Freeman, If there is a security manager in place with permissions required, particularly around system properties, this commit can now likely cause a different SecurityException. Can you update the code to use the:
org.apache.cxf.common.util.SystemPropertyAction stuff to get the system property to trap that potential issue? Thanks! Dan On Friday, February 03, 2012 6:37:47 AM ff...@apache.org wrote: > Author: ffang > Date: Fri Feb 3 06:37:47 2012 > New Revision: 1240006 > > URL: http://svn.apache.org/viewvc?rev=1240006&view=rev > Log: > [CXF-4085]introduce > org.apache.cxf.jaxws.checkPublishEndpointPermissionWithSecurityManager for > EndpointImpl so that get chance to bypass SecurityManager Check in some > cases > > Modified: > > cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl > .java > > Modified: > cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl > .java URL: > http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxws/src/main/java/org/ > apache/cxf/jaxws/EndpointImpl.java?rev=1240006&r1=1240005&r2=1240006&view=di > ff > =========================================================================== > === --- > cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl > .java (original) +++ > cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl > .java Fri Feb 3 06:37:47 2012 @@ -79,6 +79,9 @@ public class EndpointImpl > extends javax. > public static final String CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY = > "org.apache.cxf.jaxws.checkPublishEndpointPermission"; > > + public static final String > CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY_WITH_SECURITY_MANAGER = + > "org.apache.cxf.jaxws.checkPublishEndpointPermissionWithSecurityManager"; + > private static final WebServicePermission PUBLISH_PERMISSION = > new WebServicePermission("publishEndpoint"); > private static final Logger LOG = > LogUtils.getL7dLogger(EndpointImpl.class); @@ -492,7 +495,12 @@ public > class EndpointImpl extends javax. > > protected void checkPublishPermission() { > SecurityManager sm = System.getSecurityManager(); > - if (sm != null) { > + boolean checkPublishEndpointPermissionWithSecurityManager > + = Boolean.valueOf( > + System.getProperty( > + > CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY_WITH_SECURITY_MANAGER, + > "true")); > + if (checkPublishEndpointPermissionWithSecurityManager && sm != > null) { sm.checkPermission(PUBLISH_PERMISSION); > } else if > (Boolean.getBoolean(CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY)) { > AccessController.checkPermission(PUBLISH_PERMISSION); -- Daniel Kulp dk...@apache.org - http://dankulp.com/blog Talend Community Coder - http://coders.talend.com
