Author: asoldano
Date: 2014-02-03 12:00:22 -0500 (Mon, 03 Feb 2014)
New Revision: 18303
Modified:
common/trunk/src/main/java/org/jboss/ws/common/deployment/EndpointAddressDeploymentAspect.java
common/trunk/src/main/java/org/jboss/ws/common/management/AbstractServerConfig.java
common/trunk/src/main/java/org/jboss/ws/common/utils/AbstractWSDLFilePublisher.java
Log:
[JBWS-3756] Add permission checks to sensitive public static methods
Modified:
common/trunk/src/main/java/org/jboss/ws/common/deployment/EndpointAddressDeploymentAspect.java
===================================================================
---
common/trunk/src/main/java/org/jboss/ws/common/deployment/EndpointAddressDeploymentAspect.java 2014-02-03
16:59:47 UTC (rev 18302)
+++
common/trunk/src/main/java/org/jboss/ws/common/deployment/EndpointAddressDeploymentAspect.java 2014-02-03
17:00:22 UTC (rev 18303)
@@ -25,6 +25,7 @@
import static org.jboss.ws.common.integration.WSHelper.isJaxwsEjbEndpoint;
import static org.jboss.ws.common.integration.WSHelper.isJaxwsJseEndpoint;
+import java.security.AccessController;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
@@ -64,7 +65,7 @@
throw Messages.MESSAGES.cannotObtainContextRoot(dep.getSimpleName());
PortValue port = new PortValue((Integer)service.getProperty("port"),
null);
- ServerConfig serverConfig =
AbstractServerConfig.getServerIntegrationServerConfig();
+ ServerConfig serverConfig = getServerConfig();
port.setServerConfig(serverConfig);
String host = serverConfig.getWebServiceHost();
Map<String, Endpoint> endpointsMap = new HashMap<String, Endpoint>();
@@ -108,6 +109,12 @@
}
}
+ private static ServerConfig getServerConfig() {
+ if(System.getSecurityManager() == null) {
+ return AbstractServerConfig.getServerIntegrationServerConfig();
+ }
+ return
AccessController.doPrivileged(AbstractServerConfig.GET_SERVER_INTEGRATION_SERVER_CONFIG);
+ }
protected boolean isConfidentialTransportGuarantee(final Deployment dep, final
Endpoint ep)
{
Modified:
common/trunk/src/main/java/org/jboss/ws/common/management/AbstractServerConfig.java
===================================================================
---
common/trunk/src/main/java/org/jboss/ws/common/management/AbstractServerConfig.java 2014-02-03
16:59:47 UTC (rev 18302)
+++
common/trunk/src/main/java/org/jboss/ws/common/management/AbstractServerConfig.java 2014-02-03
17:00:22 UTC (rev 18303)
@@ -26,6 +26,9 @@
import java.net.InetAddress;
import java.net.UnknownHostException;
+import java.security.AccessController;
+import java.security.Permission;
+import java.security.PrivilegedAction;
import javax.management.MBeanServer;
@@ -51,13 +54,15 @@
* permanentely disabled. The isModifiable() method can be overwridden to enable /
disable
* the attribute update.
*
+ * @author alessio.soldano(a)jboss.com
* @author Thomas.Diesler(a)jboss.org
* @author darran.lofthouse(a)jboss.com
- * @author alessio.soldano(a)jboss.com
* @since 08-May-2006
*/
public abstract class AbstractServerConfig implements AbstractServerConfigMBean,
ServerConfig
{
+ private static final RuntimePermission LOOKUP_SERVER_INTEGRATION_SERVER_CONFIG = new
RuntimePermission("org.jboss.ws.LOOKUP_SERVER_INTEGRATION_SERVER_CONFIG");
+
// The MBeanServer
private volatile MBeanServer mbeanServer;
@@ -290,9 +295,19 @@
if (!ClassLoaderProvider.isSet()) {
return null;
}
+ checkPermission(LOOKUP_SERVER_INTEGRATION_SERVER_CONFIG);
return serverConfig;
}
+ public static final PrivilegedAction<ServerConfig>
GET_SERVER_INTEGRATION_SERVER_CONFIG = new PrivilegedAction<ServerConfig>()
+ {
+ @Override
+ public ServerConfig run()
+ {
+ return getServerIntegrationServerConfig();
+ }
+ };
+
public String getImplementationTitle()
{
return stackConfig.getImplementationTitle();
@@ -342,7 +357,16 @@
{
return endpointConfigStore.getConfig(name);
}
-
+
+ private static void checkPermission(final Permission permission)
+ {
+ SecurityManager securityManager = System.getSecurityManager();
+ if (securityManager != null)
+ {
+ AccessController.checkPermission(permission);
+ }
+ }
+
public interface UpdateCallbackHandler {
public void onBeforeUpdate();
}
Modified:
common/trunk/src/main/java/org/jboss/ws/common/utils/AbstractWSDLFilePublisher.java
===================================================================
---
common/trunk/src/main/java/org/jboss/ws/common/utils/AbstractWSDLFilePublisher.java 2014-02-03
16:59:47 UTC (rev 18302)
+++
common/trunk/src/main/java/org/jboss/ws/common/utils/AbstractWSDLFilePublisher.java 2014-02-03
17:00:22 UTC (rev 18303)
@@ -32,6 +32,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
+import java.security.AccessController;
import java.util.Iterator;
import java.util.List;
@@ -77,7 +78,7 @@
serverConfig = dep.getAttachment(ServerConfig.class);
if (serverConfig == null)
{
- serverConfig = AbstractServerConfig.getServerIntegrationServerConfig();
+ serverConfig = getServerConfig();
}
if (isJseDeployment(dep) || isWarArchive(dep))
@@ -90,6 +91,13 @@
}
}
+ private static ServerConfig getServerConfig() {
+ if(System.getSecurityManager() == null) {
+ return AbstractServerConfig.getServerIntegrationServerConfig();
+ }
+ return
AccessController.doPrivileged(AbstractServerConfig.GET_SERVER_INTEGRATION_SERVER_CONFIG);
+ }
+
private static synchronized DocumentBuilder getDocumentBuilder()
{
if (builder == null)
@@ -130,6 +138,7 @@
@SuppressWarnings("unchecked")
protected void publishWsdlImports(URL parentURL, Definition parentDefinition,
List<String> published, String expLocation) throws Exception
{
+ @SuppressWarnings("rawtypes")
Iterator it = parentDefinition.getImports().values().iterator();
while (it.hasNext())
{