[jboss-jira] [JBoss JIRA] (JBEE-162) JAXWS SPI Provider should call ServiceLoader's load method within a privileged block
Ivo Studensky (JIRA)
issues at jboss.org
Thu Feb 25 07:39:00 EST 2016
[ https://issues.jboss.org/browse/JBEE-162?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ivo Studensky resolved JBEE-162.
--------------------------------
Resolution: Done
Fixed in jboss-jaxws-api_2.2_spec-2.0.3.Final.
> JAXWS SPI Provider should call ServiceLoader's load method within a privileged block
> ------------------------------------------------------------------------------------
>
> Key: JBEE-162
> URL: https://issues.jboss.org/browse/JBEE-162
> Project: JBoss JavaEE Spec APIs
> Issue Type: Bug
> Components: jboss-jaxws-api
> Reporter: Ivo Studensky
> Assignee: Ivo Studensky
>
> The JAXWS SPI {{Provider}} uses {{ServiceLoader}} to look for user specified provider implementations. When invoking {{load}} method on the {{ServiceLoader}}, read permission on the relevant jar is required.
> stacktrace:
> {noformat}
> Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/studensky/work/git/jboss-eap-myfork5/dist/target/wildfly-10.0.0.Final-SNAPSHOT/modules/system/layers/base/org/jboss/ws/cxf/jbossws-cxf-factories/main/jbossws-cxf-factories-5.1.2.Final.jar" "read")" in code source "(vfs:/content/ws-serviceref-example.jar <no signer certificates>)" of "null")
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
> at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
> at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:377)
> at java.util.zip.ZipFile.<init>(ZipFile.java:210)
> at java.util.zip.ZipFile.<init>(ZipFile.java:149)
> at java.util.jar.JarFile.<init>(JarFile.java:166)
> at java.util.jar.JarFile.<init>(JarFile.java:103)
> at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
> at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
> at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99)
> at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
> at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150)
> at java.net.URL.openStream(URL.java:1045)
> at java.util.ServiceLoader.parse(ServiceLoader.java:304)
> at java.util.ServiceLoader.access$200(ServiceLoader.java:185)
> at java.util.ServiceLoader$LazyIterator.hasNextService(ServiceLoader.java:357)
> at java.util.ServiceLoader$LazyIterator.access$600(ServiceLoader.java:323)
> at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:396)
> at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:395)
> at java.security.AccessController.doPrivileged(Native Method)
> at java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398)
> at java.util.ServiceLoader$1.hasNext(ServiceLoader.java:474)
> at javax.xml.ws.spi.Provider$1.run(Provider.java:154)
> at javax.xml.ws.spi.Provider$1.run(Provider.java:152)
> at java.security.AccessController.doPrivileged(Native Method)
> at javax.xml.ws.spi.Provider.getProviderUsingServiceLoader(Provider.java:152)
> at javax.xml.ws.spi.Provider.provider(Provider.java:108)
> ... 102 more
> {noformat}
> Note: {{java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398)}} calls {{doPrivileged}} block with an {{AccessControlContext}} cached from the {{load}} method invocation.
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list