Author: coheigea
Date: Tue May 7 13:25:22 2019
New Revision: 1858858
URL: http://svn.apache.org/viewvc?rev=1858858&view=rev
Log:
WSS-648 - Performance problem with very big request
Modified:
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Modified:
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java?rev=1858858&r1=1858857&r2=1858858&view=diff
==============================================================================
---
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
(original)
+++
webservices/wss4j/branches/2_2_x-fixes/ws-security-dom/src/main/java/org/apache/wss4j/dom/util/WSSecurityUtil.java
Tue May 7 13:25:22 2019
@@ -44,7 +44,13 @@ import org.w3c.dom.Text;
//import com.sun.xml.internal.messaging.saaj.soap.SOAPDocumentImpl;
import java.io.ByteArrayInputStream;
+import java.lang.reflect.AccessibleObject;
+import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -63,6 +69,30 @@ public final class WSSecurityUtil {
private static final org.slf4j.Logger LOG =
org.slf4j.LoggerFactory.getLogger(WSSecurityUtil.class);
+ private static final ClassValue<Method> GET_DOM_ELEMENTS_METHODS = new
ClassValue<Method>() {
+ @Override
+ protected Method computeValue(Class<?> type) {
+ try {
+ return getMethod(type, "getDomElement");
+ } catch (NoSuchMethodException e) {
+ //best effort to try, do nothing if NoSuchMethodException
+ return null;
+ }
+ }
+ };
+
+ private static final ClassValue<Method> GET_ENVELOPE_METHODS = new
ClassValue<Method>() {
+ @Override
+ protected Method computeValue(Class<?> type) {
+ try {
+ return getMethod(type, "getEnvelope");
+ } catch (NoSuchMethodException e) {
+ //best effort to try, do nothing if NoSuchMethodException
+ return null;
+ }
+ }
+ };
+
static {
try {
Method[] methods = WSSecurityUtil.class.getClassLoader().
@@ -97,6 +127,31 @@ public final class WSSecurityUtil {
// Complete
}
+ private static Method getMethod(final Class<?> clazz, final String name,
+ final Class<?>... parameterTypes) throws
NoSuchMethodException {
+ try {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Method>() {
+ public Method run() throws Exception {
+ return clazz.getMethod(name, parameterTypes);
+ }
+ });
+ } catch (PrivilegedActionException pae) {
+ Exception e = pae.getException();
+ if (e instanceof NoSuchMethodException) {
+ throw (NoSuchMethodException)e;
+ }
+ throw new SecurityException(e);
+ }
+ }
+
+ private static <T extends AccessibleObject> T setAccessible(final T o) {
+ return AccessController.doPrivileged(new PrivilegedAction<T>() {
+ public T run() {
+ o.setAccessible(true);
+ return o;
+ }
+ });
+ }
public static Element getSOAPHeader(Document doc) {
String soapNamespace =
WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
@@ -364,12 +419,13 @@ public final class WSSecurityUtil {
if (isSAAJ14) {
try {
Node node = null;
- try {
- Method method =
doc.getClass().getMethod("getEnvelope");
- node = (Node)method.invoke(doc);
- } catch (java.lang.NoSuchMethodException nsme) {
- //node the SAAJ node, use
- node = null;
+ Method method =
GET_ENVELOPE_METHODS.get(doc.getClass());
+ if (method != null) {
+ try {
+ node = (Node)setAccessible(method).invoke(doc);
+ } catch (IllegalAccessException |
IllegalArgumentException | InvocationTargetException e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+ }
}
if (node != null) {
header = createElementInSameNamespace(node,
WSConstants.ELEM_HEADER);
@@ -621,7 +677,7 @@ public final class WSSecurityUtil {
public static Element cloneElement(Document doc, Element clonedElement)
throws WSSecurityException {
clonedElement = (Element)clonedElement.cloneNode(true);
if (isSAAJ14) {
- // here we need regiter the javax.xml.soap.Node with new instance
+ // here we need register the javax.xml.soap.Node with new instance
clonedElement = (Element)doc.importNode(clonedElement, true);
clonedElement = (Element)getDomElement(clonedElement);
}
@@ -637,13 +693,13 @@ public final class WSSecurityUtil {
private static Node getDomElement(Node node) throws WSSecurityException {
if (node != null && isSAAJ14) {
- try {
- Method method = node.getClass().getMethod("getDomElement");
- node = (Node)method.invoke(node);
- } catch (NoSuchMethodException e) {
- LOG.debug("Not the saaj node with java9");
- } catch (Exception e) {
- throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+ Method method = GET_DOM_ELEMENTS_METHODS.get(node.getClass());
+ if (method != null) {
+ try {
+ return (Node)setAccessible(method).invoke(node);
+ } catch (IllegalAccessException | IllegalArgumentException |
InvocationTargetException e) {
+ throw new
WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
+ }
}
}
return node;
