Re: svn commit: r1240006 - /cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/EndpointImpl.java

Sun, 05 Feb 2012 21:14:10 -0800 

Hi Dan,

Thanks for the reminder. It's done.

Freeman
On 2012-2-3, at 下午10:54, Daniel Kulp wrote:



Freeman,

If there is a security manager in place with permissions required,
particularly around system properties, this commit can now likely cause a 
different SecurityException.   Can you update the code to use the:

org.apache.cxf.common.util.SystemPropertyAction

stuff to get the system property to trap that potential issue?


Thanks!
Dan



On Friday, February 03, 2012 6:37:47 AM ff...@apache.org wrote:

Author: ffang
Date: Fri Feb  3 06:37:47 2012
New Revision: 1240006

URL: http://svn.apache.org/viewvc?rev=1240006&view=rev
Log:
[CXF-4085]introduce
org .apache.cxf.jaxws.checkPublishEndpointPermissionWithSecurityManager for EndpointImpl so that get chance to bypass SecurityManager Check in some 
cases

Modified:
cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/ EndpointImpl 
.java

Modified:
cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/ EndpointImpl 
.java URL:
http://svn.apache.org/viewvc/cxf/trunk/rt/frontend/jaxws/src/main/java/org/
apache/cxf/jaxws/EndpointImpl.java? rev=1240006&r1=1240005&r2=1240006&view=di 
ff
= = = = = = ===================================================================== 
=== ---
cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/ EndpointImpl 
.java (original) +++
cxf/trunk/rt/frontend/jaxws/src/main/java/org/apache/cxf/jaxws/ EndpointImpl .java Fri Feb 3 06:37:47 2012 @@ -79,6 +79,9 @@ public class EndpointImpl 
extends javax.
public static final String CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY = 
        "org.apache.cxf.jaxws.checkPublishEndpointPermission";

+    public static final String
CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY_WITH_SECURITY_MANAGER = +
"org .apache .cxf.jaxws.checkPublishEndpointPermissionWithSecurityManager"; + 
    private static final WebServicePermission PUBLISH_PERMISSION =
        new WebServicePermission("publishEndpoint");
    private static final Logger LOG =
LogUtils.getL7dLogger(EndpointImpl.class); @@ -492,7 +495,12 @@ public 
class EndpointImpl extends javax.

    protected void checkPublishPermission() {
        SecurityManager sm = System.getSecurityManager();
-        if (sm != null) {
+        boolean checkPublishEndpointPermissionWithSecurityManager
+            = Boolean.valueOf(
+                      System.getProperty(
+
CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY_WITH_SECURITY_MANAGER, +
                              "true"));
+ if (checkPublishEndpointPermissionWithSecurityManager && sm != 
null) { sm.checkPermission(PUBLISH_PERMISSION);
        } else if
(Boolean.getBoolean(CHECK_PUBLISH_ENDPOINT_PERMISSON_PROPERTY)) {
AccessController.checkPermission(PUBLISH_PERMISSION);

--
Daniel Kulp
dk...@apache.org - http://dankulp.com/blog
Talend Community Coder - http://coders.talend.com


---------------------------------------------
Freeman Fang

FuseSource
Email:ff...@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com

Reply via email to