Author: tolusha Date: 2010-11-09 09:01:31 -0500 (Tue, 09 Nov 2010) New Revision: 3413 Added: ws/trunk/exo.ws.commons/src/test/resources/ ws/trunk/exo.ws.commons/src/test/resources/test.policy ws/trunk/exo.ws.frameworks.json/src/test/resources/test.policy ws/trunk/exo.ws.rest.core/src/test/resources/test.policy Modified: ws/trunk/exo.ws.commons/pom.xml ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/Codecs.java ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/CookieModule.java ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/DefaultAuthHandler.java ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/HTTPConnection.java ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/HTTPResponse.java ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/HttpURLConnection.java ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/Log.java ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/SocksClient.java ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/URI.java ws/trunk/exo.ws.frameworks.json/pom.xml ws/trunk/exo.ws.frameworks.json/src/main/java/org/exoplatform/ws/frameworks/json/impl/JsonGeneratorImpl.java ws/trunk/exo.ws.rest.core/pom.xml ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/FieldInjectorImpl.java ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/RequestHandlerImpl.java ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/ResourceBinder.java ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/method/ParameterHelper.java ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/DOMSourceEntityProvider.java ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/FileEntityProvider.java ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/JAXBContextResolver.java ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/JAXBElementEntityProvider.java ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/JAXBObjectEntityProvider.java ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/MultipartFormDataEntityProvider.java ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/SAXSourceEntityProvider.java ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/resource/AbstractResourceDescriptorImpl.java ws/trunk/exo.ws.rest.ext/pom.xml ws/trunk/exo.ws.rest.ext/src/main/java/org/exoplatform/services/rest/ext/groovy/GroovyJaxrsPublisher.java ws/trunk/exo.ws.rest.ext/src/test/resources/test.policy ws/trunk/pom.xml Log: EXOJCR-986: Enable SecurityManager by default Modified: ws/trunk/exo.ws.commons/pom.xml =================================================================== --- ws/trunk/exo.ws.commons/pom.xml 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.commons/pom.xml 2010-11-09 14:01:31 UTC (rev 3413) @@ -38,6 +38,11 @@ <artifactId>exo.kernel.commons</artifactId> </dependency> <dependency> + <groupId>org.exoplatform.kernel</groupId> + <artifactId>exo.kernel.commons.test</artifactId> + <scope>test</scope> + </dependency> + <dependency> <groupId>javax.xml.stream</groupId> <artifactId>stax-api</artifactId> </dependency> @@ -51,4 +56,53 @@ <scope>test</scope> </dependency> </dependencies> + + <build> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <configuration> + <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine> + </configuration> + </plugin> + <plugin> + <artifactId>maven-antrun-plugin</artifactId> + <executions> + <execution> + <id>prepare-test-policy</id> + <phase>process-test-resources</phase> + <configuration> + <tasks> + <echo>Creating Access Policy for tests</echo> + <makeurl file="${settings.localRepository}" property="localRepositoryURL" /> + <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" /> + <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" /> + <copy todir="${project.build.testOutputDirectory}" overwrite="true"> + <fileset dir="${project.basedir}/src/test/resources/"> + <include name="test.policy" /> + </fileset> + <filterset> + <filter token="MAVEN_REPO" value="${localRepositoryURL}" /> + <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" /> + <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" /> + </filterset> + </copy> + </tasks> + </configuration> + <goals> + <goal>run</goal> + </goals> + </execution> + </executions> + <dependencies> + <dependency> + <groupId>ant</groupId> + <artifactId>ant-optional</artifactId> + <version>1.5.3-1</version> + </dependency> + </dependencies> + </plugin> + </plugins> + </build> </project> Modified: ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/Codecs.java =================================================================== --- ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/Codecs.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/Codecs.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -32,6 +32,8 @@ package org.exoplatform.common.http.client; +import org.exoplatform.commons.utils.PrivilegedSystemHelper; + import java.io.BufferedReader; import java.io.EOFException; import java.io.File; @@ -284,7 +286,7 @@ int line_len = 45; // line length, in octets int sidx, didx; - char nl[] = System.getProperty("line.separator", "\n").toCharArray(), dest[] = + char nl[] = PrivilegedSystemHelper.getProperty("line.separator", "\n").toCharArray(), dest[] = new char[(data.length + 2) / 3 * 4 + ((data.length + line_len - 1) / line_len) * (nl.length + 1)]; // split into lines, adding line-length and line terminator @@ -476,7 +478,8 @@ return null; char map[] = {'0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F'}, nl[] = - System.getProperty("line.separator", "\n").toCharArray(), res[] = new char[(int)(str.length() * 1.5)], src[] = + PrivilegedSystemHelper.getProperty("line.separator", "\n").toCharArray(), res[] = + new char[(int)(str.length() * 1.5)], src[] = str.toCharArray(); char ch; int cnt = 0, didx = 1, last = 0, slen = str.length(); @@ -505,7 +508,7 @@ sidx += nl.length - 1; cnt = didx; } - else if (ch > 126 || (ch < 32 && ch != '\t') || ch == '=' || EBCDICUnsafeChar.get((int)ch)) + else if (ch > 126 || (ch < 32 && ch != '\t') || ch == '=' || EBCDICUnsafeChar.get(ch)) { // Rule // #1, // #2 @@ -560,7 +563,7 @@ return null; char res[] = new char[(int)(str.length() * 1.1)], src[] = str.toCharArray(), nl[] = - System.getProperty("line.separator", "\n").toCharArray(); + PrivilegedSystemHelper.getProperty("line.separator", "\n").toCharArray(); int last = 0, didx = 0, slen = str.length(); for (int sidx = 0; sidx < slen;) @@ -1188,6 +1191,7 @@ super(null); } + @Override public void connect() { } Modified: ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/CookieModule.java =================================================================== --- ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/CookieModule.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/CookieModule.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -32,6 +32,7 @@ package org.exoplatform.common.http.client; +import org.exoplatform.commons.utils.PrivilegedSystemHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; @@ -137,6 +138,7 @@ cookieSaver = new Object() { + @Override public void finalize() { saveCookies(); @@ -162,7 +164,7 @@ if (cookie_jar.isFile() && cookie_jar.canRead()) { ObjectInputStream ois = new ObjectInputStream(new FileInputStream(cookie_jar)); - cookie_cntxt_list.put(HTTPConnection.getDefaultContext(), (Hashtable)ois.readObject()); + cookie_cntxt_list.put(HTTPConnection.getDefaultContext(), ois.readObject()); ois.close(); } } @@ -210,7 +212,7 @@ try { - file = System.getProperty("HTTPClient.cookies.jar"); + file = PrivilegedSystemHelper.getProperty("HTTPClient.cookies.jar"); } catch (Exception e) { @@ -220,19 +222,19 @@ { // default to something reasonable - String os = System.getProperty("os.name"); + String os = PrivilegedSystemHelper.getProperty("os.name"); if (os.equalsIgnoreCase("Windows 95") || os.equalsIgnoreCase("16-bit Windows") || os.equalsIgnoreCase("Windows")) { - file = System.getProperty("java.home") + File.separator + ".httpclient_cookies"; + file = PrivilegedSystemHelper.getProperty("java.home") + File.separator + ".httpclient_cookies"; } else if (os.equalsIgnoreCase("Windows NT")) { - file = System.getProperty("user.home") + File.separator + ".httpclient_cookies"; + file = PrivilegedSystemHelper.getProperty("user.home") + File.separator + ".httpclient_cookies"; } else if (os.equalsIgnoreCase("OS/2")) { - file = System.getProperty("user.home") + File.separator + ".httpclient_cookies"; + file = PrivilegedSystemHelper.getProperty("user.home") + File.separator + ".httpclient_cookies"; } else if (os.equalsIgnoreCase("Mac OS") || os.equalsIgnoreCase("MacOS")) { @@ -241,7 +243,7 @@ else // it's probably U*IX or VMS { - file = System.getProperty("user.home") + File.separator + ".httpclient_cookies"; + file = PrivilegedSystemHelper.getProperty("user.home") + File.separator + ".httpclient_cookies"; } } @@ -664,7 +666,7 @@ try { - list = System.getProperty("HTTPClient.cookies.hosts.accept"); + list = PrivilegedSystemHelper.getProperty("HTTPClient.cookies.hosts.accept"); } catch (Exception e) { @@ -676,7 +678,7 @@ try { - list = System.getProperty("HTTPClient.cookies.hosts.reject"); + list = PrivilegedSystemHelper.getProperty("HTTPClient.cookies.hosts.reject"); } catch (Exception e) { @@ -921,6 +923,7 @@ constr.gridwidth = GridBagConstraints.REMAINDER; } + @Override public Dimension getMaximumSize() { return new Dimension(screen.width * 3 / 4, screen.height * 3 / 4); @@ -983,6 +986,7 @@ private class Close extends WindowAdapter { + @Override public void windowClosing(WindowEvent we) { new Reject().actionPerformed(null); @@ -1122,6 +1126,7 @@ */ class Separator extends Panel { + @Override public void paint(Graphics g) { int w = getSize().width, h = getSize().height / 2; @@ -1132,6 +1137,7 @@ g.drawLine(2, h, w - 2, h); } + @Override public Dimension getMinimumSize() { return new Dimension(4, 2); Modified: ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/DefaultAuthHandler.java =================================================================== --- ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/DefaultAuthHandler.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/DefaultAuthHandler.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -32,6 +32,7 @@ package org.exoplatform.common.http.client; +import org.exoplatform.commons.utils.PrivilegedSystemHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; @@ -1450,6 +1451,7 @@ private class Close extends WindowAdapter { + @Override public void windowClosing(WindowEvent we) { new Cancel().actionPerformed(null); @@ -1482,7 +1484,7 @@ // prefill the user field with the username try { - user.setText(System.getProperty("user.name", "")); + user.setText(PrivilegedSystemHelper.getProperty("user.name", "")); user_focus = false; } catch (SecurityException se) @@ -1591,7 +1593,7 @@ */ private static void echo(boolean on) { - String os = System.getProperty("os.name"); + String os = PrivilegedSystemHelper.getProperty("os.name"); String[] cmd = null; if (os.equalsIgnoreCase("Windows 95") || os.equalsIgnoreCase("Windows NT")) @@ -1624,7 +1626,7 @@ */ static boolean canUseCLPrompt() { - String os = System.getProperty("os.name"); + String os = PrivilegedSystemHelper.getProperty("os.name"); return (os.indexOf("Linux") >= 0 || os.indexOf("SunOS") >= 0 || os.indexOf("Solaris") >= 0 || os.indexOf("BSD") >= 0 || os.indexOf("AIX") >= 0 || os.indexOf("HP-UX") >= 0 || os.indexOf("IRIX") >= 0 Modified: ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/HTTPConnection.java =================================================================== --- ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/HTTPConnection.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/HTTPConnection.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -32,6 +32,7 @@ package org.exoplatform.common.http.client; +import org.exoplatform.commons.utils.PrivilegedSystemHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; @@ -315,7 +316,7 @@ try // JDK 1.1 naming { - String host = System.getProperty("http.proxyHost"); + String host = PrivilegedSystemHelper.getProperty("http.proxyHost"); if (host == null) throw new Exception(); // try JDK 1.0.x naming int port = Integer.getInteger("http.proxyPort", -1).intValue(); @@ -332,7 +333,7 @@ { if (Boolean.getBoolean("proxySet")) { - String host = System.getProperty("proxyHost"); + String host = PrivilegedSystemHelper.getProperty("proxyHost"); int port = Integer.getInteger("proxyPort", -1).intValue(); if (log.isDebugEnabled()) @@ -352,9 +353,9 @@ */ try { - String hosts = System.getProperty("HTTPClient.nonProxyHosts"); + String hosts = PrivilegedSystemHelper.getProperty("HTTPClient.nonProxyHosts"); if (hosts == null) - hosts = System.getProperty("http.nonProxyHosts"); + hosts = PrivilegedSystemHelper.getProperty("http.nonProxyHosts"); String[] list = Util.splitProperty(hosts); dontProxyFor(list); @@ -371,7 +372,7 @@ */ try { - String host = System.getProperty("HTTPClient.socksHost"); + String host = PrivilegedSystemHelper.getProperty("HTTPClient.socksHost"); if (host != null && host.length() > 0) { int port = Integer.getInteger("HTTPClient.socksPort", -1).intValue(); @@ -414,7 +415,7 @@ boolean in_applet = false; try { - modules = System.getProperty("HTTPClient.Modules", modules); + modules = PrivilegedSystemHelper.getProperty("HTTPClient.Modules", modules); } catch (SecurityException se) { @@ -523,8 +524,8 @@ */ try { - if (System.getProperty("os.name").indexOf("Windows") >= 0 - && System.getProperty("java.version").startsWith("1.1")) + if (PrivilegedSystemHelper.getProperty("os.name").indexOf("Windows") >= 0 + && PrivilegedSystemHelper.getProperty("java.version").startsWith("1.1")) haveMSLargeWritesBug = true; if (haveMSLargeWritesBug) { @@ -1800,7 +1801,7 @@ { synchronized (DefaultHeaders) { - return (NVPair[])DefaultHeaders.clone(); + return DefaultHeaders.clone(); } } @@ -3370,7 +3371,7 @@ con.start(); try { - con.join((long)con_timeout); + con.join(con_timeout); } catch (InterruptedException ie) { @@ -3855,6 +3856,7 @@ * Generates a string of the form protocol://host.domain:port . * @return the string */ + @Override public String toString() { return getProtocol() + "://" + getHost() + (getPort() != URI.defaultPort(getProtocol()) ? ":" + getPort() : ""); @@ -3894,6 +3896,7 @@ close = false; } + @Override public void run() { try @@ -3970,6 +3973,7 @@ super(os); } + @Override public void write(byte[] b, int off, int len) throws IOException { while (len > CHUNK_SIZE) Modified: ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/HTTPResponse.java =================================================================== --- ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/HTTPResponse.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/HTTPResponse.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -32,6 +32,7 @@ package org.exoplatform.common.http.client; +import org.exoplatform.commons.utils.PrivilegedSystemHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; @@ -623,6 +624,7 @@ * produces a full list of headers and their values, one per line. * @return a string containing the headers */ + @Override public String toString() { if (!initialized) @@ -642,7 +644,7 @@ } } - String nl = System.getProperty("line.separator", "\n"); + String nl = PrivilegedSystemHelper.getProperty("line.separator", "\n"); StringBuffer str = new StringBuffer(Version); str.append(' '); Modified: ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/HttpURLConnection.java =================================================================== --- ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/HttpURLConnection.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/HttpURLConnection.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -32,6 +32,7 @@ package org.exoplatform.common.http.client; +import org.exoplatform.commons.utils.PrivilegedSystemHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; @@ -171,7 +172,7 @@ // Set the User-Agent if the http.agent property is set try { - String agent = System.getProperty("http.agent"); + String agent = PrivilegedSystemHelper.getProperty("http.agent"); if (agent != null) setDefaultRequestProperty("User-Agent", agent); } @@ -202,7 +203,7 @@ // first read proxy properties and set try { - String hosts = System.getProperty("http.nonProxyHosts", ""); + String hosts = PrivilegedSystemHelper.getProperty("http.nonProxyHosts", ""); if (!hosts.equalsIgnoreCase(non_proxy_hosts)) { connections.clear(); @@ -222,7 +223,7 @@ try { - String host = System.getProperty("http.proxyHost", ""); + String host = PrivilegedSystemHelper.getProperty("http.proxyHost", ""); int port = Integer.getInteger("http.proxyPort", -1).intValue(); if (!host.equalsIgnoreCase(proxy_host) || port != proxy_port) { @@ -285,6 +286,7 @@ * @param method the http method. * @exception ProtocolException if already connected. */ + @Override public void setRequestMethod(String method) throws ProtocolException { if (connected) @@ -301,6 +303,7 @@ * Return the request method used. * @return the http method. */ + @Override public String getRequestMethod() { return method; @@ -310,6 +313,7 @@ * Get the response code. Calls connect() if not connected. * @return the http response code returned. */ + @Override public int getResponseCode() throws IOException { if (!connected) @@ -330,6 +334,7 @@ * not connected. * @return the http response message returned with the response code. */ + @Override public String getResponseMessage() throws IOException { if (!connected) @@ -350,6 +355,7 @@ * @param name the of the header. * @return the value of the header, or null if no such header was returned. */ + @Override public String getHeaderField(String name) { try @@ -372,6 +378,7 @@ * @param def the default value to return in case of an error. * @return the value of the header, or null if no such header was returned. */ + @Override public int getHeaderFieldInt(String name, int def) { try @@ -395,6 +402,7 @@ * @param def the default value to return in case of an error. * @return the value of the header, or def in case of an error. */ + @Override public long getHeaderFieldDate(String name, long def) { try @@ -418,6 +426,7 @@ * @param n which header to return. * @return the header name, or null if not that many headers. */ + @Override public String getHeaderFieldKey(int n) { if (hdr_keys == null) @@ -435,6 +444,7 @@ * @param n which header to return. * @return the header value, or null if not that many headers. */ + @Override public String getHeaderField(int n) { if (hdr_values == null) @@ -493,6 +503,7 @@ * @exception ProtocolException if input not enabled. * @see java.net.URLConnection#setDoInput(boolean) */ + @Override public InputStream getInputStream() throws IOException { if (!doInput) @@ -524,6 +535,7 @@ * @see java.net.HttpURLConnection#getErrorStream() * @since V0.3-1 */ + @Override public InputStream getErrorStream() { try @@ -558,6 +570,7 @@ * @see java.net.URLConnection#setDoOutput(boolean) * @see HTTPClient.HttpOutputStream */ + @Override public synchronized OutputStream getOutputStream() throws IOException { if (connected) @@ -605,6 +618,7 @@ * redirected then the url returned is that of the final request. * @return the final url, or null if any exception occured. */ + @Override public URL getURL() { if (connected) @@ -626,6 +640,7 @@ * Sets the <var>If-Modified-Since</var> header. * @param time the number of milliseconds since 1970. */ + @Override public void setIfModifiedSince(long time) { super.setIfModifiedSince(time); @@ -637,6 +652,7 @@ * @param name the name of the header. * @param value the value for the header. */ + @Override public void setRequestProperty(String name, String value) { @@ -661,6 +677,7 @@ * @param name the name of the header. * @return the value part of the header, or null if no such header. */ + @Override public String getRequestProperty(String name) { for (int idx = 0; idx < headers.length; idx++) @@ -717,6 +734,7 @@ * this instance only. Cannot be called after <code>connect()</code>. * @param set enables automatic redirection handling if true. */ + @Override public void setInstanceFollowRedirects(boolean set) { if (connected) @@ -729,6 +747,7 @@ * @return true if automatic redirection handling for this instance is * enabled. */ + @Override public boolean getInstanceFollowRedirects() { return do_redir; @@ -738,6 +757,7 @@ * Connects to the server (if connection not still kept alive) and issues the * request. */ + @Override public synchronized void connect() throws IOException { if (connected) @@ -776,6 +796,7 @@ /** * Closes all the connections to this server. */ + @Override public void disconnect() { if (log.isDebugEnabled()) @@ -788,6 +809,7 @@ * Shows if request are being made through an http proxy or directly. * @return true if an http proxy is being used. */ + @Override public boolean usingProxy() { return (con.getProxyHost() != null); @@ -797,6 +819,7 @@ * produces a string. * @return a string containing the HttpURLConnection */ + @Override public String toString() { return getClass().getName() + "[" + url + "]"; Modified: ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/Log.java =================================================================== --- ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/Log.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/Log.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -32,6 +32,8 @@ package org.exoplatform.common.http.client; +import org.exoplatform.commons.utils.PrivilegedSystemHelper; + import java.io.ByteArrayOutputStream; import java.io.FileWriter; import java.io.IOException; @@ -97,7 +99,7 @@ /** All the facilities - for use in <code>setLogging</code> (-1) */ public static final int ALL = ~0; - private static final String NL = System.getProperty("line.separator"); + private static final String NL = PrivilegedSystemHelper.getProperty("line.separator"); private static final long TZ_OFF; @@ -116,7 +118,7 @@ try { - String file = System.getProperty("HTTPClient.log.file"); + String file = PrivilegedSystemHelper.getProperty("HTTPClient.log.file"); if (file != null) { try Modified: ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/SocksClient.java =================================================================== --- ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/SocksClient.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/SocksClient.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -32,6 +32,7 @@ package org.exoplatform.common.http.client; +import org.exoplatform.commons.utils.PrivilegedSystemHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; @@ -285,7 +286,7 @@ String user_str; try { - user_str = System.getProperty("user.name", ""); + user_str = PrivilegedSystemHelper.getProperty("user.name", ""); } catch (SecurityException se) { @@ -565,6 +566,7 @@ * produces a string. * @return a string containing the host and port of the socks server */ + @Override public String toString() { return getClass().getName() + "[" + socks_host + ":" + socks_port + "]"; Modified: ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/URI.java =================================================================== --- ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/URI.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.commons/src/main/java/org/exoplatform/common/http/client/URI.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -32,6 +32,8 @@ package org.exoplatform.common.http.client; +import org.exoplatform.commons.utils.PrivilegedSystemHelper; + import java.net.MalformedURLException; import java.net.URL; import java.util.BitSet; @@ -1047,6 +1049,7 @@ * @return the URI as a string * @see #toExternalForm() */ + @Override public String toString() { return stringify(true); @@ -1056,6 +1059,7 @@ * @return true if <var>other</var> is either a URI or URL and it matches the * current URI */ + @Override public boolean equals(Object other) { if (other instanceof URI) @@ -1149,6 +1153,7 @@ * The hash code is calculated over scheme, host, path, and query. * @return the hash code */ + @Override public int hashCode() { if (hashCode == -1) @@ -1779,7 +1784,7 @@ System.err.println("*** Tests finished successfuly"); } - private static final String nl = System.getProperty("line.separator"); + private static final String nl = PrivilegedSystemHelper.getProperty("line.separator"); private static void testParser(URI base, String relURI, String result) throws Exception { Added: ws/trunk/exo.ws.commons/src/test/resources/test.policy =================================================================== --- ws/trunk/exo.ws.commons/src/test/resources/test.policy (rev 0) +++ ws/trunk/exo.ws.commons/src/test/resources/test.policy 2010-11-09 14:01:31 UTC (rev 3413) @@ -0,0 +1,10 @@ +grant codeBase "@MAVEN_REPO@-"{ + permission java.security.AllPermission; +}; + +grant codeBase "@MAIN_CLASSES@-"{ + permission java.security.AllPermission; +}; + +grant codeBase "@TEST_CLASSES@-"{ +}; Modified: ws/trunk/exo.ws.frameworks.json/pom.xml =================================================================== --- ws/trunk/exo.ws.frameworks.json/pom.xml 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.frameworks.json/pom.xml 2010-11-09 14:01:31 UTC (rev 3413) @@ -44,6 +44,11 @@ <artifactId>groovy-all</artifactId> <scope>test</scope> </dependency> + <dependency> + <groupId>org.exoplatform.kernel</groupId> + <artifactId>exo.kernel.commons.test</artifactId> + <scope>test</scope> + </dependency> </dependencies> <build> @@ -57,5 +62,51 @@ </includes> </testResource> </testResources> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <configuration> + <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine> + </configuration> + </plugin> + <plugin> + <artifactId>maven-antrun-plugin</artifactId> + <executions> + <execution> + <id>prepare-test-policy</id> + <phase>process-test-resources</phase> + <configuration> + <tasks> + <echo>Creating Access Policy for tests</echo> + <makeurl file="${settings.localRepository}" property="localRepositoryURL" /> + <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" /> + <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" /> + <copy todir="${project.build.testOutputDirectory}" overwrite="true"> + <fileset dir="${project.basedir}/src/test/resources/"> + <include name="test.policy" /> + </fileset> + <filterset> + <filter token="MAVEN_REPO" value="${localRepositoryURL}" /> + <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" /> + <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" /> + </filterset> + </copy> + </tasks> + </configuration> + <goals> + <goal>run</goal> + </goals> + </execution> + </executions> + <dependencies> + <dependency> + <groupId>ant</groupId> + <artifactId>ant-optional</artifactId> + <version>1.5.3-1</version> + </dependency> + </dependencies> + </plugin> + </plugins> </build> </project> Modified: ws/trunk/exo.ws.frameworks.json/src/main/java/org/exoplatform/ws/frameworks/json/impl/JsonGeneratorImpl.java =================================================================== --- ws/trunk/exo.ws.frameworks.json/src/main/java/org/exoplatform/ws/frameworks/json/impl/JsonGeneratorImpl.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.frameworks.json/src/main/java/org/exoplatform/ws/frameworks/json/impl/JsonGeneratorImpl.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -35,6 +35,8 @@ import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Method; import java.lang.reflect.Modifier; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Collection; import java.util.HashMap; @@ -380,10 +382,18 @@ * @param clazz the class. * @return set of fields which must be skiped. */ - private static Set<String> getTransientFields(Class<?> clazz) + private static Set<String> getTransientFields(final Class<?> clazz) { Set<String> set = new HashSet<String>(); - Field[] fields = clazz.getDeclaredFields(); + + Field[] fields = AccessController.doPrivileged(new PrivilegedAction<Field[]>() + { + public Field[] run() + { + return clazz.getDeclaredFields(); + } + }); + for (Field f : fields) { if (Modifier.isTransient(f.getModifiers())) Added: ws/trunk/exo.ws.frameworks.json/src/test/resources/test.policy =================================================================== --- ws/trunk/exo.ws.frameworks.json/src/test/resources/test.policy (rev 0) +++ ws/trunk/exo.ws.frameworks.json/src/test/resources/test.policy 2010-11-09 14:01:31 UTC (rev 3413) @@ -0,0 +1,10 @@ +grant codeBase "@MAVEN_REPO@-"{ + permission java.security.AllPermission; +}; + +grant codeBase "@MAIN_CLASSES@-"{ + permission java.security.AllPermission; +}; + +grant codeBase "@TEST_CLASSES@-"{ +}; Modified: ws/trunk/exo.ws.rest.core/pom.xml =================================================================== --- ws/trunk/exo.ws.rest.core/pom.xml 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/pom.xml 2010-11-09 14:01:31 UTC (rev 3413) @@ -42,6 +42,11 @@ <artifactId>exo.kernel.container</artifactId> </dependency> <dependency> + <groupId>org.exoplatform.kernel</groupId> + <artifactId>exo.kernel.commons.test</artifactId> + <scope>test</scope> + </dependency> + <dependency> <groupId>org.exoplatform.ws</groupId> <artifactId>exo.ws.frameworks.json</artifactId> </dependency> @@ -49,7 +54,7 @@ <groupId>org.exoplatform.ws</groupId> <artifactId>exo.ws.testframework</artifactId> <scope>test</scope> - </dependency> + </dependency> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> @@ -105,6 +110,13 @@ <build> <plugins> <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <configuration> + <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine> + </configuration> + </plugin> + <plugin> <groupId>org.jvnet.jaxb2.maven2</groupId> <artifactId>maven-jaxb2-plugin</artifactId> <executions> @@ -169,7 +181,39 @@ </tasks> </configuration> </execution> + <execution> + <id>prepare-test-policy</id> + <phase>process-test-resources</phase> + <configuration> + <tasks> + <echo>Creating Access Policy for tests</echo> + <makeurl file="${settings.localRepository}" property="localRepositoryURL" /> + <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" /> + <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" /> + <copy todir="${project.build.testOutputDirectory}" overwrite="true"> + <fileset dir="${project.basedir}/src/test/resources/"> + <include name="test.policy" /> + </fileset> + <filterset> + <filter token="MAVEN_REPO" value="${localRepositoryURL}" /> + <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" /> + <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" /> + </filterset> + </copy> + </tasks> + </configuration> + <goals> + <goal>run</goal> + </goals> + </execution> </executions> + <dependencies> + <dependency> + <groupId>ant</groupId> + <artifactId>ant-optional</artifactId> + <version>1.5.3-1</version> + </dependency> + </dependencies> </plugin> </plugins> </build> Modified: ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/FieldInjectorImpl.java =================================================================== --- ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/FieldInjectorImpl.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/FieldInjectorImpl.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -18,6 +18,7 @@ */ package org.exoplatform.services.rest.impl; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; import org.exoplatform.services.rest.ApplicationContext; @@ -30,6 +31,7 @@ import java.lang.annotation.Annotation; import java.lang.reflect.Modifier; import java.lang.reflect.Type; +import java.security.PrivilegedAction; import java.util.List; import javax.ws.rs.DefaultValue; @@ -211,8 +213,18 @@ try { if (!Modifier.isPublic(jfield.getModifiers())) - jfield.setAccessible(true); + { + SecurityHelper.doPriviledgedAction(new PrivilegedAction<Void>() + { + public Void run() + { + jfield.setAccessible(true); + return null; + } + }); + } + jfield.set(resource, pr.resolve(this, context)); } catch (Throwable e) Modified: ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/RequestHandlerImpl.java =================================================================== --- ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/RequestHandlerImpl.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/RequestHandlerImpl.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -18,6 +18,9 @@ */ package org.exoplatform.services.rest.impl; +import org.exoplatform.commons.utils.PrivilegedFileHelper; +import org.exoplatform.commons.utils.PrivilegedSystemHelper; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.container.component.ComponentPlugin; import org.exoplatform.container.xml.InitParams; import org.exoplatform.container.xml.ValueParam; @@ -40,6 +43,7 @@ import java.io.File; import java.io.OutputStream; import java.io.PrintWriter; +import java.security.PrivilegedAction; import java.util.HashMap; import java.util.Iterator; import java.util.Map; @@ -48,8 +52,8 @@ import javax.ws.rs.WebApplicationException; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; +import javax.ws.rs.core.Response.ResponseBuilder; import javax.ws.rs.core.StreamingOutput; -import javax.ws.rs.core.Response.ResponseBuilder; import javax.ws.rs.ext.ExceptionMapper; /** @@ -343,7 +347,7 @@ String tmpDirName = properties.get(WS_RS_TMP_DIR); if (tmpDirName == null) { - tmpDir = new File(System.getProperty("java.io.tmpdir") + File.separator + "ws_jaxrs"); + tmpDir = new File(PrivilegedSystemHelper.getProperty("java.io.tmpdir") + File.separator + "ws_jaxrs"); properties.put(WS_RS_TMP_DIR, tmpDir.getPath()); } else @@ -351,23 +355,35 @@ tmpDir = new File(tmpDirName); } - if (!tmpDir.exists()) - tmpDir.mkdirs(); + if (!PrivilegedFileHelper.exists(tmpDir)) + { + PrivilegedFileHelper.mkdirs(tmpDir); + } // Register Shutdown Hook for cleaning temporary files. - Runtime.getRuntime().addShutdownHook(new Thread() + SecurityHelper.doPriviledgedAction(new PrivilegedAction<Void>() { - public void run() + public Void run() { - File[] files = tmpDir.listFiles(); - for (File file : files) + Runtime.getRuntime().addShutdownHook(new Thread() { - if (file.exists()) - file.delete(); - } + @Override + public void run() + { + File[] files = PrivilegedFileHelper.listFiles(tmpDir); + for (File file : files) + { + if (PrivilegedFileHelper.exists(file)) + { + PrivilegedFileHelper.delete(file); + } + } + } + }); + + return null; } }); - } /** Modified: ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/ResourceBinder.java =================================================================== --- ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/ResourceBinder.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/ResourceBinder.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -18,6 +18,7 @@ */ package org.exoplatform.services.rest.impl; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.container.ExoContainer; import org.exoplatform.container.ExoContainerContext; import org.exoplatform.services.log.ExoLogger; @@ -36,6 +37,7 @@ import org.exoplatform.services.rest.uri.UriPattern; import org.picocontainer.Startable; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Collections; import java.util.Comparator; @@ -204,7 +206,15 @@ // Initialize RuntimeDelegate instance // This is first component in life cycle what needs. // TODO better solution to initialize RuntimeDelegate - RuntimeDelegate.setInstance(new RuntimeDelegateImpl()); + SecurityHelper.doPriviledgedAction(new PrivilegedAction<Void>() + { + public Void run() + { + RuntimeDelegate.setInstance(new RuntimeDelegateImpl()); + return null; + } + }); + rd = RuntimeDelegate.getInstance(); container = containerContext.getContainer(); } Modified: ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/method/ParameterHelper.java =================================================================== --- ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/method/ParameterHelper.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/method/ParameterHelper.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -18,6 +18,7 @@ */ package org.exoplatform.services.rest.impl.method; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.rest.Property; import org.exoplatform.services.rest.method.TypeProducer; @@ -27,6 +28,7 @@ import java.lang.reflect.Modifier; import java.lang.reflect.ParameterizedType; import java.lang.reflect.Type; +import java.security.PrivilegedExceptionAction; import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; @@ -258,11 +260,18 @@ * 'valueOf' and single string argument * @return valueOf method or null if class has not it */ - static Method getStringValueOfMethod(Class<?> clazz) + static Method getStringValueOfMethod(final Class<?> clazz) { try { - Method method = clazz.getDeclaredMethod("valueOf", String.class); + Method method = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Method>() + { + public Method run() throws Exception + { + return clazz.getDeclaredMethod("valueOf", String.class); + } + }); + return Modifier.isStatic(method.getModifiers()) ? method : null; } catch (Exception e) Modified: ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/DOMSourceEntityProvider.java =================================================================== --- ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/DOMSourceEntityProvider.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/DOMSourceEntityProvider.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -18,6 +18,7 @@ */ package org.exoplatform.services.rest.impl.provider; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; import org.exoplatform.services.rest.provider.EntityProvider; @@ -30,6 +31,8 @@ import java.io.OutputStream; import java.lang.annotation.Annotation; import java.lang.reflect.Type; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import javax.ws.rs.Consumes; import javax.ws.rs.Produces; @@ -72,30 +75,56 @@ * {@inheritDoc} */ public DOMSource readFrom(Class<DOMSource> type, Type genericType, Annotation[] annotations, MediaType mediaType, - MultivaluedMap<String, String> httpHeaders, InputStream entityStream) throws IOException + MultivaluedMap<String, String> httpHeaders, final InputStream entityStream) throws IOException { try { - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); + final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); factory.setNamespaceAware(true); - Document d = factory.newDocumentBuilder().parse(entityStream); + + Document d = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Document>() + { + public Document run() throws Exception + { + return factory.newDocumentBuilder().parse(entityStream); + } + }); + return new DOMSource(d); } - catch (SAXParseException saxpe) + catch (PrivilegedActionException pae) { - // if can't read from stream (e.g. steam is empty) - if (LOG.isDebugEnabled()) - saxpe.printStackTrace(); - return null; + Throwable cause = pae.getCause(); + if (cause instanceof SAXParseException) + { + // if can't read from stream (e.g. steam is empty) + if (LOG.isDebugEnabled()) + { + cause.printStackTrace(); + } + return null; + } + else if (cause instanceof SAXException) + { + throw new IOException("Can't read from input stream " + cause); + } + else if (cause instanceof ParserConfigurationException) + { + throw new IOException("Can't read from input stream " + cause); + } + else if (cause instanceof IOException) + { + throw (IOException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } } - catch (SAXException saxe) - { - throw new IOException("Can't read from input stream " + saxe); - } - catch (ParserConfigurationException pce) - { - throw new IOException("Can't read from input stream " + pce); - } } /** Modified: ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/FileEntityProvider.java =================================================================== --- ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/FileEntityProvider.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/FileEntityProvider.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -18,11 +18,10 @@ */ package org.exoplatform.services.rest.impl.provider; +import org.exoplatform.commons.utils.PrivilegedFileHelper; import org.exoplatform.services.rest.provider.EntityProvider; import java.io.File; -import java.io.FileInputStream; -import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; @@ -55,8 +54,8 @@ public File readFrom(Class<File> type, Type genericType, Annotation[] annotations, MediaType mediaType, MultivaluedMap<String, String> httpHeaders, InputStream entityStream) throws IOException { - File f = File.createTempFile("ws_rs", "tmp"); - OutputStream out = new FileOutputStream(f); + File f = PrivilegedFileHelper.createTempFile("ws_rs", "tmp"); + OutputStream out = PrivilegedFileHelper.fileOutputStream(f); try { IOHelper.write(entityStream, out); @@ -90,7 +89,7 @@ public void writeTo(File t, Class<?> type, Type genericType, Annotation[] annotations, MediaType mediaType, MultivaluedMap<String, Object> httpHeaders, OutputStream entityStream) throws IOException { - InputStream in = new FileInputStream(t); + InputStream in = PrivilegedFileHelper.fileInputStream(t); try { IOHelper.write(in, entityStream); Modified: ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/JAXBContextResolver.java =================================================================== --- ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/JAXBContextResolver.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/JAXBContextResolver.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -18,11 +18,14 @@ */ package org.exoplatform.services.rest.impl.provider; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.container.component.ComponentPlugin; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; import org.exoplatform.services.rest.impl.header.MediaTypeHelper; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.Iterator; import java.util.concurrent.ConcurrentHashMap; @@ -73,12 +76,38 @@ * @return JAXBContext * @throws JAXBException if JAXBContext creation failed */ - public JAXBContext getJAXBContext(Class<?> clazz) throws JAXBException + public JAXBContext getJAXBContext(final Class<?> clazz) throws JAXBException { JAXBContext jaxbctx = jaxbContexts.get(clazz); if (jaxbctx == null) { - jaxbctx = JAXBContext.newInstance(clazz); + try + { + jaxbctx = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<JAXBContext>() + { + public JAXBContext run() throws Exception + { + return JAXBContext.newInstance(clazz); + } + }); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof JAXBException) + { + throw (JAXBException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } + jaxbContexts.put(clazz, jaxbctx); } return jaxbctx; @@ -92,9 +121,37 @@ * @throws JAXBException if JAXBContext for supplied classes can't be created * in any reasons */ - public JAXBContext createJAXBContext(Class<?> clazz) throws JAXBException + public JAXBContext createJAXBContext(final Class<?> clazz) throws JAXBException { - JAXBContext jaxbctx = JAXBContext.newInstance(clazz); + JAXBContext jaxbctx; + + try + { + jaxbctx = SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<JAXBContext>() + { + public JAXBContext run() throws Exception + { + return JAXBContext.newInstance(clazz); + } + }); + } + catch (PrivilegedActionException pae) + { + Throwable cause = pae.getCause(); + if (cause instanceof JAXBException) + { + throw (JAXBException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } + } + addJAXBContext(jaxbctx, clazz); return jaxbctx; } Modified: ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/JAXBElementEntityProvider.java =================================================================== --- ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/JAXBElementEntityProvider.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/JAXBElementEntityProvider.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -18,6 +18,7 @@ */ package org.exoplatform.services.rest.impl.provider; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; import org.exoplatform.services.rest.provider.EntityProvider; @@ -28,6 +29,8 @@ import java.lang.annotation.Annotation; import java.lang.reflect.ParameterizedType; import java.lang.reflect.Type; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import javax.ws.rs.Consumes; import javax.ws.rs.Produces; @@ -77,21 +80,51 @@ * {@inheritDoc} */ public JAXBElement<?> readFrom(Class<JAXBElement<?>> type, Type genericType, Annotation[] annotations, - MediaType mediaType, MultivaluedMap<String, String> httpHeaders, InputStream entityStream) throws IOException + MediaType mediaType, MultivaluedMap<String, String> httpHeaders, final InputStream entityStream) + throws IOException { ParameterizedType pt = (ParameterizedType)genericType; - Class<?> c = (Class<?>)pt.getActualTypeArguments()[0]; + final Class<?> c = (Class<?>)pt.getActualTypeArguments()[0]; try { - JAXBContext jaxbctx = getJAXBContext(c, mediaType); - return jaxbctx.createUnmarshaller().unmarshal(new StreamSource(entityStream), c); + final JAXBContext jaxbctx = getJAXBContext(c, mediaType); + + return SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<JAXBElement<?>>() + { + public JAXBElement<?> run() throws Exception + { + return jaxbctx.createUnmarshaller().unmarshal(new StreamSource(entityStream), c); + } + }); } - catch (UnmarshalException e) + catch (PrivilegedActionException pae) { - // if can't read from stream (e.g. steam is empty) - if (LOG.isDebugEnabled()) - e.printStackTrace(); - return null; + Throwable cause = pae.getCause(); + if (cause instanceof UnmarshalException) + { + // if can't read from stream (e.g. steam is empty) + if (LOG.isDebugEnabled()) + { + cause.printStackTrace(); + } + return null; + } + else if (cause instanceof JAXBException) + { + throw new IOException("Can't read from input stream " + cause); + } + else if (cause instanceof IllegalArgumentException) + { + throw (IllegalArgumentException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } } catch (JAXBException e) { Modified: ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/JAXBObjectEntityProvider.java =================================================================== --- ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/JAXBObjectEntityProvider.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/JAXBObjectEntityProvider.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -18,6 +18,7 @@ */ package org.exoplatform.services.rest.impl.provider; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; import org.exoplatform.services.rest.impl.header.MediaTypeHelper; @@ -28,6 +29,8 @@ import java.io.OutputStream; import java.lang.annotation.Annotation; import java.lang.reflect.Type; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import javax.ws.rs.Consumes; import javax.ws.rs.Produces; @@ -76,19 +79,48 @@ * {@inheritDoc} */ public Object readFrom(Class<Object> type, Type genericType, Annotation[] annotations, MediaType mediaType, - MultivaluedMap<String, String> httpHeaders, InputStream entityStream) throws IOException + MultivaluedMap<String, String> httpHeaders, final InputStream entityStream) throws IOException { try { - JAXBContext jaxbctx = getJAXBContext(type, mediaType); - return jaxbctx.createUnmarshaller().unmarshal(entityStream); + final JAXBContext jaxbctx = getJAXBContext(type, mediaType); + + return SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + return jaxbctx.createUnmarshaller().unmarshal(entityStream); + } + }); } - catch (UnmarshalException e) + catch (PrivilegedActionException pae) { - // if can't read from stream (e.g. steam is empty) - if (LOG.isDebugEnabled()) - e.printStackTrace(); - return null; + Throwable cause = pae.getCause(); + if (cause instanceof UnmarshalException) + { + // if can't read from stream (e.g. steam is empty) + if (LOG.isDebugEnabled()) + { + cause.printStackTrace(); + } + return null; + } + else if (cause instanceof JAXBException) + { + throw new IOException("Can't read from input stream " + cause); + } + else if (cause instanceof IllegalArgumentException) + { + throw (IllegalArgumentException)cause; + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } } catch (JAXBException e) { Modified: ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/MultipartFormDataEntityProvider.java =================================================================== --- ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/MultipartFormDataEntityProvider.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/MultipartFormDataEntityProvider.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -22,6 +22,7 @@ import org.apache.commons.fileupload.FileItem; import org.apache.commons.fileupload.FileUpload; import org.apache.commons.fileupload.FileUploadException; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.rest.ApplicationContext; import org.exoplatform.services.rest.RequestHandler; import org.exoplatform.services.rest.impl.ApplicationContextImpl; @@ -34,6 +35,8 @@ import java.lang.annotation.Annotation; import java.lang.reflect.ParameterizedType; import java.lang.reflect.Type; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.Iterator; import javax.servlet.http.HttpServletRequest; @@ -98,17 +101,36 @@ ApplicationContext context = ApplicationContextImpl.getCurrent(); int bufferSize = context.getProperties().get(RequestHandler.WS_RS_BUFFER_SIZE) == null - ? RequestHandler.WS_RS_BUFFER_SIZE_VALUE : Integer.parseInt((String)context.getProperties().get( + ? RequestHandler.WS_RS_BUFFER_SIZE_VALUE : Integer.parseInt(context.getProperties().get( RequestHandler.WS_RS_BUFFER_SIZE)); - File repo = new File((String)context.getProperties().get(RequestHandler.WS_RS_TMP_DIR)); + File repo = new File(context.getProperties().get(RequestHandler.WS_RS_TMP_DIR)); DefaultFileItemFactory factory = new DefaultFileItemFactory(bufferSize, repo); - FileUpload upload = new FileUpload(factory); - return upload.parseRequest(httpRequest).iterator(); + final FileUpload upload = new FileUpload(factory); + + return SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Iterator<FileItem>>() + { + public Iterator<FileItem> run() throws Exception + { + return upload.parseRequest(httpRequest).iterator(); + } + }); } - catch (FileUploadException e) + catch (PrivilegedActionException pae) { - throw new IOException("Can't process multipart data item " + e); + Throwable cause = pae.getCause(); + if (cause instanceof FileUploadException) + { + throw new IOException("Can't process multipart data item " + cause); + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } } } Modified: ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/SAXSourceEntityProvider.java =================================================================== --- ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/SAXSourceEntityProvider.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/provider/SAXSourceEntityProvider.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -18,6 +18,7 @@ */ package org.exoplatform.services.rest.impl.provider; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.rest.provider.EntityProvider; import org.xml.sax.InputSource; @@ -26,6 +27,8 @@ import java.io.OutputStream; import java.lang.annotation.Annotation; import java.lang.reflect.Type; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import javax.ws.rs.Consumes; import javax.ws.rs.Produces; @@ -85,25 +88,45 @@ /** * {@inheritDoc} */ - public void writeTo(SAXSource t, Class<?> type, Type genericType, Annotation[] annotations, MediaType mediaType, + public void writeTo(final SAXSource t, Class<?> type, Type genericType, Annotation[] annotations, + MediaType mediaType, MultivaluedMap<String, Object> httpHeaders, OutputStream entityStream) throws IOException { - StreamResult out = new StreamResult(entityStream); + final StreamResult out = new StreamResult(entityStream); try { - TransformerFactory.newInstance().newTransformer().transform(t, out); + SecurityHelper.doPriviledgedExceptionAction(new PrivilegedExceptionAction<Void>() + { + public Void run() throws Exception + { + TransformerFactory.newInstance().newTransformer().transform(t, out); + return null; + } + }); } - catch (TransformerConfigurationException e) + catch (PrivilegedActionException pae) { - throw new IOException("Can't write to output stream " + e); + Throwable cause = pae.getCause(); + if (cause instanceof TransformerConfigurationException) + { + throw new IOException("Can't write to output stream " + cause); + } + else if (cause instanceof TransformerException) + { + throw new IOException("Can't write to output stream " + cause); + } + else if (cause instanceof TransformerFactoryConfigurationError) + { + throw new IOException("Can't write to output stream " + cause); + } + else if (cause instanceof RuntimeException) + { + throw (RuntimeException)cause; + } + else + { + throw new RuntimeException(cause); + } } - catch (TransformerException e) - { - throw new IOException("Can't write to output stream " + e); - } - catch (TransformerFactoryConfigurationError e) - { - throw new IOException("Can't write to output stream " + e); - } } } Modified: ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/resource/AbstractResourceDescriptorImpl.java =================================================================== --- ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/resource/AbstractResourceDescriptorImpl.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.core/src/main/java/org/exoplatform/services/rest/impl/resource/AbstractResourceDescriptorImpl.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -18,6 +18,7 @@ */ package org.exoplatform.services.rest.impl.resource; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.log.ExoLogger; import org.exoplatform.services.log.Log; import org.exoplatform.services.rest.ComponentLifecycleScope; @@ -49,6 +50,7 @@ import java.lang.reflect.Method; import java.lang.reflect.Modifier; import java.lang.reflect.Type; +import java.security.PrivilegedAction; import java.util.ArrayList; import java.util.Collections; import java.util.Iterator; @@ -185,7 +187,7 @@ * @param scope resource scope * @see ComponentLifecycleScope */ - private AbstractResourceDescriptorImpl(Path path, Class<?> resourceClass, ComponentLifecycleScope scope, + private AbstractResourceDescriptorImpl(Path path, final Class<?> resourceClass, ComponentLifecycleScope scope, MethodInvokerFactory invokerFactory) { if (path != null) @@ -219,8 +221,18 @@ { Collections.sort(constructors, ConstructorDescriptorImpl.CONSTRUCTOR_COMPARATOR); } + // process field - for (java.lang.reflect.Field jfield : resourceClass.getDeclaredFields()) + java.lang.reflect.Field[] jfields = + SecurityHelper.doPriviledgedAction(new PrivilegedAction<java.lang.reflect.Field[]>() + { + public java.lang.reflect.Field[] run() + { + return resourceClass.getDeclaredFields(); + } + }); + + for (java.lang.reflect.Field jfield : jfields) { fields.add(new FieldInjectorImpl(resourceClass, jfield)); } @@ -363,10 +375,19 @@ */ protected void processMethods() { - Class<?> resourceClass = getObjectClass(); + final Class<?> resourceClass = getObjectClass(); - for (Method method : resourceClass.getDeclaredMethods()) + Method[] methods = SecurityHelper.doPriviledgedAction(new PrivilegedAction<Method[]>() { + public Method[] run() + { + return resourceClass.getDeclaredMethods(); + } + }); + + + for (Method method : methods) + { for (Annotation a : method.getAnnotations()) { Class<?> ac = a.annotationType(); Added: ws/trunk/exo.ws.rest.core/src/test/resources/test.policy =================================================================== --- ws/trunk/exo.ws.rest.core/src/test/resources/test.policy (rev 0) +++ ws/trunk/exo.ws.rest.core/src/test/resources/test.policy 2010-11-09 14:01:31 UTC (rev 3413) @@ -0,0 +1,18 @@ +grant codeBase "@MAVEN_REPO@-"{ + permission java.security.AllPermission; +}; + +grant codeBase "@MAIN_CLASSES@-"{ + permission java.security.AllPermission; +}; + +grant codeBase "@TEST_CLASSES@-"{ +}; + +grant codeBase "@MAIN_CLASSES@../../../exo.ws.frameworks.json/-"{ + permission java.security.AllPermission; +}; + +grant codeBase "@MAIN_CLASSES@../../../exo.ws.testframework/-"{ + permission java.security.AllPermission; +}; Modified: ws/trunk/exo.ws.rest.ext/pom.xml =================================================================== --- ws/trunk/exo.ws.rest.ext/pom.xml 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.ext/pom.xml 2010-11-09 14:01:31 UTC (rev 3413) @@ -41,6 +41,11 @@ <groupId>org.exoplatform.kernel</groupId> <artifactId>exo.kernel.commons</artifactId> </dependency> + <dependency> + <groupId>org.exoplatform.kernel</groupId> + <artifactId>exo.kernel.commons.test</artifactId> + <scope>test</scope> + </dependency> <dependency> <groupId>org.exoplatform.core</groupId> <artifactId>exo.core.component.xml-processing</artifactId> @@ -102,43 +107,46 @@ <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-surefire-plugin</artifactId> <configuration> - <argLine>-Djava.security.manager=default -Djava.security.policy=${project.build.directory}/test-classes/test.policy -Djava.security.debug=denied</argLine> + <argLine>${env.MAVEN_OPTS} -Djava.security.manager=org.exoplatform.commons.test.TestSecurityManager -Djava.security.policy=${project.build.directory}/test-classes/test.policy</argLine> </configuration> </plugin> - <plugin> - <groupId>org.apache.maven.plugins</groupId> - <artifactId>maven-antrun-plugin</artifactId> - <executions> - <execution> - <id>prepare-test-policy</id> - <phase>process-test-resources</phase> - <goals> - <goal>run</goal> - </goals> - <configuration> - <tasks> - <echo>***** Creating Access Policy for tests *****</echo> - <makeurl file="${settings.localRepository}" property="localRepositoryURL" /> - <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" /> - <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" /> - <makeurl file="${project.build.directory}/../../" property="parentDirectoryURL" /> -<!-- <echo>***** ${parentDirectory}</echo>--> - <copy todir="${project.build.testOutputDirectory}" overwrite="true"> - <fileset dir="${project.basedir}/src/test/resources/"> - <include name="test.policy" /> - </fileset> - <filterset> - <filter token="MAVEN_REPO" value="${localRepositoryURL}" /> - <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" /> - <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" /> - <filter token="PARENT" value="${parentDirectoryURL}" /> - </filterset> - </copy> - </tasks> - </configuration> - </execution> - </executions> - </plugin> + <plugin> + <artifactId>maven-antrun-plugin</artifactId> + <executions> + <execution> + <id>prepare-test-policy</id> + <phase>process-test-resources</phase> + <configuration> + <tasks> + <echo>Creating Access Policy for tests</echo> + <makeurl file="${settings.localRepository}" property="localRepositoryURL" /> + <makeurl file="${project.build.outputDirectory}" property="outputDirectoryURL" /> + <makeurl file="${project.build.testOutputDirectory}" property="testOutputDirectoryURL" /> + <copy todir="${project.build.testOutputDirectory}" overwrite="true"> + <fileset dir="${project.basedir}/src/test/resources/"> + <include name="test.policy" /> + </fileset> + <filterset> + <filter token="MAVEN_REPO" value="${localRepositoryURL}" /> + <filter token="MAIN_CLASSES" value="${outputDirectoryURL}" /> + <filter token="TEST_CLASSES" value="${testOutputDirectoryURL}" /> + </filterset> + </copy> + </tasks> + </configuration> + <goals> + <goal>run</goal> + </goals> + </execution> + </executions> + <dependencies> + <dependency> + <groupId>ant</groupId> + <artifactId>ant-optional</artifactId> + <version>1.5.3-1</version> + </dependency> + </dependencies> + </plugin> </plugins> </build> </project> Modified: ws/trunk/exo.ws.rest.ext/src/main/java/org/exoplatform/services/rest/ext/groovy/GroovyJaxrsPublisher.java =================================================================== --- ws/trunk/exo.ws.rest.ext/src/main/java/org/exoplatform/services/rest/ext/groovy/GroovyJaxrsPublisher.java 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.ext/src/main/java/org/exoplatform/services/rest/ext/groovy/GroovyJaxrsPublisher.java 2010-11-09 14:01:31 UTC (rev 3413) @@ -22,6 +22,7 @@ import groovy.lang.GroovyClassLoader; import groovy.lang.GroovyCodeSource; +import org.exoplatform.commons.utils.SecurityHelper; import org.exoplatform.services.rest.ObjectFactory; import org.exoplatform.services.rest.PerRequestObjectFactory; import org.exoplatform.services.rest.impl.ResourceBinder; @@ -34,6 +35,7 @@ import java.io.InputStream; import java.nio.charset.Charset; import java.nio.charset.UnsupportedCharsetException; +import java.security.PrivilegedAction; import java.util.Collections; import java.util.HashMap; import java.util.List; @@ -78,8 +80,14 @@ { this.binder = binder; this.instantiator = instantiator; - ClassLoader cl = getClass().getClassLoader(); - this.gcl = new GroovyClassLoader(cl); + final ClassLoader cl = getClass().getClassLoader(); + this.gcl = SecurityHelper.doPriviledgedAction(new PrivilegedAction<GroovyClassLoader>() + { + public GroovyClassLoader run() + { + return new GroovyClassLoader(cl); + } + }); } /** @@ -140,9 +148,17 @@ * @throws ResourcePublicationException see * {@link ResourceBinder#addResource(Class, MultivaluedMap)} */ - public void publishPerRequest(InputStream in, ResourceId resourceId, MultivaluedMap<String, String> properties) + public void publishPerRequest(final InputStream in, final ResourceId resourceId, + MultivaluedMap<String, String> properties) { - Class<?> rc = gcl.parseClass(createCodeSource(in, resourceId.getId())); + Class<?> rc = SecurityHelper.doPriviledgedAction(new PrivilegedAction<Class<?>>() + { + public Class<?> run() + { + return gcl.parseClass(createCodeSource(in, resourceId.getId())); + } + }); + binder.addResource(rc, properties); resources.put(resourceId, rc.getAnnotation(Path.class).value()); } @@ -299,9 +315,16 @@ * @param name code source name * @return GroovyCodeSource */ - protected GroovyCodeSource createCodeSource(InputStream in, String name) + protected GroovyCodeSource createCodeSource(final InputStream in, final String name) { - GroovyCodeSource gcs = new GroovyCodeSource(in, name, "/groovy/script/jaxrs"); + GroovyCodeSource gcs = SecurityHelper.doPriviledgedAction(new PrivilegedAction<GroovyCodeSource>() + { + public GroovyCodeSource run() + { + return new GroovyCodeSource(in, name, "/groovy/script/jaxrs"); + } + }); + gcs.setCachable(false); return gcs; } Modified: ws/trunk/exo.ws.rest.ext/src/test/resources/test.policy =================================================================== --- ws/trunk/exo.ws.rest.ext/src/test/resources/test.policy 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/exo.ws.rest.ext/src/test/resources/test.policy 2010-11-09 14:01:31 UTC (rev 3413) @@ -7,13 +7,20 @@ }; grant codeBase "@TEST_CLASSES@-" { +}; + +grant codeBase "@MAIN_CLASSES@../../../exo.ws.commons/-"{ permission java.security.AllPermission; }; -grant codeBase "@PARENT@-" { + +grant codeBase "@MAIN_CLASSES@../../../exo.ws.rest.core/-"{ permission java.security.AllPermission; }; +grant codeBase "@MAIN_CLASSES@../../../exo.ws.testframework/-"{ + permission java.security.AllPermission; +}; + grant codeBase "file:/groovy/script" { -// be sure only /groovy/script/jaxrs is restricted permission java.security.AllPermission; }; Modified: ws/trunk/pom.xml =================================================================== --- ws/trunk/pom.xml 2010-11-09 13:55:08 UTC (rev 3412) +++ ws/trunk/pom.xml 2010-11-09 14:01:31 UTC (rev 3413) @@ -77,6 +77,11 @@ <version>${org.exoplatform.kernel.version}</version> </dependency> <dependency> + <groupId>org.exoplatform.kernel</groupId> + <artifactId>exo.kernel.commons.test</artifactId> + <version>${org.exoplatform.kernel.version}</version> + </dependency> + <dependency> <groupId>org.exoplatform.core</groupId> <artifactId>exo.core.component.xml-processing</artifactId> <version>${org.exoplatform.core.version}</version>