized Deserializer
- deser = getSpecialized(mechanismType);
-
- // Try getting a general purpose Deserializer via constructor
- // invocation
- if (deser == null) {
- deser = getGeneralPurpose(mechanismType);
- }
-
// If not successfull, try newInstance
if (deser == null) {
deser = (Deserializer) deserClass.newInstance();
1.11 +10 -10
xml-axis/java/src/org/apache/axis/encoding/ser/BaseSerializerFactory.java
Index: BaseSerializerFactory.java
===================================================================
RCS file:
/home/cvs/xml-axis/java/src/org/apache/axis/encoding/ser/BaseSerializerFactory.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- BaseSerializerFactory.java 20 Jun 2002 16:48:18 -0000 1.10
+++ BaseSerializerFactory.java 27 Jun 2002 17:22:32 -0000 1.11
@@ -127,16 +127,16 @@
}
ser = null;
- try {
- // Try getting a specialized Serializer
- ser = getSpecialized(mechanismType);
-
- // Try getting a general purpose Serializer via constructor
- // invocation
- if (ser == null) {
- ser = getGeneralPurpose(mechanismType);
- }
-
+ // Try getting a specialized Serializer
+ ser = getSpecialized(mechanismType);
+
+ // Try getting a general purpose Serializer via constructor
+ // invocation
+ if (ser == null) {
+ ser = getGeneralPurpose(mechanismType);
+ }
+
+ try {
// If not successfull, try newInstance
if (ser == null) {
ser = (Serializer) serClass.newInstance();
1.2 +75 -25 xml-axis/java/src/org/apache/axis/utils/ClassUtils.java
Index: ClassUtils.java
===================================================================
RCS file: /home/cvs/xml-axis/java/src/org/apache/axis/utils/ClassUtils.java,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ClassUtils.java 20 Jun 2002 16:48:19 -0000 1.1
+++ ClassUtils.java 27 Jun 2002 17:22:32 -0000 1.2
@@ -54,6 +54,9 @@
*/
package org.apache.axis.utils;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
/**
* Utility methods for Class Loading.
*
@@ -119,10 +122,33 @@
* @throws ClassNotFoundException if the class is not found
*/
public static Class forName(
- String className, boolean init, ClassLoader loader)
+ String _className, boolean init, ClassLoader _loader)
throws ClassNotFoundException {
+
+ // Create final vars for doPrivileged block
+ final String className = _className;
+ final ClassLoader loader = _loader;
try {
- return Class.forName(className, true, loader);
+ // Get the class within a doPrivleged block
+ Object ret =
+ AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ try {
+ return Class.forName(className, true, loader);
+ } catch (Throwable e) {
+ return e;
+ }
+ }
+ });
+ // If the class was located, return it. Otherwise throw exception
+ if (ret instanceof Class) {
+ return (Class) ret;
+ } else if (ret instanceof ClassNotFoundException) {
+ throw (ClassNotFoundException) ret;
+ } else {
+ throw new ClassNotFoundException(_className);
+ }
} catch (ClassNotFoundException cnfe) {
return loadClass(className);
}
@@ -135,31 +161,55 @@
* @return java class
* @throws ClassNotFoundException if the class is not found
*/
- private static Class loadClass(String className)
+ private static Class loadClass(String _className)
throws ClassNotFoundException {
- try {
- // Check if the class is a registered class then
- // use the classloader for that class.
- ClassLoader classLoader = getClassLoader(className);
- return Class.forName(className, true, classLoader);
- } catch (ClassNotFoundException cnfe) {
- }
+ // Create final vars for doPrivileged block
+ final String className = _className;
- try {
- // Try the context class loader
- ClassLoader classLoader =
- Thread.currentThread().getContextClassLoader();
- return Class.forName(className, true, classLoader);
- } catch (ClassNotFoundException cnfe2) {
- try {
- // Try the classloader that loaded this class.
- ClassLoader classLoader =
- ClassUtils.class.getClassLoader();
- return Class.forName(className, true, classLoader);
- } catch (ClassNotFoundException cnfe3) {
- // Try the default class loader.
- return Class.forName(className);
- }
+ // Get the class within a doPrivleged block
+ Object ret =
+ AccessController.doPrivileged(
+ new PrivilegedAction() {
+ public Object run() {
+ try {
+ // Check if the class is a registered class then
+ // use the classloader for that class.
+ ClassLoader classLoader = getClassLoader(className);
+ return Class.forName(className, true, classLoader);
+ } catch (ClassNotFoundException cnfe) {
+ }
+
+ try {
+ // Try the context class loader
+ ClassLoader classLoader =
+ Thread.currentThread().getContextClassLoader();
+ return Class.forName(className, true, classLoader);
+ } catch (ClassNotFoundException cnfe2) {
+ try {
+ // Try the classloader that loaded this class.
+ ClassLoader classLoader =
+ ClassUtils.class.getClassLoader();
+ return Class.forName(className, true,
classLoader);
+ } catch (ClassNotFoundException cnfe3) {
+ // Try the default class loader.
+ try {
+ return Class.forName(className);
+ } catch (Throwable e) {
+ // Still not found, return exception
+ return e;
+ }
+ }
+ }
+ }
+ });
+
+ // If the class was located, return it. Otherwise throw exception
+ if (ret instanceof Class) {
+ return (Class) ret;
+ } else if (ret instanceof ClassNotFoundException) {
+ throw (ClassNotFoundException) ret;
+ } else {
+ throw new ClassNotFoundException(_className);
}
}
}
