[ https://issues.apache.org/jira/browse/TUSCANY-4030?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kaushik Mukherjee updated TUSCANY-4030: --------------------------------------- Attachment: TUSCANY-4030v3.patch Updated all read calls to use doPrivileged() > AccessControlException when trying to read schemas with Java 2 security > enabled > ------------------------------------------------------------------------------- > > Key: TUSCANY-4030 > URL: https://issues.apache.org/jira/browse/TUSCANY-4030 > Project: Tuscany > Issue Type: Bug > Reporter: Kaushik Mukherjee > Attachments: TUSCANY-4030v3.patch > > > I believe we need to wrap line 183 in the XSDModelResolver with an > AccessController.doPrivileged so we can read a schema when java 2 security is > enabled. Working on a patch now. > InputSource xsd = null; > final XSDefinition finaldef = definition; > try { > try { > xsd = (InputSource) AccessController.doPrivileged(new > PrivilegedExceptionAction<InputSource>() { > public InputSource run() throws IOException { > return > XMLDocumentHelper.getInputSource(finaldef.getLocation().toURL()); > } > }); > } catch (PrivilegedActionException e) { > throw (IOException) e.getException(); > } > } catch (IOException e) { > throw new ContributionRuntimeException(e); > } > java.security.AccessControlException: Access denied (java.io.FilePermission > C:\WAS\was85a\profiles\AppSrv01\installedAssets\sdoscope-shared-oasis.jar\BASE\sdoscope-shared-oasis.jar > read) > at > java.security.AccessController.checkPermission(AccessController.java:132) > at java.lang.SecurityManager.checkPermission(SecurityManager.java:544) > at > com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:208) > at java.lang.SecurityManager.checkRead(SecurityManager.java:883) > at java.util.zip.ZipFile.<init>(ZipFile.java:145) > at java.util.jar.JarFile.<init>(JarFile.java:149) > at java.util.jar.JarFile.<init>(JarFile.java:86) > at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:84) > at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:60) > at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:92) > at > sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:119) > at > sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:147) > at > org.apache.tuscany.sca.common.xml.XMLDocumentHelper.openStream(XMLDocumentHelper.java:139) > at > org.apache.tuscany.sca.common.xml.XMLDocumentHelper.getInputSource(XMLDocumentHelper.java:129) > at > org.apache.tuscany.sca.xsd.xml.XSDModelResolver.loadOnDemand(XSDModelResolver.java:183) > at > org.apache.tuscany.sca.xsd.xml.XSDModelResolver.aggregate(XSDModelResolver.java:224) > at > org.apache.tuscany.sca.xsd.xml.XSDModelResolver.resolveModel(XSDModelResolver.java:123) > at > org.apache.tuscany.sca.contribution.resolver.ExtensibleModelResolver.resolveModel(ExtensibleModelResolver.java:154) -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira