JBossWS SVN: r16559 - stack/cxf/branches/jbossws-cxf-3.1.2/modules/server/src/main/java/org/jboss/wsf/stack/cxf. - jbossws-commits

Sunday, 29 July 2012


Author: alessio.soldano(a)jboss.com
Date: 2012-07-29 10:20:51 -0400 (Sun, 29 Jul 2012)
New Revision: 16559

Modified:
  
stack/cxf/branches/jbossws-cxf-3.1.2/modules/server/src/main/java/org/jboss/wsf/stack/cxf/DescriptorDeploymentAspect.java
Log:
Minor code cleanup


Modified:
stack/cxf/branches/jbossws-cxf-3.1.2/modules/server/src/main/java/org/jboss/wsf/stack/cxf/DescriptorDeploymentAspect.java
===================================================================
---
stack/cxf/branches/jbossws-cxf-3.1.2/modules/server/src/main/java/org/jboss/wsf/stack/cxf/DescriptorDeploymentAspect.java	2012-07-29
14:19:49 UTC (rev 16558)
+++
stack/cxf/branches/jbossws-cxf-3.1.2/modules/server/src/main/java/org/jboss/wsf/stack/cxf/DescriptorDeploymentAspect.java	2012-07-29
14:20:51 UTC (rev 16559)
@@ -230,7 +230,6 @@
          if (cl == null) {
             cl = dep.getInitialClassLoader();
          }
-         System.out.println("** CL: " + cl);
          for (String ep : endpoints)
          {
             Class<?> clazz = cl.loadClass(ep);
@@ -256,16 +255,9 @@
          }
          //then check wsdl files for contract first endpoints
          for (String w : wsdlLocations) {
-            try
-            {
-               ArchiveDeployment archDep = (ArchiveDeployment)dep;
-               URL wsdlURL = archDep.getResourceResolver().resolve(w);
-               checkAssertionsAndGet(wsdlURL, null, null, null);
-            }
-            catch (Exception e)
-            {
-               throw new RuntimeException(e);
-            }
+            ArchiveDeployment archDep = (ArchiveDeployment)dep;
+            URL wsdlURL = archDep.getResourceResolver().resolve(w);
+            checkAssertionsAndGet(wsdlURL, null, null, null);
          }
       }
       catch (Exception e)
@@ -274,16 +266,18 @@
       }
    }
    
-   private Set<String> checkAssertionsAndGet(URL cxfUrl, String searchNS, String
searchLocalName, String searchAttributeName) throws Exception
+   private Set<String> checkAssertionsAndGet(URL url, String searchNS, String
searchLocalName, String searchAttributeName) throws Exception
    {
-      log.info("* checking... " + cxfUrl);
+      if (log.isTraceEnabled()) {
+         log.trace("* checking for CVE-2012-2379 possibly vulnerable assertions in
" + url);
+      }
       InputStream is = null;
       XMLStreamReader reader = null;
       Set<String> endpoints = new HashSet<String>();
       final boolean search = searchNS != null || searchLocalName != null ||
searchAttributeName != null;
       try
       {
-         is = cxfUrl.openStream();
+         is = url.openStream();
          reader = StAXUtils.createXMLStreamReader(is);
          while (reader.hasNext())
          {
@@ -293,13 +287,11 @@
                {
                   if (StAXUtils.match(reader, NAMESPACES, ASSERTIONS))
                   {
-                     throw new RuntimeException("WS-Security Policy SupportingTokens
not allowed due to known security vulnerability! URL: " + cxfUrl);
+                     throw new RuntimeException("WS-Security Policy SupportingTokens
not allowed due to known security vulnerability! URL: " + url);
                   }
                   else if (search && StAXUtils.match(reader, searchNS,
searchLocalName))
                   {
-                     String e = reader.getAttributeValue(null,
searchAttributeName).trim();
-                     System.out.println("--> " + e);
-                     endpoints.add(e);
+                     endpoints.add(reader.getAttributeValue(null,
searchAttributeName).trim());
                   }
                }
             }


    

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

JBossWS SVN: r16559 - stack/cxf/branches/jbossws-cxf-3.1.2/modules/server/src/main/java/org/jboss/wsf/stack/cxf.