JAXWS: Java2Security Violation Fixes
------------------------------------
Key: AXIS2-4390
URL: https://issues.apache.org/jira/browse/AXIS2-4390
Project: Axis 2.0 (Axis2)
Issue Type: Bug
Reporter: Rich Scheuerle
Assignee: Rich Scheuerle
Two Java2Security violations were detected during IBM testing.
The first violation occurs in
org/apache/axis2/jaxws/description/impl/DescriptionUtils.openHandlerConfig
stream.
The non-priv code causes the handler configuration access to fail. This can
cause user applications to fail.
The second violation occurs in the JAX-WS JavaBeanDispatcher while getting the
Context ClassLoader.
Solution;
I am correcting the code to add the appropriate ammount of doPriv stanzas.
Kudos to Paul Mariduena for his cooperation on the design and testing of these
fixes.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
