Tuscany
  1. Tuscany
  2. TUSCANY-4030

AccessControlException when trying to read schemas with Java 2 security enabled

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: Java-SCA-2.0
    • Component/s: None
    • Labels:
      None
    • Patch Info:
      Patch Available

      Description

      I believe we need to wrap line 183 in the XSDModelResolver with an AccessController.doPrivileged so we can read a schema when java 2 security is enabled. Working on a patch now.

      InputSource xsd = null;
      final XSDefinition finaldef = definition;
      try {
      try {
      xsd = (InputSource) AccessController.doPrivileged(new PrivilegedExceptionAction<InputSource>() {
      public InputSource run() throws IOException

      { return XMLDocumentHelper.getInputSource(finaldef.getLocation().toURL()); }

      });
      } catch (PrivilegedActionException e)

      { throw (IOException) e.getException(); }

      } catch (IOException e)

      { throw new ContributionRuntimeException(e); }

      java.security.AccessControlException: Access denied (java.io.FilePermission C:\WAS\was85a\profiles\AppSrv01\installedAssets\sdoscope-shared-oasis.jar\BASE\sdoscope-shared-oasis.jar read)
      at java.security.AccessController.checkPermission(AccessController.java:132)
      at java.lang.SecurityManager.checkPermission(SecurityManager.java:544)
      at com.ibm.ws.security.core.SecurityManager.checkPermission(SecurityManager.java:208)
      at java.lang.SecurityManager.checkRead(SecurityManager.java:883)
      at java.util.zip.ZipFile.<init>(ZipFile.java:145)
      at java.util.jar.JarFile.<init>(JarFile.java:149)
      at java.util.jar.JarFile.<init>(JarFile.java:86)
      at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:84)
      at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:60)
      at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:92)
      at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:119)
      at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:147)
      at org.apache.tuscany.sca.common.xml.XMLDocumentHelper.openStream(XMLDocumentHelper.java:139)
      at org.apache.tuscany.sca.common.xml.XMLDocumentHelper.getInputSource(XMLDocumentHelper.java:129)
      at org.apache.tuscany.sca.xsd.xml.XSDModelResolver.loadOnDemand(XSDModelResolver.java:183)
      at org.apache.tuscany.sca.xsd.xml.XSDModelResolver.aggregate(XSDModelResolver.java:224)
      at org.apache.tuscany.sca.xsd.xml.XSDModelResolver.resolveModel(XSDModelResolver.java:123)
      at org.apache.tuscany.sca.contribution.resolver.ExtensibleModelResolver.resolveModel(ExtensibleModelResolver.java:154)

      1. TUSCANY-4030v3.patch
        5 kB
        Kaushik Mukherjee

        Activity

        Hide
        Kaushik Mukherjee added a comment -

        Wrapped XMLDocumentHelper.getInputSource() with AccessController.doPrivileged().

        Show
        Kaushik Mukherjee added a comment - Wrapped XMLDocumentHelper.getInputSource() with AccessController.doPrivileged().
        Hide
        Kaushik Mukherjee added a comment -

        Updated the patch to use doPrivileged calls for all occurrences

        Show
        Kaushik Mukherjee added a comment - Updated the patch to use doPrivileged calls for all occurrences
        Hide
        Kaushik Mukherjee added a comment -

        Updated all read calls to use doPrivileged()

        Show
        Kaushik Mukherjee added a comment - Updated all read calls to use doPrivileged()
        Hide
        Simon Laws added a comment -

        Applied at revision: 1304257. Thanks for the patch Kaushik.

        Show
        Simon Laws added a comment - Applied at revision: 1304257. Thanks for the patch Kaushik.

          People

          • Assignee:
            Simon Laws
            Reporter:
            Kaushik Mukherjee
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development