7:54 p.m.
Author: alessio.soldano(a)jboss.com
Date: 2009-06-20 20:54:45 -0400 (Sat, 20 Jun 2009)
New Revision: 10208
Added:
common/trunk/src/main/java/org/jboss/wsf/common/SecurityActions.java
Modified:
common/trunk/src/main/java/org/jboss/wsf/common/DOMUtils.java
common/trunk/src/main/java/org/jboss/wsf/common/ResourceLoaderAdapter.java
common/trunk/src/main/java/org/jboss/wsf/common/servlet/AbstractEndpointServlet.java
Log:
[JBWS-2668] Adding required privileged blocks
Modified: common/trunk/src/main/java/org/jboss/wsf/common/DOMUtils.java
===================================================================
--- common/trunk/src/main/java/org/jboss/wsf/common/DOMUtils.java 2009-06-21 00:54:08 UTC
(rev 10207)
+++ common/trunk/src/main/java/org/jboss/wsf/common/DOMUtils.java 2009-06-21 00:54:45 UTC
(rev 10208)
@@ -112,12 +112,12 @@
String[] resolvers = new String[] {
"org.jboss.ws.core.utils.JBossWSEntityResolver",
"org.jboss.util.xml.JBossEntityResolver" };
EntityResolver entityResolver = null;
- ClassLoader loader = Thread.currentThread().getContextClassLoader();
+ ClassLoader loader = SecurityActions.getContextClassLoader();
for (String resolver : resolvers)
{
try
{
- Class<?> resolverClass = loader.loadClass(resolver);
+ Class<?> resolverClass = SecurityActions.loadClass(loader,
resolver);
entityResolver = (EntityResolver)resolverClass.newInstance();
}
catch (Exception ex)
Modified: common/trunk/src/main/java/org/jboss/wsf/common/ResourceLoaderAdapter.java
===================================================================
--- common/trunk/src/main/java/org/jboss/wsf/common/ResourceLoaderAdapter.java 2009-06-21
00:54:08 UTC (rev 10207)
+++ common/trunk/src/main/java/org/jboss/wsf/common/ResourceLoaderAdapter.java 2009-06-21
00:54:45 UTC (rev 10208)
@@ -53,7 +53,7 @@
public ResourceLoaderAdapter()
{
- this(Thread.currentThread().getContextClassLoader());
+ this(SecurityActions.getContextClassLoader());
}
public ResourceLoaderAdapter(ClassLoader loader)
Added: common/trunk/src/main/java/org/jboss/wsf/common/SecurityActions.java
===================================================================
--- common/trunk/src/main/java/org/jboss/wsf/common/SecurityActions.java
(rev 0)
+++ common/trunk/src/main/java/org/jboss/wsf/common/SecurityActions.java 2009-06-21
00:54:45 UTC (rev 10208)
@@ -0,0 +1,92 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2006, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.wsf.common;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * Security actions for this package
+ *
+ * @author alessio.soldano(a)jboss.com
+ * @since 19-Jun-2009
+ *
+ */
+class SecurityActions
+{
+ /**
+ * Get context classloader.
+ *
+ * @return the current context classloader
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
+ /**
+ * Load a class using the provided classloader
+ *
+ * @param name
+ * @return
+ * @throws PrivilegedActionException
+ */
+ static Class<?> loadClass(final ClassLoader cl, final String name) throws
PrivilegedActionException, ClassNotFoundException
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return cl.loadClass(name);
+ }
+ else
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>() {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return cl.loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+ }
+}
\ No newline at end of file
Property changes on: common/trunk/src/main/java/org/jboss/wsf/common/SecurityActions.java
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Name: svn:eol-style
+ LF
Modified:
common/trunk/src/main/java/org/jboss/wsf/common/servlet/AbstractEndpointServlet.java
===================================================================
---
common/trunk/src/main/java/org/jboss/wsf/common/servlet/AbstractEndpointServlet.java 2009-06-21
00:54:08 UTC (rev 10207)
+++
common/trunk/src/main/java/org/jboss/wsf/common/servlet/AbstractEndpointServlet.java 2009-06-21
00:54:45 UTC (rev 10208)
@@ -22,6 +22,8 @@
package org.jboss.wsf.common.servlet;
import java.io.IOException;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import javax.management.ObjectName;
import javax.servlet.ServletConfig;
@@ -165,9 +167,27 @@
if (isJaxrpcJse || isJaxwsJse)
{
- ClassLoader classLoader = Thread.currentThread().getContextClassLoader();
+ ClassLoader classLoader = getContextClassLoader();
dep.setRuntimeClassLoader(classLoader);
}
}
+ private static ClassLoader getContextClassLoader()
+ {
+ SecurityManager sm = System.getSecurityManager();
+ if (sm == null)
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ else
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+ }
+
}