SCOUT-79: privileged blocks
git-svn-id: https://svn.apache.org/repos/asf/webservices/scout/branches/v1.1/scout@796883 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/src/main/java/org/apache/ws/scout/registry/ConnectionImpl.java b/src/main/java/org/apache/ws/scout/registry/ConnectionImpl.java
index 7787864..af10229 100644
--- a/src/main/java/org/apache/ws/scout/registry/ConnectionImpl.java
+++ b/src/main/java/org/apache/ws/scout/registry/ConnectionImpl.java
@@ -52,7 +52,7 @@
if (transportClass!=null) {
prop.setProperty(RegistryImpl.TRANSPORT_CLASS_PROPERTY_NAME, transportClass);
} else {
- String transport = System.getProperty(RegistryImpl.TRANSPORT_CLASS_PROPERTY_NAME);
+ String transport = SecurityActions.getProperty(RegistryImpl.TRANSPORT_CLASS_PROPERTY_NAME);
if (transport != null) {
prop.setProperty(RegistryImpl.TRANSPORT_CLASS_PROPERTY_NAME, transport);
}
diff --git a/src/main/java/org/apache/ws/scout/registry/RegistryImpl.java b/src/main/java/org/apache/ws/scout/registry/RegistryImpl.java
index 21eff8f..da27eb0 100644
--- a/src/main/java/org/apache/ws/scout/registry/RegistryImpl.java
+++ b/src/main/java/org/apache/ws/scout/registry/RegistryImpl.java
@@ -20,6 +20,9 @@
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
+import java.security.AccessControlContext;
+import java.security.AccessController;
+import java.security.PrivilegedAction;
import java.util.Arrays;
import java.util.Properties;
@@ -1133,7 +1136,13 @@
try {
// log.info("Using the Context ClassLoader");
- ClassLoader ccl = Thread.currentThread().getContextClassLoader();
+ ClassLoader ccl = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run() {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+
clazz = Class.forName(name, true, ccl);
} catch (Exception e) {
//log.warn("Failed to load the class " + name + " with context
@@ -1141,7 +1150,12 @@
}
if (null == clazz) {
- ClassLoader scl = ClassLoader.getSystemClassLoader();
+ ClassLoader scl = AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run() {
+ return ClassLoader.getSystemClassLoader();
+ }
+ });
try {
clazz = Class.forName(name, true, scl);
diff --git a/src/main/java/org/apache/ws/scout/registry/SecurityActions.java b/src/main/java/org/apache/ws/scout/registry/SecurityActions.java
new file mode 100644
index 0000000..ff51ae7
--- /dev/null
+++ b/src/main/java/org/apache/ws/scout/registry/SecurityActions.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.scout.registry;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Security Privileged Actions
+ *
+ * @author <a href="mailto:anil@apache.org">Anil Saldhana</a>
+ */
+class SecurityActions
+{
+ static String getProperty(final String key, final String defaultValue)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run() {
+ return System.getProperty(key, defaultValue);
+ }
+ });
+ }
+
+ static String getProperty(final String key)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run() {
+ return System.getProperty(key);
+ }
+ });
+ }
+
+}
\ No newline at end of file
diff --git a/src/main/java/org/apache/ws/scout/transport/RMITransport.java b/src/main/java/org/apache/ws/scout/transport/RMITransport.java
index 14da4ec..e250f74 100644
--- a/src/main/java/org/apache/ws/scout/transport/RMITransport.java
+++ b/src/main/java/org/apache/ws/scout/transport/RMITransport.java
@@ -66,9 +66,9 @@
Properties env = new Properties();
//It be a lot nicer if this is configured through properties, but for now
//I'd like to keep the changes localized, so this seems pretty reasonable.
- String factoryInitial = System.getProperty("java.naming.factory.initial");
+ String factoryInitial = SecurityActions.getProperty("java.naming.factory.initial");
if (factoryInitial==null) factoryInitial = "org.jnp.interfaces.NamingContextFactory";
- String factoryURLPkgs = System.getProperty("java.naming.factory.url.pkgs");
+ String factoryURLPkgs = SecurityActions.getProperty("java.naming.factory.url.pkgs");
if (factoryURLPkgs==null) factoryURLPkgs = "org.jboss.naming";
env.setProperty("java.naming.factory.initial", factoryInitial);
env.setProperty("java.naming.factory.url.pkgs", factoryURLPkgs);
diff --git a/src/main/java/org/apache/ws/scout/transport/SecurityActions.java b/src/main/java/org/apache/ws/scout/transport/SecurityActions.java
new file mode 100644
index 0000000..fdfdd30
--- /dev/null
+++ b/src/main/java/org/apache/ws/scout/transport/SecurityActions.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2001-2004 The Apache Software Foundation.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.ws.scout.transport;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Security Privileged Actions
+ *
+ * @author <a href="mailto:anil@apache.org">Anil Saldhana</a>
+ */
+class SecurityActions
+{
+ static String getProperty(final String key, final String defaultValue)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run() {
+ return System.getProperty(key, defaultValue);
+ }
+ });
+ }
+
+ static String getProperty(final String key)
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<String>()
+ {
+ public String run() {
+ return System.getProperty(key);
+ }
+ });
+ }
+
+}
\ No newline at end of file