From d93ec216d63aed8ff2f08b4cba7de965dc14639c Mon Sep 17 00:00:00 2001 From: slaws Date: Fri, 26 Aug 2011 16:41:39 +0000 Subject: TUSCANY-3925 - Apply Jennifer's Java security patch. git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1162160 13f79535-47bb-0310-9956-ffa450edef68 --- .../tuscany/sca/core/assembly/impl/WSDLHelper.java | 29 +++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) (limited to 'sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/assembly/impl/WSDLHelper.java') diff --git a/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/assembly/impl/WSDLHelper.java b/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/assembly/impl/WSDLHelper.java index 778f613db1..0dfaed6791 100644 --- a/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/assembly/impl/WSDLHelper.java +++ b/sca-java-2.x/trunk/modules/core/src/main/java/org/apache/tuscany/sca/core/assembly/impl/WSDLHelper.java @@ -29,6 +29,9 @@ import java.io.OutputStreamWriter; import java.io.Writer; import java.net.URI; import java.net.URL; +import java.security.AccessController; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -36,6 +39,7 @@ import java.util.Map; import javax.wsdl.Definition; import javax.wsdl.PortType; import javax.wsdl.Types; +import javax.wsdl.WSDLException; import javax.wsdl.xml.WSDLLocator; import javax.wsdl.xml.WSDLReader; @@ -227,11 +231,30 @@ public class WSDLHelper { // read for (XMLString xmlString : xmlMap.values()){ if (xmlString instanceof WSDLInfo){ - WSDLReader reader = javax.wsdl.factory.WSDLFactory.newInstance().newWSDLReader(); + WSDLReader reader; + try { + reader = AccessController.doPrivileged(new PrivilegedExceptionAction() { + public WSDLReader run() throws WSDLException { + return javax.wsdl.factory.WSDLFactory.newInstance().newWSDLReader(); + } + }); + } catch (PrivilegedActionException e){ + throw (WSDLException)e.getException(); + } reader.setFeature("javax.wsdl.verbose", false); reader.setFeature("javax.wsdl.importDocuments", true); - WSDLLocatorImpl locator = new WSDLLocatorImpl(xmlString.getBaseURI(), xmlMap); - Definition readDefinition = reader.readWSDL(locator); + final WSDLLocatorImpl locator = new WSDLLocatorImpl(xmlString.getBaseURI(), xmlMap); + final WSDLReader freader = reader; + Definition readDefinition; + try { + readDefinition = AccessController.doPrivileged(new PrivilegedExceptionAction() { + public Definition run() throws WSDLException { + return freader.readWSDL(locator); + } + }); + } catch (PrivilegedActionException e){ + throw (WSDLException)e.getException(); + } WSDLDefinition wsdlDefinition = wsdlFactory.createWSDLDefinition(); wsdlDefinition.setDefinition(readDefinition); -- cgit v1.2.3