[jboss-jira] [JBoss JIRA] (WFLY-3463) org.apache.cxf.wsdl11.WSDLManagerImpl needs read access to the jre wsdl.properties

Alessio Soldano (JIRA) issues at jboss.org
Mon Jun 9 05:04:16 EDT 2014 

    [ https://issues.jboss.org/browse/WFLY-3463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12974487#comment-12974487 ] 

Alessio Soldano commented on WFLY-3463:
---------------------------------------

It's not CXF WSDLManagerImpl who needs read access to JRE wsdl.properties, but WSDL4J javax.wsdl.factory.WSDLFactory#findFactoryImplName(). That method goes through multiple options for figuring out the actual wsdl factory impl to use and eventually defaults to "com.ibm.wsdl.factory.WSDLFactoryImpl" if no preference is set (which is the most common scenario). While the lookup of the "javax.wsdl.factory.WSDLFactory" system property is performed properly by catching a possibly SecurityException, the last mechanism (which is accessing the JRE wsdl.properties) does not consider a possible SecurityException. That makes the findFactoryImplName() method fail and not return the default factory name.
That's why I mentioned the workaround, which is basically asking in advance to use the default factory.

Now, to me this is a bug in WSDL4J. We could "workaround" it in CXF by catching the SecurityException and using the "com.ibm.wsdl.factory.WSDLFactoryImpl" factory name in that case, but it would really be ugly (not something I'm going to to).

> org.apache.cxf.wsdl11.WSDLManagerImpl needs read access to the jre wsdl.properties
> ----------------------------------------------------------------------------------
>
>                 Key: WFLY-3463
>                 URL: https://issues.jboss.org/browse/WFLY-3463
>             Project: WildFly
>          Issue Type: Feature Request
>      Security Level: Public(Everyone can see) 
>          Components: Security Manager
>            Reporter: Scott Marlow
>            Assignee: Alessio Soldano
>             Fix For: 9.0.0.Alpha1
>
>
> During TCK testing (with security-manager enabled), I am seeing a java.security.AccessControlException: WFSM000001: Permission check failed for ("java.io.FilePermission" "/qa/tools/opt/x86_64/jdk1.7.0_60/jre/lib/wsdl.properties" "read")
> from org.apache.cxf.wsdl11.WSDLManagerImpl.
> Some related comments from irc:
> {quote}
> http://sourceforge.net/p/wsdl4j/patches/1/
> <asoldano> smarlow, I'm currently working around the problem (when running with security manager on) by setting "-Djavax.wsdl.factory.WSDLFactory=com.ibm.wsdl.factory.WSDLFactoryImpl" when starting the jvm
> {quote}
> Seems related to [https://issues.apache.org/jira/browse/TUSCANY-3925] which also has a patch.



--
This message was sent by Atlassian JIRA
(v6.2.3#6260)

More information about the jboss-jira mailing list