Author: slaws
Date: Fri Aug 26 16:41:39 2011
New Revision: 1162160
URL: http://svn.apache.org/viewvc?rev=1162160&view=rev
Log:
TUSCANY-3925 - Apply Jennifer's Java security patch.
Modified:
tuscany/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/assembly/impl/WSDLHelper.java
tuscany/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/impl/JDKProxyFactory.java
tuscany/sca-java-2.x/trunk/modules/extensibility/src/main/java/org/apache/tuscany/sca/core/DefaultFactoryExtensionPoint.java
Modified:
tuscany/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/assembly/impl/WSDLHelper.java
URL:
http://svn.apache.org/viewvc/tuscany/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/assembly/impl/WSDLHelper.java?rev=1162160&r1=1162159&r2=1162160&view=diff
==============================================================================
---
tuscany/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/assembly/impl/WSDLHelper.java
(original)
+++
tuscany/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/assembly/impl/WSDLHelper.java
Fri Aug 26 16:41:39 2011
@@ -29,6 +29,9 @@ import java.io.OutputStreamWriter;
import java.io.Writer;
import java.net.URI;
import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -36,6 +39,7 @@ import java.util.Map;
import javax.wsdl.Definition;
import javax.wsdl.PortType;
import javax.wsdl.Types;
+import javax.wsdl.WSDLException;
import javax.wsdl.xml.WSDLLocator;
import javax.wsdl.xml.WSDLReader;
@@ -227,11 +231,30 @@ public class WSDLHelper {
// read
for (XMLString xmlString : xmlMap.values()){
if (xmlString instanceof WSDLInfo){
- WSDLReader reader =
javax.wsdl.factory.WSDLFactory.newInstance().newWSDLReader();
+ WSDLReader reader;
+ try {
+ reader = AccessController.doPrivileged(new
PrivilegedExceptionAction<WSDLReader>() {
+ public WSDLReader run() throws WSDLException {
+ return
javax.wsdl.factory.WSDLFactory.newInstance().newWSDLReader();
+ }
+ });
+ } catch (PrivilegedActionException e){
+ throw (WSDLException)e.getException();
+ }
reader.setFeature("javax.wsdl.verbose", false);
reader.setFeature("javax.wsdl.importDocuments", true);
- WSDLLocatorImpl locator = new
WSDLLocatorImpl(xmlString.getBaseURI(), xmlMap);
- Definition readDefinition = reader.readWSDL(locator);
+ final WSDLLocatorImpl locator = new
WSDLLocatorImpl(xmlString.getBaseURI(), xmlMap);
+ final WSDLReader freader = reader;
+ Definition readDefinition;
+ try {
+ readDefinition = AccessController.doPrivileged(new
PrivilegedExceptionAction<Definition>() {
+ public Definition run() throws WSDLException {
+ return freader.readWSDL(locator);
+ }
+ });
+ } catch (PrivilegedActionException e){
+ throw (WSDLException)e.getException();
+ }
WSDLDefinition wsdlDefinition =
wsdlFactory.createWSDLDefinition();
wsdlDefinition.setDefinition(readDefinition);
Modified:
tuscany/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/impl/JDKProxyFactory.java
URL:
http://svn.apache.org/viewvc/tuscany/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/impl/JDKProxyFactory.java?rev=1162160&r1=1162159&r2=1162160&view=diff
==============================================================================
---
tuscany/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/impl/JDKProxyFactory.java
(original)
+++
tuscany/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/invocation/impl/JDKProxyFactory.java
Fri Aug 26 16:41:39 2011
@@ -146,9 +146,13 @@ public class JDKProxyFactory implements
public <T> T createCallbackProxy(ServiceReference<T> callbackReference)
throws ProxyCreationException {
assert callbackReference != null;
- Class<T> interfaze = callbackReference.getBusinessInterface();
+ final Class<T> interfaze = callbackReference.getBusinessInterface();
InvocationHandler handler = new
JDKCallbackInvocationHandler(messageFactory, callbackReference);
- ClassLoader cl = interfaze.getClassLoader();
+ ClassLoader cl = AccessController.doPrivileged(new
PrivilegedAction<ClassLoader>() {
+ public ClassLoader run() {
+ return interfaze.getClassLoader();
+ }
+ });
T proxy = interfaze.cast(newProxyInstance(cl, new Class[] {interfaze},
handler));
((ServiceReferenceExt<T>)callbackReference).setProxy(proxy);
return proxy;
Modified:
tuscany/sca-java-2.x/trunk/modules/extensibility/src/main/java/org/apache/tuscany/sca/core/DefaultFactoryExtensionPoint.java
URL:
http://svn.apache.org/viewvc/tuscany/sca-java-2.x/trunk/modules/extensibility/src/main/java/org/apache/tuscany/sca/core/DefaultFactoryExtensionPoint.java?rev=1162160&r1=1162159&r2=1162160&view=diff
==============================================================================
---
tuscany/sca-java-2.x/trunk/modules/extensibility/src/main/java/org/apache/tuscany/sca/core/DefaultFactoryExtensionPoint.java
(original)
+++
tuscany/sca-java-2.x/trunk/modules/extensibility/src/main/java/org/apache/tuscany/sca/core/DefaultFactoryExtensionPoint.java
Fri Aug 26 16:41:39 2011
@@ -25,6 +25,8 @@ import java.lang.reflect.Method;
import java.lang.reflect.Modifier;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@@ -103,7 +105,7 @@ public class DefaultFactoryExtensionPoin
* @param factoryInterface The lookup key (factory interface)
* @return The factory
*/
- public <T> T getFactory(Class<T> factoryInterface) {
+ public <T> T getFactory(final Class<T> factoryInterface) {
Object factory = factories.get(factoryInterface);
if (factory == null) {
@@ -128,12 +130,37 @@ public class DefaultFactoryExtensionPoin
// If the input interface is an abstract class
if (!factoryInterface.isInterface() &&
Modifier.isAbstract(factoryInterface.getModifiers())) {
- Method newInstanceMethod =
factoryInterface.getDeclaredMethod("newInstance");
- ClassLoader tccl =
setContextClassLoader(factoryInterface.getClassLoader());
+
+ Method newInstanceMethod;
try {
-
- // Create a new instance
- factory = newInstanceMethod.invoke(null);
+ newInstanceMethod =
AccessController.doPrivileged(new PrivilegedExceptionAction<Method>() {
+ public Method run() throws Exception {
+ return
factoryInterface.getDeclaredMethod("newInstance");
+ }
+ });
+ } catch (PrivilegedActionException e){
+ throw (Exception)e.getException();
+ }
+
+ ClassLoader cl = AccessController.doPrivileged(new
PrivilegedAction<ClassLoader>() {
+ public ClassLoader run() {
+ ClassLoader cl =
factoryInterface.getClassLoader();
+ return cl;
+ }
+ });
+ ClassLoader tccl = setContextClassLoader(cl);
+ try {
+ try {
+ final Method fnewInstanceMethod =
newInstanceMethod;
+ factory = AccessController.doPrivileged(new
PrivilegedExceptionAction<Object>() {
+ public Object run() throws Exception {
+ Object factory =
fnewInstanceMethod.invoke(null);
+ return factory;
+ }
+ });
+ } catch (PrivilegedActionException e){
+ throw (Exception)e.getException();
+ }
// Cache the factory
factories.put(factoryInterface, factory);
