JBossWS SVN: r8962 - in stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata: jaxrpcmapping and 2 other directories.
by jbossws-commits@lists.jboss.org
Author: alessio.soldano(a)jboss.com
Date: 2009-01-05 13:44:31 -0500 (Mon, 05 Jan 2009)
New Revision: 8962
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/builder/jaxws/JAXWSMetaDataBuilder.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/jaxrpcmapping/JavaXmlTypeMapping.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/ParameterMetaData.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsdl/WSDLDefinitions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsdl/WSDLUtils.java
Log:
[JBWS-2404] Efficient string handling
Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/builder/jaxws/JAXWSMetaDataBuilder.java
===================================================================
--- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/builder/jaxws/JAXWSMetaDataBuilder.java 2009-01-05 16:20:01 UTC (rev 8961)
+++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/builder/jaxws/JAXWSMetaDataBuilder.java 2009-01-05 18:44:31 UTC (rev 8962)
@@ -227,9 +227,9 @@
String resourcePath = packagePath + "/" + filepath;
while (filepath.startsWith("../"))
{
- packagePath = packagePath.substring(0, packagePath.lastIndexOf("/"));
+ packagePath = packagePath.substring(0, packagePath.lastIndexOf('/'));
filepath = filepath.substring(3);
- resourcePath = packagePath + "/" + filepath;
+ resourcePath = packagePath + '/' + filepath;
}
fileURL = wsClass.getClassLoader().getResource(resourcePath);
}
Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/jaxrpcmapping/JavaXmlTypeMapping.java
===================================================================
--- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/jaxrpcmapping/JavaXmlTypeMapping.java 2009-01-05 16:20:01 UTC (rev 8961)
+++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/jaxrpcmapping/JavaXmlTypeMapping.java 2009-01-05 18:44:31 UTC (rev 8962)
@@ -126,21 +126,21 @@
public String serialize()
{
- StringBuffer sb = new StringBuffer();
+ StringBuffer sb = new StringBuffer(100);
sb.append("<java-xml-type-mapping>");
sb.append("<java-type>").append(javaType).append("</java-type>");
if (rootTypeQName != null)
{
sb.append("<root-type-qname xmlns:typeNS='").append(rootTypeQName.getNamespaceURI()).append("'>");
- sb.append(rootTypeQName.getPrefix()).append(":").append(rootTypeQName.getLocalPart());
+ sb.append(rootTypeQName.getPrefix()).append(':').append(rootTypeQName.getLocalPart());
sb.append("</root-type-qname>");
}
if (anonymousTypeQName != null)
{
sb.append("<anonymous-type-qname xmlns:typeNS='").append(anonymousTypeQName.getNamespaceURI()).append("'>");
- sb.append(anonymousTypeQName.getPrefix()).append(":").append(anonymousTypeQName.getLocalPart());
+ sb.append(anonymousTypeQName.getPrefix()).append(':').append(anonymousTypeQName.getLocalPart());
sb.append("</anonymous-type-qname>");
}
Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/ParameterMetaData.java
===================================================================
--- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/ParameterMetaData.java 2009-01-05 16:20:01 UTC (rev 8961)
+++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/ParameterMetaData.java 2009-01-05 18:44:31 UTC (rev 8962)
@@ -563,32 +563,32 @@
{
boolean isReturn = (opMetaData.getReturnParameter() == this);
StringBuilder buffer = new StringBuilder("\n" + (isReturn ? "ReturnMetaData:" : "ParameterMetaData:"));
- buffer.append("\n xmlName=" + getXmlName());
- buffer.append("\n partName=" + getPartName());
- buffer.append("\n xmlType=" + getXmlType());
+ buffer.append("\n xmlName=").append(getXmlName());
+ buffer.append("\n partName=").append(getPartName());
+ buffer.append("\n xmlType=").append(getXmlType());
if (soapArrayParam)
- buffer.append("\n soapArrayCompType=" + soapArrayCompType);
+ buffer.append("\n soapArrayCompType=").append(soapArrayCompType);
- buffer.append("\n javaType=" + getJavaTypeName());
- buffer.append("\n mode=" + getMode());
- buffer.append("\n inHeader=" + isInHeader());
- buffer.append("\n index=" + index);
+ buffer.append("\n javaType=").append(getJavaTypeName());
+ buffer.append("\n mode=").append(getMode());
+ buffer.append("\n inHeader=").append(isInHeader());
+ buffer.append("\n index=").append(index);
if (isSwA())
{
- buffer.append("\n isSwA=" + isSwA());
- buffer.append("\n mimeTypes=" + getMimeTypes());
+ buffer.append("\n isSwA=").append(isSwA());
+ buffer.append("\n mimeTypes=").append(getMimeTypes());
}
if (isXOP())
{
- buffer.append("\n isXOP=" + isXOP());
- buffer.append("\n mimeTypes=" + getMimeTypes());
+ buffer.append("\n isXOP=").append(isXOP());
+ buffer.append("\n mimeTypes=").append(getMimeTypes());
}
if (wrappedParameters != null)
- buffer.append("\n wrappedParameters=" + wrappedParameters);
+ buffer.append("\n wrappedParameters=").append(wrappedParameters);
return buffer.toString();
}
Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsdl/WSDLDefinitions.java
===================================================================
--- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsdl/WSDLDefinitions.java 2009-01-05 16:20:01 UTC (rev 8961)
+++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsdl/WSDLDefinitions.java 2009-01-05 18:44:31 UTC (rev 8962)
@@ -113,10 +113,10 @@
public String registerNamespaceURI(String nsURI, String prefix)
{
String pre = namespaces.getPrefix(nsURI);
- if (pre == null || pre == "")
+ if (pre == null || 0 == pre.length())
{
pre = namespaces.registerURI(nsURI, prefix);
- log.trace("registerNamespaceURI: " + pre + "=" + nsURI);
+ log.trace("registerNamespaceURI: " + pre + '=' + nsURI);
}
return pre;
}
Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsdl/WSDLUtils.java
===================================================================
--- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsdl/WSDLUtils.java 2009-01-05 16:20:01 UTC (rev 8961)
+++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/wsdl/WSDLUtils.java 2009-01-05 18:44:31 UTC (rev 8962)
@@ -442,15 +442,15 @@
*/
public String firstLetterUpperCase(String fname)
{
- if (fname == "" || fname == null)
+ if (fname == null || fname.length() == 0)
throw new WSException("String passed is null");
//Ensure that the first character is uppercase
- if (Character.isLowerCase(fname.charAt(0)))
+ final char firstChar = fname.charAt(0);
+ if (Character.isLowerCase(firstChar))
{
- char[] chars = fname.toCharArray();
- char f = Character.toUpperCase(chars[0]);
- chars[0] = f;
- fname = new String(chars);
+ final StringBuilder sb = new StringBuilder(fname);
+ sb.setCharAt(0, Character.toUpperCase(firstChar));
+ fname = sb.toString();
}
return fname;
}
@@ -546,7 +546,7 @@
*/
public static String getJustClassName(String classname)
{
- int index = classname.lastIndexOf(".");
+ int index = classname.lastIndexOf('.');
if (index < 0)
index = 0;
else index = index + 1;
@@ -645,9 +645,9 @@
StringBuilder sb = new StringBuilder();
String prefix = qn.getPrefix();
String localpart = qn.getLocalPart();
- if (prefix == null || prefix == "")
+ if (prefix == null || prefix.length() == 0)
prefix = Constants.PREFIX_TNS;
- sb.append(prefix + ":");
+ sb.append(prefix).append(':');
sb.append(localpart);
return sb.toString();
@@ -661,7 +661,7 @@
public QName getQName(String formattedStr)
{
QName qn = null;
- int ind = formattedStr.lastIndexOf(":");
+ int ind = formattedStr.lastIndexOf(':');
if (ind < 0)
throw new IllegalArgumentException("Formatted String is not of format prefix:localpart");
String prefix = formattedStr.substring(0, ind);
@@ -722,12 +722,12 @@
while (!stk.isEmpty() && (next = stk.pop()) != null)
{
if (sb.toString().equals("http://") == false)
- sb.append(".");
+ sb.append('.');
sb.append(next);
}
// trailing slash
- sb.append("/");
+ sb.append('/');
return sb.toString();
}
15 years, 11 months
JBossWS SVN: r8961 - in stack/native/branches/dlofthouse/JBWS-1999/modules/core: src/main/java/org/jboss/ws/extensions/security and 1 other directories.
by jbossws-commits@lists.jboss.org
Author: darran.lofthouse(a)jboss.com
Date: 2009-01-05 11:20:01 -0500 (Mon, 05 Jan 2009)
New Revision: 8961
Added:
stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java
Modified:
stack/native/branches/dlofthouse/JBWS-1999/modules/core/pom.xml
stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java
stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
Log:
Current implementation so far.
Modified: stack/native/branches/dlofthouse/JBWS-1999/modules/core/pom.xml
===================================================================
--- stack/native/branches/dlofthouse/JBWS-1999/modules/core/pom.xml 2009-01-05 12:39:16 UTC (rev 8960)
+++ stack/native/branches/dlofthouse/JBWS-1999/modules/core/pom.xml 2009-01-05 16:20:01 UTC (rev 8961)
@@ -82,6 +82,12 @@
<version>${jboss.jbosssx.version}</version>
</dependency>
<dependency>
+ <groupId>org.jboss.security</groupId>
+ <artifactId>jboss-security-spi</artifactId>
+ <scope>provided</scope>
+ <version>${jboss.jbosssx.version}</version>
+ </dependency>
+ <dependency>
<groupId>org.jboss</groupId>
<artifactId>jbossxb</artifactId>
<scope>provided</scope>
Modified: stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java
===================================================================
--- stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2009-01-05 12:39:16 UTC (rev 8960)
+++ stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityDecoder.java 2009-01-05 16:20:01 UTC (rev 8961)
@@ -35,6 +35,7 @@
import org.jboss.ws.extensions.security.element.UsernameToken;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
import org.jboss.ws.extensions.security.nonce.NonceFactory;
+import org.jboss.ws.extensions.security.operation.AuthorizeOperation;
import org.jboss.ws.extensions.security.operation.DecryptionOperation;
import org.jboss.ws.extensions.security.operation.ReceiveUsernameOperation;
import org.jboss.ws.extensions.security.operation.ReceiveX509Certificate;
@@ -44,6 +45,7 @@
import org.jboss.ws.extensions.security.operation.SignatureVerificationOperation;
import org.jboss.ws.extensions.security.operation.TimestampVerificationOperation;
import org.jboss.ws.metadata.wsse.Authenticate;
+import org.jboss.ws.metadata.wsse.Authorize;
import org.jboss.ws.metadata.wsse.TimestampVerification;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -68,18 +70,21 @@
private TimestampVerification timestampVerification;
private Authenticate authenticate;
+
+ private Authorize authorize;
private HashSet<String> signedIds = new HashSet<String>();
private HashSet<String> encryptedIds = new HashSet<String>();
- public SecurityDecoder(SecurityStore store, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate)
+ public SecurityDecoder(SecurityStore store, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate, Authorize authorize)
{
org.apache.xml.security.Init.init();
this.store = store;
this.nonceFactory = nonceFactory;
this.timestampVerification = timestampVerification;
this.authenticate = authenticate;
+ this.authorize = authorize;
}
/**
@@ -89,9 +94,9 @@
* @param SecurityStore the security store that contains key and trust information
* @param now The timestamp to use as the current time when validating a message expiration
*/
- public SecurityDecoder(SecurityStore store, Calendar now, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate)
+ public SecurityDecoder(SecurityStore store, Calendar now, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate, Authorize authorize)
{
- this(store, nonceFactory, timestampVerification, authenticate);
+ this(store, nonceFactory, timestampVerification, authenticate, authorize);
this.now = now;
}
@@ -157,6 +162,11 @@
}
}
+ if (authorize != null)
+ {
+ AuthorizeOperation authorizeOp = new AuthorizeOperation(authorize);
+ authorizeOp.process();
+ }
}
Modified: stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java
===================================================================
--- stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2009-01-05 12:39:16 UTC (rev 8960)
+++ stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/WSSecurityDispatcher.java 2009-01-05 16:20:01 UTC (rev 8961)
@@ -50,6 +50,8 @@
import org.jboss.ws.extensions.security.operation.TimestampOperation;
import org.jboss.ws.metadata.umdm.EndpointMetaData;
import org.jboss.ws.metadata.umdm.OperationMetaData;
+import org.jboss.ws.metadata.wsse.Authenticate;
+import org.jboss.ws.metadata.wsse.Authorize;
import org.jboss.ws.metadata.wsse.Config;
import org.jboss.ws.metadata.wsse.Encrypt;
import org.jboss.ws.metadata.wsse.Operation;
@@ -98,8 +100,17 @@
SecurityStore securityStore = new SecurityStore(configuration.getKeyStoreURL(), configuration.getKeyStoreType(), configuration.getKeyStorePassword(),
configuration.getKeyPasswords(), configuration.getTrustStoreURL(), configuration.getTrustStoreType(), configuration.getTrustStorePassword());
NonceFactory factory = Util.loadFactory(NonceFactory.class, configuration.getNonceFactory(), DefaultNonceFactory.class);
- SecurityDecoder decoder = new SecurityDecoder(securityStore, factory, configuration.getTimestampVerification(), config == null ? null : config.getAuthenticate());
+
+ Authenticate authenticate = null;
+ Authorize authorize = null;
+ if (config != null)
+ {
+ authenticate = config.getAuthenticate();
+ authorize = config.getAuthorize();
+ }
+ SecurityDecoder decoder = new SecurityDecoder(securityStore, factory, configuration.getTimestampVerification(), authenticate, authorize);
+
decoder.decode(message.getSOAPPart(), secHeaderElement);
if (log.isTraceEnabled())
Added: stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java
===================================================================
--- stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java (rev 0)
+++ stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java 2009-01-05 16:20:01 UTC (rev 8961)
@@ -0,0 +1,81 @@
+/*
+* JBoss, Home of Professional Open Source.
+* Copyright 2008, Red Hat Middleware LLC, and individual contributors
+* as indicated by the @author tags. See the copyright.txt file in the
+* distribution for a full listing of individual contributors.
+*
+* This is free software; you can redistribute it and/or modify it
+* under the terms of the GNU Lesser General Public License as
+* published by the Free Software Foundation; either version 2.1 of
+* the License, or (at your option) any later version.
+*
+* This software is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+* Lesser General Public License for more details.
+*
+* You should have received a copy of the GNU Lesser General Public
+* License along with this software; if not, write to the Free
+* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+*/
+package org.jboss.ws.extensions.security.operation;
+
+import javax.naming.Context;
+import javax.naming.InitialContext;
+import javax.naming.NamingException;
+
+import org.jboss.logging.Logger;
+import org.jboss.security.AuthenticationManager;
+import org.jboss.security.RealmMapping;
+import org.jboss.ws.WSException;
+import org.jboss.ws.metadata.wsse.Authorize;
+
+/**
+ * Operation to authenticate and check the authorisation of the
+ * current user.
+ *
+ * @author <a href="mailto:darran.lofthouse@jboss.com">Darran Lofthouse</a>
+ * @since December 23rd 2008
+ */
+public class AuthorizeOperation
+{
+
+ private static final Logger log = Logger.getLogger(AuthorizeOperation.class);
+
+ private Authorize authorize;
+
+ private AuthenticationManager am;
+
+ private RealmMapping rm;
+
+ public AuthorizeOperation(Authorize authorize)
+ {
+ this.authorize = authorize;
+
+ try
+ {
+ Context ctx = new InitialContext();
+ Object obj = ctx.lookup("java:comp/env/security/securityMgr");
+ am = (AuthenticationManager)obj;
+ rm = (RealmMapping)am;
+ }
+ catch (NamingException ne)
+ {
+ throw new WSException("Unable to lookup AuthenticationManager", ne);
+ }
+
+ }
+
+ public void process()
+ {
+ log.trace("About to check authorization, using security domain '" + am.getSecurityDomain() + "'");
+ // Step 1 - Authenticate using currently associated principals.
+
+ // Step 2 - If unchecked all ok so return.
+
+ // Step 3 - If roles specified check user in role.
+
+ }
+
+}
Property changes on: stack/native/branches/dlofthouse/JBWS-1999/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/AuthorizeOperation.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
15 years, 11 months
JBossWS SVN: r8960 - in stack/native/trunk/modules/testsuite/native-tests: src/test/java/org/jboss/test/ws/jaxws and 1 other directories.
by jbossws-commits@lists.jboss.org
Author: mageshbk(a)jboss.com
Date: 2009-01-05 07:39:16 -0500 (Mon, 05 Jan 2009)
New Revision: 8960
Added:
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/Hello.java
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/HelloJavaBean.java
stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/JBWS2437TestCase.java
Modified:
stack/native/trunk/modules/testsuite/native-tests/scripts/build-jars-jaxws.xml
Log:
[JBWS-2437] WSDL access url with resource suffix allows any arbitrary xml file to be viewed - Added testcase
Modified: stack/native/trunk/modules/testsuite/native-tests/scripts/build-jars-jaxws.xml
===================================================================
--- stack/native/trunk/modules/testsuite/native-tests/scripts/build-jars-jaxws.xml 2009-01-05 12:37:16 UTC (rev 8959)
+++ stack/native/trunk/modules/testsuite/native-tests/scripts/build-jars-jaxws.xml 2009-01-05 12:39:16 UTC (rev 8960)
@@ -413,7 +413,15 @@
<include name="jboss-web.xml"/>
</webinf>
</war>
-
+
+ <!-- jaxws-jbws2437 -->
+ <jar destfile="${tests.output.dir}/test-libs/jaxws-jbws2437.jar">
+ <fileset dir="${tests.output.dir}/test-classes">
+ <include name="org/jboss/test/ws/jaxws/jbws2437/*.class"/>
+ <exclude name="org/jboss/test/ws/jaxws/jbws2437/*TestCase.class"/>
+ </fileset>
+ </jar>
+
<!-- jaxws-webserviceref -->
<war warfile="${tests.output.dir}/test-libs/jaxws-webserviceref.war" webxml="${tests.output.dir}/test-resources/jaxws/webserviceref/WEB-INF/web.xml">
<classes dir="${tests.output.dir}/test-classes">
Added: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/Hello.java
===================================================================
--- stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/Hello.java (rev 0)
+++ stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/Hello.java 2009-01-05 12:39:16 UTC (rev 8960)
@@ -0,0 +1,31 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.jbws2437;
+
+import javax.jws.WebService;
+
+@WebService(name = "Hello", serviceName = "HelloService", targetNamespace = "http://org.jboss.ws/jaxws/jbws2437")
+public interface Hello
+{
+
+ public String echo(String in0);
+}
Property changes on: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/Hello.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/HelloJavaBean.java
===================================================================
--- stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/HelloJavaBean.java (rev 0)
+++ stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/HelloJavaBean.java 2009-01-05 12:39:16 UTC (rev 8960)
@@ -0,0 +1,47 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.jbws2437;
+
+import javax.ejb.Stateless;
+import javax.jws.WebMethod;
+import javax.jws.WebParam;
+import javax.jws.WebService;
+import javax.jws.soap.SOAPBinding;
+
+import org.jboss.logging.Logger;
+import org.jboss.wsf.spi.annotation.WebContext;
+
+@Stateless
+@WebService(name = "Hello", serviceName = "HelloService", targetNamespace = "http://org.jboss.ws/jaxws/jbws2437")
+@SOAPBinding(style = SOAPBinding.Style.RPC)
+@WebContext(contextRoot="jaxws-jbws2437", urlPattern="/*")
+public class HelloJavaBean implements Hello
+{
+ private Logger log = Logger.getLogger(HelloJavaBean.class);
+
+ @WebMethod
+ public String echo(@WebParam(name = "user") String in0)
+ {
+ log.info(in0);
+ return in0;
+ }
+}
Property changes on: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/HelloJavaBean.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/JBWS2437TestCase.java
===================================================================
--- stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/JBWS2437TestCase.java (rev 0)
+++ stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/JBWS2437TestCase.java 2009-01-05 12:39:16 UTC (rev 8960)
@@ -0,0 +1,69 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.ws.jaxws.jbws2437;
+
+import java.io.InputStream;
+import java.net.HttpURLConnection;
+import java.net.URL;
+
+import junit.framework.Test;
+
+import org.jboss.wsf.test.JBossWSTest;
+import org.jboss.wsf.test.JBossWSTestSetup;
+
+
+/**
+ * Disallow access to directories other than "data/wsdl"
+ *
+ * http://jira.jboss.org/jira/browse/JBWS-2437
+ *
+ * @author mageshbk(a)jboss.com
+ * @since 04-Jan-2009
+ */
+public class JBWS2437TestCase extends JBossWSTest
+{
+ public final String WSDL_LOCATION = "http://" + getServerHost() + ":8080/jaxws-jbws2437?wsdl";
+ public final String WSDL_RESOURCE = "&resource=../../ejb-deployer.xml";
+
+ public static Test suite() throws Exception
+ {
+ return new JBossWSTestSetup(JBWS2437TestCase.class, "jaxws-jbws2437.jar");
+ }
+
+ public void testWSDLAccess() throws Exception
+ {
+ HttpURLConnection connection = (HttpURLConnection)new URL(WSDL_LOCATION).openConnection();
+ InputStream in = connection.getInputStream();
+ int fileSize = in.available();
+ in.close();
+ assertTrue("WSDL cannot be accessed", fileSize > 0);
+ }
+
+ public void testOtherFileAccess() throws Exception
+ {
+ HttpURLConnection connection = (HttpURLConnection)new URL(WSDL_LOCATION + WSDL_RESOURCE).openConnection();
+ InputStream in = connection.getInputStream();
+ int fileSize = in.available();
+ in.close();
+ assertTrue("Unrestricted access to xml files found", fileSize == 0);
+ }
+}
Property changes on: stack/native/trunk/modules/testsuite/native-tests/src/test/java/org/jboss/test/ws/jaxws/jbws2437/JBWS2437TestCase.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
15 years, 11 months
JBossWS SVN: r8959 - stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/server.
by jbossws-commits@lists.jboss.org
Author: mageshbk(a)jboss.com
Date: 2009-01-05 07:37:16 -0500 (Mon, 05 Jan 2009)
New Revision: 8959
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/server/WSDLRequestHandler.java
Log:
[JBWS-2437] WSDL access url with resource suffix allows any arbitrary xml file to be viewed
Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/server/WSDLRequestHandler.java
===================================================================
--- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/server/WSDLRequestHandler.java 2008-12-23 16:04:54 UTC (rev 8958)
+++ stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/server/WSDLRequestHandler.java 2009-01-05 12:37:16 UTC (rev 8959)
@@ -85,11 +85,22 @@
// get some imported resource
else
{
- String impResourcePath = new File(wsdlLocation.getPath()).getParent() + File.separatorChar + resPath;
+ File wsdlLocFile = new File(wsdlLocation.getPath());
+ String impResourcePath = wsdlLocFile.getParent() + File.separatorChar + resPath;
File impResourceFile = new File(impResourcePath);
+ String wsdlPublishLoc = epMetaData.getServiceMetaData().getWsdlPublishLocation();
- Element wsdlElement = DOMUtils.parse(impResourceFile.toURL().openStream());
- wsdlDoc = wsdlElement.getOwnerDocument();
+ if (impResourceFile.getCanonicalPath().indexOf(wsdlLocFile.getParentFile().getCanonicalPath()) >= 0
+ || (wsdlPublishLoc != null
+ && impResourceFile.getCanonicalPath().indexOf(new File(new URL(wsdlPublishLoc).getPath()).getCanonicalPath()) >= 0))
+ {
+ Element wsdlElement = DOMUtils.parse(impResourceFile.toURL().openStream());
+ wsdlDoc = wsdlElement.getOwnerDocument();
+ }
+ else
+ {
+ throw new IOException("Access to this resource is not allowed");
+ }
}
modifyAddressReferences(reqURL, wsdlHost, resPath, wsdlDoc.getDocumentElement());
15 years, 11 months