7:56 p.m.
Author: alessio.soldano(a)jboss.com
Date: 2009-06-20 20:56:24 -0400 (Sat, 20 Jun 2009)
New Revision: 10209
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/binding/jbossxb/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/client/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/eventing/mgmt/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/ant/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/config/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/factories/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/helpers/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/metadata/SecurityActions.java
stack/native/trunk/modules/core/src/main/java/org/jboss/wsf/stack/jbws/SecurityActions.java
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/CommonClient.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/binding/jbossxb/JBossXBMarshallerImpl.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/ServiceFactoryImpl.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/ServiceImpl.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/ServiceObjectFactoryJAXRPC.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/CustomizableJAXBContextFactory.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/client/ServiceObjectFactoryJAXWS.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/eventing/mgmt/DispatcherFactory.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityStore.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/Util.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveX509Certificate.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/HandlerMetaData.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/UnifiedMetaData.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/JavaToXSD.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/WSTools.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/ant/wstools.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/config/ToolsSchemaConfigReader.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/factories/JavaToXSDFactory.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/helpers/ToolsHelper.java
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/metadata/ToolsUnifiedMetaDataBuilder.java
stack/native/trunk/modules/core/src/main/java/org/jboss/wsf/stack/jbws/RequestHandlerImpl.java
stack/native/trunk/modules/jaxrpc/src/main/java/javax/xml/rpc/ServiceFactory.java
stack/native/trunk/modules/jaxws-ext/src/main/java/javax/xml/ws/addressing/AddressingBuilder.java
stack/native/trunk/modules/jaxws/src/main/java/javax/xml/ws/spi/ProviderLoader.java
stack/native/trunk/modules/saaj/src/main/java/javax/xml/soap/SAAJFactoryLoader.java
stack/native/trunk/modules/saaj/src/main/java/javax/xml/soap/SOAPConnectionFactory.java
Log:
[JBWS-2668] Adding required privileged blocks
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/CommonClient.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/CommonClient.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/CommonClient.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -208,7 +208,7 @@
{
if (epMetaData == null)
{
- ClassLoader ctxLoader = Thread.currentThread().getContextClassLoader();
+ ClassLoader ctxLoader = SecurityActions.getContextClassLoader();
UnifiedVirtualFile vfsRoot = new ResourceLoaderAdapter();
UnifiedMetaData wsMetaData = new UnifiedMetaData(vfsRoot);
wsMetaData.setClassLoader(ctxLoader);
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/SecurityActions.java
===================================================================
--- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.core;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/binding/jbossxb/JBossXBMarshallerImpl.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/binding/jbossxb/JBossXBMarshallerImpl.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/binding/jbossxb/JBossXBMarshallerImpl.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -113,7 +113,7 @@
if (variableMappings != null)
{
String clsName = javaXmlMapping.getJavaType();
- Class cls = JavaUtils.loadJavaType(clsName,
Thread.currentThread().getContextClassLoader());
+ Class cls = JavaUtils.loadJavaType(clsName,
SecurityActions.getContextClassLoader());
QName clsQName = javaXmlMapping.getRootTypeQName();
if (clsQName != null)
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/binding/jbossxb/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/binding/jbossxb/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/binding/jbossxb/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.core.jaxrpc.binding.jbossxb;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/binding/jbossxb/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,111 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.core.jaxrpc.client;
+
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ /**
+ * Load a class using the provided classloader
+ *
+ * @param name
+ * @return
+ * @throws PrivilegedActionException
+ */
+ static Class<?> loadClass(final ClassLoader cl, final String name) throws
PrivilegedActionException, ClassNotFoundException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.loadClass(name);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+ }
+
+ static URL getResource(final ClassLoader cl, final String filename)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.getResource(filename);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<URL>() {
+ public URL run()
+ {
+ return cl.getResource(filename);
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/ServiceFactoryImpl.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/ServiceFactoryImpl.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/ServiceFactoryImpl.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -117,9 +117,9 @@
*/
public Service createService(URL wsdlURL, QName serviceName) throws ServiceException
{
- ClassLoader cl = Thread.currentThread().getContextClassLoader();
+ ClassLoader cl = SecurityActions.getContextClassLoader();
- URL mappingURL = cl.getResource("META-INF/jaxrpc-mapping.xml");
+ URL mappingURL = SecurityActions.getResource(cl,
"META-INF/jaxrpc-mapping.xml");
if (mappingURL != null)
log.info("Use jaxrpc-mapping from: " + mappingURL);
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/ServiceImpl.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/ServiceImpl.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/ServiceImpl.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -104,7 +104,7 @@
this.wsdlLocation = wsdlURL;
JAXRPCClientMetaDataBuilder builder = new JAXRPCClientMetaDataBuilder();
- ClassLoader ctxClassLoader = Thread.currentThread().getContextClassLoader();
+ ClassLoader ctxClassLoader = SecurityActions.getContextClassLoader();
serviceMetaData = builder.buildMetaData(serviceName, wsdlURL, mappingURL,
securityURL, null, ctxClassLoader);
handlerRegistry = new HandlerRegistryImpl(serviceMetaData);
@@ -119,7 +119,7 @@
this.usrMetaData = usrMetaData;
JAXRPCClientMetaDataBuilder builder = new JAXRPCClientMetaDataBuilder();
- ClassLoader ctxClassLoader = Thread.currentThread().getContextClassLoader();
+ ClassLoader ctxClassLoader = SecurityActions.getContextClassLoader();
serviceMetaData = builder.buildMetaData(serviceName, wsdlURL, mappingURL,
securityConfig, usrMetaData, ctxClassLoader);
handlerRegistry = new HandlerRegistryImpl(serviceMetaData);
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/ServiceObjectFactoryJAXRPC.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/ServiceObjectFactoryJAXRPC.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxrpc/client/ServiceObjectFactoryJAXRPC.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -228,8 +228,8 @@
********************************************************/
// load the service interface class
- ClassLoader contextCL = Thread.currentThread().getContextClassLoader();
- Class siClass = contextCL.loadClass(serviceRef.getServiceInterface());
+ ClassLoader contextCL = SecurityActions.getContextClassLoader();
+ Class<?> siClass = SecurityActions.loadClass(contextCL,
serviceRef.getServiceInterface());
if (Service.class.isAssignableFrom(siClass) == false)
throw new JAXRPCException("The service interface does not implement
javax.xml.rpc.Service: " + siClass.getName());
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/CustomizableJAXBContextFactory.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/CustomizableJAXBContextFactory.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/CustomizableJAXBContextFactory.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -21,6 +21,9 @@
*/
package org.jboss.ws.core.jaxws;
+import java.security.AccessController;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Collection;
import javax.xml.bind.JAXBContext;
@@ -83,15 +86,27 @@
}
}
- public JAXBContext createContext(Class[] clazzes, BindingCustomization bcust) throws
WSException
+ public JAXBContext createContext(final Class[] clazzes, final BindingCustomization
bcust) throws WSException
{
try
{
- JAXBContext jaxbCtx = JAXBContext.newInstance(clazzes, bcust);
+ JAXBContext jaxbCtx = AccessController.doPrivileged(new
PrivilegedExceptionAction<JAXBContext>() {
+ public JAXBContext run() throws PrivilegedActionException
+ {
+ try
+ {
+ return JAXBContext.newInstance(clazzes, bcust);
+ }
+ catch (JAXBException e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
incrementContextCount();
return jaxbCtx;
}
- catch (JAXBException e)
+ catch (Exception e)
{
throw new WSException("Failed to create JAXBContext", e);
}
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/client/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/client/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/client/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,111 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.core.jaxws.client;
+
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ /**
+ * Load a class using the provided classloader
+ *
+ * @param name
+ * @return
+ * @throws PrivilegedActionException
+ */
+ static Class<?> loadClass(final ClassLoader cl, final String name) throws
PrivilegedActionException, ClassNotFoundException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.loadClass(name);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+ }
+
+ static URL getResource(final ClassLoader cl, final String filename)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.getResource(filename);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<URL>() {
+ public URL run()
+ {
+ return cl.getResource(filename);
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/client/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/client/ServiceObjectFactoryJAXWS.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/client/ServiceObjectFactoryJAXWS.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/core/jaxws/client/ServiceObjectFactoryJAXWS.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -99,8 +99,8 @@
log.debug("[name=" + serviceRefName + ",service=" +
serviceImplClass + ",target=" + targetClassName + "]");
// Load the service class
- ClassLoader ctxLoader = Thread.currentThread().getContextClassLoader();
- Class serviceClass = ctxLoader.loadClass(serviceImplClass);
+ ClassLoader ctxLoader = SecurityActions.getContextClassLoader();
+ Class serviceClass = SecurityActions.loadClass(ctxLoader, serviceImplClass);
Class targetClass = (targetClassName != null ?
ctxLoader.loadClass(targetClassName) : null);
if (Service.class.isAssignableFrom(serviceClass) == false)
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/eventing/mgmt/DispatcherFactory.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/eventing/mgmt/DispatcherFactory.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/eventing/mgmt/DispatcherFactory.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -43,7 +43,8 @@
Reference ref = (Reference)object;
String hostname =
(String)ref.get(DispatcherDelegate.MANAGER_HOSTNAME).getContent();
- Class cls =
Thread.currentThread().getContextClassLoader().loadClass(ref.getClassName());
+ ClassLoader loader = SecurityActions.getContextClassLoader();
+ Class<?> cls = SecurityActions.loadClass(loader, ref.getClassName());
DispatcherDelegate delegate = (DispatcherDelegate)cls.newInstance();
delegate.setHostname(hostname);
return delegate;
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/eventing/mgmt/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/eventing/mgmt/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/eventing/mgmt/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,92 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.extensions.eventing.mgmt;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ /**
+ * Load a class using the provided classloader
+ *
+ * @param name
+ * @return
+ * @throws PrivilegedActionException
+ */
+ static Class<?> loadClass(final ClassLoader cl, final String name) throws
PrivilegedActionException, ClassNotFoundException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.loadClass(name);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/eventing/mgmt/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,118 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.extensions.security;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ /**
+ * Get a system property
+ *
+ * @param name
+ * @param defaultValue
+ * @return
+ */
+ static String getSystemProperty(final String name)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return System.getProperty(name);
+ }
+ else
+ {
+ PrivilegedAction<String> action = new PrivilegedAction<String>() {
+ public String run()
+ {
+ return System.getProperty(name);
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+ }
+
+ /**
+ * Load a class using the provided classloader
+ *
+ * @param name
+ * @return
+ * @throws PrivilegedActionException
+ */
+ static Class<?> loadClass(final ClassLoader cl, final String name) throws
PrivilegedActionException, ClassNotFoundException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.loadClass(name);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityStore.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityStore.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/SecurityStore.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -97,7 +97,7 @@
private void loadKeyStore(URL keyStoreURL, String keyStoreType, String
keyStorePassword) throws WSSecurityException
{
if (keyStorePassword == null)
- keyStorePassword =
System.getProperty("org.jboss.ws.wsse.keyStorePassword");
+ keyStorePassword =
SecurityActions.getSystemProperty("org.jboss.ws.wsse.keyStorePassword");
keyStore = loadStore("org.jboss.ws.wsse.keyStore", "Keystore",
keyStoreURL, keyStoreType, keyStorePassword);
this.keyStorePassword = keyStorePassword;
@@ -106,7 +106,7 @@
private void loadTrustStore(URL trustStoreURL, String trustStoreType, String
trustStorePassword) throws WSSecurityException
{
if (trustStorePassword == null)
- trustStorePassword =
System.getProperty("org.jboss.ws.wsse.trustStorePassword");
+ trustStorePassword =
SecurityActions.getSystemProperty("org.jboss.ws.wsse.trustStorePassword");
trustStore = loadStore("org.jboss.ws.wsse.trustStore",
"Truststore", trustStoreURL, trustStoreType, trustStorePassword);
this.trustStorePassword = trustStorePassword;
@@ -116,7 +116,7 @@
{
if (storeURL == null)
{
- String defaultStore = System.getProperty(property);
+ String defaultStore = SecurityActions.getSystemProperty(property);
if (defaultStore == null)
{
return null;
@@ -134,7 +134,7 @@
}
if (storeType == null)
- storeType = System.getProperty(property + "Type");
+ storeType = SecurityActions.getSystemProperty(property + "Type");
if (storeType == null)
storeType = "jks";
@@ -275,7 +275,7 @@
log.debug("Loading class: " + classname + ", ctorArg=" +
ctorArg);
try
{
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = SecurityActions.getContextClassLoader();
Class c = loader.loadClass(classname);
Object instance = null;
if (ctorArg != null)
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/Util.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/Util.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/Util.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -218,13 +218,13 @@
@SuppressWarnings("unchecked")
public static <T> T loadFactory(Class<T> factoryType, String
factoryClassName, Class<? extends T> defaultFactoryClassName)
{
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- String name = factoryClassName != null ? factoryClassName :
System.getProperty(factoryType.getName());
+ ClassLoader loader = SecurityActions.getContextClassLoader();
+ String name = factoryClassName != null ? factoryClassName :
SecurityActions.getSystemProperty(factoryType.getName());
if (name == null)
name = defaultFactoryClassName.getName();
try
{
- Class<T> cl = (Class<T>)loader.loadClass(name);
+ Class<T> cl = (Class<T>)SecurityActions.loadClass(loader, name);
return cl.newInstance();
}
catch (Exception e)
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveX509Certificate.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveX509Certificate.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/ReceiveX509Certificate.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -56,7 +56,7 @@
{
try
{
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = SecurityActions.getContextClassLoader();
Class<?> cpClass = loader.loadClass(certificatePrincipal);
certMapping = (CertificatePrincipal) cpClass.newInstance();
}
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.extensions.security.operation;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/extensions/security/operation/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/HandlerMetaData.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/HandlerMetaData.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/HandlerMetaData.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -119,7 +119,7 @@
private ClassLoader getClassLoader()
{
// The EndpointMetaData classloader is not availabel for a handler associaated with
a JAXWS Service.handlerResolver
- ClassLoader ctxLoader = Thread.currentThread().getContextClassLoader();
+ ClassLoader ctxLoader = SecurityActions.getContextClassLoader();
return (epMetaData != null ? epMetaData.getClassLoader() : ctxLoader);
}
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.metadata.umdm;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/UnifiedMetaData.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/UnifiedMetaData.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/metadata/umdm/UnifiedMetaData.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -82,7 +82,7 @@
throw new IllegalArgumentException("VFS root cannot be null");
this.vfsRoot = vfsRoot;
- this.classLoader = Thread.currentThread().getContextClassLoader();
+ this.classLoader = SecurityActions.getContextClassLoader();
}
public ClassLoader getClassLoader()
Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/JavaToXSD.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/JavaToXSD.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/JavaToXSD.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -224,15 +224,15 @@
String resource = (String)resolver.getEntityMap().get(nsURI);
if (resource != null)
{
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- url = loader.getResource(resource);
+ ClassLoader loader = SecurityActions.getContextClassLoader();
+ url = SecurityActions.getResource(loader, resource);
if (url == null)
{
if (resource.endsWith(".dtd"))
resource = "dtd/" + resource;
else if (resource.endsWith(".xsd"))
resource = "schema/" + resource;
- url = loader.getResource(resource);
+ url = SecurityActions.getResource(loader, resource);
}
}
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/SecurityActions.java
===================================================================
--- stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,131 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.tools;
+
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ /**
+ * Set context classloader.
+ *
+ * @param cl the classloader
+ * @return previous context classloader
+ * @throws Throwable for any error
+ */
+ static ClassLoader setContextClassLoader(final ClassLoader cl)
+ {
+ if (System.getSecurityManager() == null)
+ {
+ ClassLoader result = Thread.currentThread().getContextClassLoader();
+ if (cl != null)
+ Thread.currentThread().setContextClassLoader(cl);
+ return result;
+ }
+ else
+ {
+ try
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<ClassLoader>() {
+ public ClassLoader run() throws Exception
+ {
+ try
+ {
+ ClassLoader result =
Thread.currentThread().getContextClassLoader();
+ if (cl != null)
+ Thread.currentThread().setContextClassLoader(cl);
+ return result;
+ }
+ catch (Exception e)
+ {
+ throw e;
+ }
+ catch (Error e)
+ {
+ throw e;
+ }
+ catch (Throwable e)
+ {
+ throw new RuntimeException("Error setting context
classloader", e);
+ }
+ }
+ });
+ }
+ catch (PrivilegedActionException e)
+ {
+ throw new RuntimeException("Error running privileged action",
e.getCause());
+ }
+ }
+ }
+
+ static URL getResource(final ClassLoader cl, final String filename)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.getResource(filename);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<URL>() {
+ public URL run()
+ {
+ return cl.getResource(filename);
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified: stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/WSTools.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/WSTools.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/WSTools.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -119,9 +119,9 @@
urls[j] = new File(token).toURL();
}
- ClassLoader ctxLoader = Thread.currentThread().getContextClassLoader();
+ ClassLoader ctxLoader = SecurityActions.getContextClassLoader();
URLClassLoader urlLoader = new URLClassLoader(urls, ctxLoader);
- Thread.currentThread().setContextClassLoader(urlLoader);
+ SecurityActions.setContextClassLoader(urlLoader);
i++;
}
else
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/ant/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/ant/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/ant/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,112 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.tools.ant;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ /**
+ * Set context classloader.
+ *
+ * @param cl the classloader
+ * @return previous context classloader
+ * @throws Throwable for any error
+ */
+ static ClassLoader setContextClassLoader(final ClassLoader cl)
+ {
+ if (System.getSecurityManager() == null)
+ {
+ ClassLoader result = Thread.currentThread().getContextClassLoader();
+ if (cl != null)
+ Thread.currentThread().setContextClassLoader(cl);
+ return result;
+ }
+ else
+ {
+ try
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<ClassLoader>() {
+ public ClassLoader run() throws Exception
+ {
+ try
+ {
+ ClassLoader result =
Thread.currentThread().getContextClassLoader();
+ if (cl != null)
+ Thread.currentThread().setContextClassLoader(cl);
+ return result;
+ }
+ catch (Exception e)
+ {
+ throw e;
+ }
+ catch (Error e)
+ {
+ throw e;
+ }
+ catch (Throwable e)
+ {
+ throw new RuntimeException("Error setting context
classloader", e);
+ }
+ }
+ });
+ }
+ catch (PrivilegedActionException e)
+ {
+ throw new RuntimeException("Error running privileged action",
e.getCause());
+ }
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/ant/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/ant/wstools.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/ant/wstools.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/ant/wstools.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -95,8 +95,8 @@
public void execute() throws BuildException
{
- ClassLoader prevCL = Thread.currentThread().getContextClassLoader();
- Thread.currentThread().setContextClassLoader(this.getClass().getClassLoader());
+ ClassLoader prevCL = SecurityActions.getContextClassLoader();
+ SecurityActions.setContextClassLoader(this.getClass().getClassLoader());
try
{
String[] args = new String[] { "-dest", dest, "-config",
config };
@@ -116,7 +116,7 @@
}
finally
{
- Thread.currentThread().setContextClassLoader(prevCL);
+ SecurityActions.setContextClassLoader(prevCL);
}
}
}
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/config/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/config/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/config/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,77 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.tools.config;
+
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ static URL getResource(final ClassLoader cl, final String filename)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.getResource(filename);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<URL>() {
+ public URL run()
+ {
+ return cl.getResource(filename);
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/config/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/config/ToolsSchemaConfigReader.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/config/ToolsSchemaConfigReader.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/config/ToolsSchemaConfigReader.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -118,8 +118,8 @@
if (configURL == null)
{
- ClassLoader ctxLoader = Thread.currentThread().getContextClassLoader();
- configURL = ctxLoader.getResource(configLocation);
+ ClassLoader ctxLoader = SecurityActions.getContextClassLoader();
+ configURL = SecurityActions.getResource(ctxLoader, configLocation);
}
if (configURL == null)
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/factories/JavaToXSDFactory.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/factories/JavaToXSDFactory.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/factories/JavaToXSDFactory.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -47,8 +47,8 @@
{
String defaultName = "org.jboss.ws.tools.factories.JavaToXSDFactory";
factoryName =
System.getProperty("org.jboss.ws.tools.JavaToXSDFactory", defaultName);
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
- Class factoryClass = loader.loadClass(factoryName);
+ ClassLoader loader = SecurityActions.getContextClassLoader();
+ Class factoryClass = SecurityActions.loadClass(loader, factoryName);
factory = (JavaToXSDFactory) factoryClass.newInstance();
}
catch(Throwable e)
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/factories/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/factories/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/factories/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,92 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.tools.factories;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ /**
+ * Load a class using the provided classloader
+ *
+ * @param name
+ * @return
+ * @throws PrivilegedActionException
+ */
+ static Class<?> loadClass(final ClassLoader cl, final String name) throws
PrivilegedActionException, ClassNotFoundException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.loadClass(name);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/factories/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/helpers/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/helpers/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/helpers/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,111 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.tools.helpers;
+
+import java.net.URL;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ static URL getResource(final ClassLoader cl, final String filename)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.getResource(filename);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<URL>() {
+ public URL run()
+ {
+ return cl.getResource(filename);
+ }
+ });
+ }
+ }
+
+ /**
+ * Load a class using the provided classloader
+ *
+ * @param name
+ * @return
+ * @throws PrivilegedActionException
+ */
+ static Class<?> loadClass(final ClassLoader cl, final String name) throws
PrivilegedActionException, ClassNotFoundException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.loadClass(name);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/helpers/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/helpers/ToolsHelper.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/helpers/ToolsHelper.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/helpers/ToolsHelper.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -288,8 +288,8 @@
if (wsdlURL == null)
{
- ClassLoader ctxLoader = Thread.currentThread().getContextClassLoader();
- wsdlURL = ctxLoader.getResource(w2jc.wsdlLocation);
+ ClassLoader ctxLoader = SecurityActions.getContextClassLoader();
+ wsdlURL = SecurityActions.getResource(ctxLoader, w2jc.wsdlLocation);
}
if (wsdlURL == null)
@@ -378,9 +378,9 @@
Class clazz = null;
try
{
- clazz = Thread.currentThread().getContextClassLoader().loadClass(cls);
+ clazz = SecurityActions.loadClass(SecurityActions.getContextClassLoader(),
cls);
}
- catch (ClassNotFoundException e)
+ catch (Exception e)
{
log.error("Cannot load endpoint:" + e.getLocalizedMessage());
}
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/metadata/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/metadata/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/metadata/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,58 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.ws.tools.metadata;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/metadata/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/metadata/ToolsUnifiedMetaDataBuilder.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/metadata/ToolsUnifiedMetaDataBuilder.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/ws/tools/metadata/ToolsUnifiedMetaDataBuilder.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -82,7 +82,7 @@
if (!Remote.class.isAssignableFrom(seiClass))
throw new WSException("A service endpoint interface should extend
Remote");
- ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
+ ClassLoader contextClassLoader = SecurityActions.getContextClassLoader();
ResourceLoaderAdapter vfsRoot = new ResourceLoaderAdapter();
um = new UnifiedMetaData(vfsRoot);
um.setClassLoader(contextClassLoader);
Modified:
stack/native/trunk/modules/core/src/main/java/org/jboss/wsf/stack/jbws/RequestHandlerImpl.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/wsf/stack/jbws/RequestHandlerImpl.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/wsf/stack/jbws/RequestHandlerImpl.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -86,7 +86,6 @@
import org.jboss.ws.metadata.umdm.EndpointMetaData;
import org.jboss.ws.metadata.umdm.ServerEndpointMetaData;
import org.jboss.ws.metadata.umdm.EndpointMetaData.Type;
-import org.jboss.wsf.common.DOMUtils;
import org.jboss.wsf.common.DOMWriter;
import org.jboss.wsf.common.IOUtils;
import org.jboss.wsf.spi.SPIProvider;
@@ -197,8 +196,8 @@
throw new IllegalStateException("Deployment has no classloader
associated");
// Set the thread context class loader
- ClassLoader ctxClassLoader = Thread.currentThread().getContextClassLoader();
- Thread.currentThread().setContextClassLoader(classLoader);
+ ClassLoader ctxClassLoader = SecurityActions.getContextClassLoader();
+ SecurityActions.setContextClassLoader(classLoader);
try
{
ServletRequestContext reqContext = new ServletRequestContext(context, req,
res);
@@ -211,7 +210,7 @@
finally
{
// Reset the thread context class loader
- Thread.currentThread().setContextClassLoader(ctxClassLoader);
+ SecurityActions.setContextClassLoader(ctxClassLoader);
try
{
@@ -415,7 +414,7 @@
throw new IllegalStateException("Cannot obtain endpoint meta data");
long beginProcessing = 0;
- ClassLoader ctxClassLoader = Thread.currentThread().getContextClassLoader();
+ ClassLoader ctxClassLoader = SecurityActions.getContextClassLoader();
try
{
EndpointState state = ep.getState();
@@ -463,7 +462,7 @@
// Set the thread context class loader
ClassLoader classLoader = sepMetaData.getClassLoader();
- Thread.currentThread().setContextClassLoader(classLoader);
+ SecurityActions.setContextClassLoader(classLoader);
// Get the Invoker
ServiceEndpointInvoker epInvoker =
ep.getAttachment(ServiceEndpointInvoker.class);
@@ -524,7 +523,7 @@
}
// Reset the thread context class loader
- Thread.currentThread().setContextClassLoader(ctxClassLoader);
+ SecurityActions.setContextClassLoader(ctxClassLoader);
log.debug("END handleRequest: " + ep.getName());
}
}
Added:
stack/native/trunk/modules/core/src/main/java/org/jboss/wsf/stack/jbws/SecurityActions.java
===================================================================
---
stack/native/trunk/modules/core/src/main/java/org/jboss/wsf/stack/jbws/SecurityActions.java
(rev 0)
+++
stack/native/trunk/modules/core/src/main/java/org/jboss/wsf/stack/jbws/SecurityActions.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -0,0 +1,112 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.wsf.stack.jbws;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ /**
+ * Set context classloader.
+ *
+ * @param cl the classloader
+ * @return previous context classloader
+ * @throws Throwable for any error
+ */
+ static ClassLoader setContextClassLoader(final ClassLoader cl)
+ {
+ if (System.getSecurityManager() == null)
+ {
+ ClassLoader result = Thread.currentThread().getContextClassLoader();
+ if (cl != null)
+ Thread.currentThread().setContextClassLoader(cl);
+ return result;
+ }
+ else
+ {
+ try
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<ClassLoader>() {
+ public ClassLoader run() throws Exception
+ {
+ try
+ {
+ ClassLoader result =
Thread.currentThread().getContextClassLoader();
+ if (cl != null)
+ Thread.currentThread().setContextClassLoader(cl);
+ return result;
+ }
+ catch (Exception e)
+ {
+ throw e;
+ }
+ catch (Error e)
+ {
+ throw e;
+ }
+ catch (Throwable e)
+ {
+ throw new RuntimeException("Error setting context
classloader", e);
+ }
+ }
+ });
+ }
+ catch (PrivilegedActionException e)
+ {
+ throw new RuntimeException("Error running privileged action",
e.getCause());
+ }
+ }
+ }
+}
Property changes on:
stack/native/trunk/modules/core/src/main/java/org/jboss/wsf/stack/jbws/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
stack/native/trunk/modules/jaxrpc/src/main/java/javax/xml/rpc/ServiceFactory.java
===================================================================
---
stack/native/trunk/modules/jaxrpc/src/main/java/javax/xml/rpc/ServiceFactory.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/jaxrpc/src/main/java/javax/xml/rpc/ServiceFactory.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -21,9 +21,12 @@
*/
package javax.xml.rpc;
+import java.io.InputStream;
import java.net.URL;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Properties;
import java.util.logging.Logger;
@@ -76,12 +79,12 @@
PrivilegedAction action = new PropertyAccessAction(SERVICEFACTORY_PROPERTY,
DEFAULT_SERVICE_FACTORY);
String factoryName = (String)AccessController.doPrivileged(action);
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = getContextClassLoader();
try
{
try
{
- Class factoryClass = loader.loadClass(factoryName);
+ Class factoryClass = loadClass(loader, factoryName);
factory = (ServiceFactory)factoryClass.newInstance();
}
catch (ClassNotFoundException e)
@@ -95,7 +98,7 @@
factoryName = alternativeFactories[i];
try
{
- Class factoryClass = loader.loadClass(factoryName);
+ Class factoryClass = loadClass(loader, factoryName);
return (ServiceFactory)factoryClass.newInstance();
}
catch (ClassNotFoundException e1)
@@ -189,4 +192,53 @@
return System.getProperty(name, defaultValue);
}
}
+
+ private static Class<?> loadClass(final ClassLoader cl, final String name)
throws PrivilegedActionException, ClassNotFoundException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.loadClass(name);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+ }
+
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ private static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
}
Modified:
stack/native/trunk/modules/jaxws/src/main/java/javax/xml/ws/spi/ProviderLoader.java
===================================================================
---
stack/native/trunk/modules/jaxws/src/main/java/javax/xml/ws/spi/ProviderLoader.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/jaxws/src/main/java/javax/xml/ws/spi/ProviderLoader.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -29,6 +29,8 @@
import java.io.InputStreamReader;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Properties;
/**
@@ -70,12 +72,12 @@
{
Object factory = null;
String factoryName = null;
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = getContextClassLoader();
// Use the Services API (as detailed in the JAR specification), if available, to
determine the classname.
String propertyName = Provider.JAXWSPROVIDER_PROPERTY;
String filename = "META-INF/services/" + propertyName;
- InputStream inStream = loader.getResourceAsStream(filename);
+ InputStream inStream = getResourceAsStream(loader, filename);
if (inStream != null)
{
try
@@ -85,7 +87,7 @@
br.close();
if (factoryName != null)
{
- Class factoryClass = loader.loadClass(factoryName);
+ Class factoryClass = loadClass(loader, factoryName);
factory = factoryClass.newInstance();
}
}
@@ -102,7 +104,7 @@
PrivilegedAction action = new PropertyAccessAction("java.home");
String javaHome = (String)AccessController.doPrivileged(action);
File jaxmFile = new File(javaHome + "/lib/jaxws.properties");
- if (jaxmFile.exists())
+ if ((Boolean)AccessController.doPrivileged(new
PropertyFileExistAction(jaxmFile)))
{
try
{
@@ -112,7 +114,7 @@
if (factoryName != null)
{
//if(log.isDebugEnabled()) log.debug("Load from " + jaxmFile
+ ": " + factoryName);
- Class factoryClass = loader.loadClass(factoryName);
+ Class factoryClass = loadClass(loader, factoryName);
factory = factoryClass.newInstance();
}
}
@@ -133,7 +135,7 @@
try
{
//if(log.isDebugEnabled()) log.debug("Load from system property:
" + factoryName);
- Class factoryClass = loader.loadClass(factoryName);
+ Class factoryClass = loadClass(loader, factoryName);
factory = factoryClass.newInstance();
}
catch (Throwable t)
@@ -149,7 +151,7 @@
try
{
//if(log.isDebugEnabled()) log.debug("Load from default: " +
factoryName);
- Class factoryClass = loader.loadClass(defaultFactory);
+ Class factoryClass = loadClass(loader, defaultFactory);
factory = factoryClass.newInstance();
}
catch (Throwable t)
@@ -200,4 +202,85 @@
}
}
}
+
+ private static class PropertyFileExistAction implements PrivilegedAction
+ {
+ private File file;
+
+ PropertyFileExistAction(File file)
+ {
+ this.file = file;
+ }
+
+ public Object run()
+ {
+ return file.exists();
+ }
+ }
+
+ private static Class<?> loadClass(final ClassLoader cl, final String name)
throws PrivilegedActionException, ClassNotFoundException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.loadClass(name);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+ }
+
+ private static InputStream getResourceAsStream(final ClassLoader cl, final String
filename)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.getResourceAsStream(filename);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<InputStream>()
{
+ public InputStream run()
+ {
+ return cl.getResourceAsStream(filename);
+ }
+ });
+ }
+ }
+
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ private static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
}
Modified:
stack/native/trunk/modules/jaxws-ext/src/main/java/javax/xml/ws/addressing/AddressingBuilder.java
===================================================================
---
stack/native/trunk/modules/jaxws-ext/src/main/java/javax/xml/ws/addressing/AddressingBuilder.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/jaxws-ext/src/main/java/javax/xml/ws/addressing/AddressingBuilder.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -26,6 +26,10 @@
import java.net.URI;
import java.net.URISyntaxException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
@@ -44,7 +48,7 @@
ClassLoader classLoader;
try
{
- classLoader = Thread.currentThread().getContextClassLoader();
+ classLoader = getContextClassLoader();
}
catch (Exception x)
{
@@ -56,7 +60,7 @@
// Use the system property first
try
{
- name = System.getProperty(ADDRESSING_BUILDER_PROPERTY);
+ name = getSystemProperty(ADDRESSING_BUILDER_PROPERTY);
if (name != null)
{
return newInstance(name, classLoader);
@@ -82,7 +86,7 @@
}
else
{
- cls = classLoader.loadClass(className);
+ cls = loadClass(classLoader, className);
}
return (AddressingBuilder)cls.newInstance();
}
@@ -109,4 +113,78 @@
public abstract AddressingProperties newAddressingProperties();
public abstract AddressingConstants newAddressingConstants();
+
+ /**
+ * Get a system property
+ *
+ * @param name
+ * @param defaultValue
+ * @return
+ */
+ private static String getSystemProperty(final String name)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return System.getProperty(name);
+ }
+ else
+ {
+ PrivilegedAction<String> action = new PrivilegedAction<String>() {
+ public String run()
+ {
+ return System.getProperty(name);
+ }
+ };
+ return AccessController.doPrivileged(action);
+ }
+ }
+
+ private static Class<?> loadClass(final ClassLoader cl, final String name)
throws PrivilegedActionException, ClassNotFoundException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.loadClass(name);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+ }
+
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ private static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
}
Modified:
stack/native/trunk/modules/saaj/src/main/java/javax/xml/soap/SAAJFactoryLoader.java
===================================================================
---
stack/native/trunk/modules/saaj/src/main/java/javax/xml/soap/SAAJFactoryLoader.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/saaj/src/main/java/javax/xml/soap/SAAJFactoryLoader.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -29,6 +29,8 @@
import java.io.InputStreamReader;
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.Properties;
/**
@@ -42,6 +44,7 @@
* </ol>
*
* @author Thomas.Diesler(a)jboss.com
+ * @author alessio.soldano(a)jboss.com
* @since 14-Dec-2006
*/
class SAAJFactoryLoader
@@ -49,7 +52,7 @@
private SAAJFactoryLoader()
{
}
-
+
/**
*
* @return the factory impl, or null
@@ -57,7 +60,7 @@
public static Object loadFactory(String propertyName, String defaultFactory)
{
Object factory = null;
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = getContextClassLoader();
// Use the system property
PrivilegedAction action = new PropertyAccessAction(propertyName);
@@ -67,7 +70,7 @@
try
{
//if(log.isDebugEnabled()) log.debug("Load from system property: "
+ factoryName);
- Class factoryClass = loader.loadClass(factoryName);
+ Class factoryClass = loadClass(loader, factoryName);
factory = factoryClass.newInstance();
}
catch (Throwable t)
@@ -83,7 +86,7 @@
action = new PropertyAccessAction("java.home");
String javaHome = (String)AccessController.doPrivileged(action);
File jaxmFile = new File(javaHome + "/lib/jaxm.properties");
- if (jaxmFile.exists())
+ if ((Boolean)AccessController.doPrivileged(new
PropertyFileExistAction(jaxmFile)))
{
try
{
@@ -93,7 +96,7 @@
if (factoryName != null)
{
//if(log.isDebugEnabled()) log.debug("Load from " + jaxmFile
+ ": " + factoryName);
- Class factoryClass = loader.loadClass(factoryName);
+ Class factoryClass = loadClass(loader, factoryName);
factory = factoryClass.newInstance();
}
}
@@ -108,7 +111,7 @@
if (factory == null)
{
String filename = "META-INF/services/" + propertyName;
- InputStream inStream = loader.getResourceAsStream(filename);
+ InputStream inStream = getResourceAsStream(loader, filename);
if (inStream != null)
{
try
@@ -119,7 +122,7 @@
if (factoryName != null)
{
//if(log.isTraceEnabled()) log.trace("Load from Service API "
+ filename + ": " + factoryName);
- Class factoryClass = loader.loadClass(factoryName);
+ Class factoryClass = loadClass(loader, factoryName);
factory = factoryClass.newInstance();
}
}
@@ -137,7 +140,7 @@
{
factoryName = defaultFactory;
//if(log.isDebugEnabled()) log.debug("Load from default: " +
factoryName);
- Class factoryClass = loader.loadClass(factoryName);
+ Class factoryClass = loadClass(loader, factoryName);
factory = factoryClass.newInstance();
}
catch (Throwable t)
@@ -188,4 +191,81 @@
}
}
}
+
+ private static class PropertyFileExistAction implements PrivilegedAction
+ {
+ private File file;
+
+ PropertyFileExistAction(File file)
+ {
+ this.file = file;
+ }
+
+ public Object run()
+ {
+ return file.exists();
+ }
+ }
+
+ private static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ private static Class<?> loadClass(final ClassLoader cl, final String name)
throws PrivilegedActionException, ClassNotFoundException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.loadClass(name);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+ }
+
+ private static InputStream getResourceAsStream(final ClassLoader cl, final String
filename)
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.getResourceAsStream(filename);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<InputStream>()
{
+ public InputStream run()
+ {
+ return cl.getResourceAsStream(filename);
+ }
+ });
+ }
+ }
+
}
Modified:
stack/native/trunk/modules/saaj/src/main/java/javax/xml/soap/SOAPConnectionFactory.java
===================================================================
---
stack/native/trunk/modules/saaj/src/main/java/javax/xml/soap/SOAPConnectionFactory.java 2009-06-21
00:54:45 UTC (rev 10208)
+++
stack/native/trunk/modules/saaj/src/main/java/javax/xml/soap/SOAPConnectionFactory.java 2009-06-21
00:56:24 UTC (rev 10209)
@@ -23,6 +23,8 @@
import java.security.AccessController;
import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
import java.util.logging.Logger;
/** A factory for creating SOAPConnection objects. Implementation of this class
@@ -55,12 +57,12 @@
PrivilegedAction action = new
PropertyAccessAction(SOAPConnectionFactory.class.getName(),
DEFAULT_SOAP_CONNECTION_FACTORY);
String factoryName = (String)AccessController.doPrivileged(action);
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = getContextClassLoader();
try
{
try
{
- Class factoryClass = loader.loadClass(factoryName);
+ Class<?> factoryClass = loadClass(loader, factoryName);
return (SOAPConnectionFactory)factoryClass.newInstance();
}
catch (ClassNotFoundException e)
@@ -110,4 +112,47 @@
return System.getProperty(name, defaultValue);
}
}
+
+ private static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ private static Class<?> loadClass(final ClassLoader cl, final String name)
throws PrivilegedActionException, ClassNotFoundException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.loadClass(name);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+ }
}