Uploaded image for project: 'JBoss Enterprise Spec APIs'
  1. JBoss Enterprise Spec APIs
  2. JBEE-162

JAXWS SPI Provider should call ServiceLoader's load method within a privileged block

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • None
    • None
    • jboss-jaxws-api
    • None

      The JAXWS SPI Provider uses ServiceLoader to look for user specified provider implementations. When invoking load method on the ServiceLoader, read permission on the relevant jar is required.

      stacktrace:

      Caused by: java.security.AccessControlException: WFSM000001: Permission check failed (permission "("java.io.FilePermission" "/home/studensky/work/git/jboss-eap-myfork5/dist/target/wildfly-10.0.0.Final-SNAPSHOT/modules/system/layers/base/org/jboss/ws/cxf/jbossws-cxf-factories/main/jbossws-cxf-factories-5.1.2.Final.jar" "read")" in code source "(vfs:/content/ws-serviceref-example.jar <no signer certificates>)" of "null")
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:273)
	at org.wildfly.security.manager.WildFlySecurityManager.checkPermission(WildFlySecurityManager.java:175)
	at java.lang.SecurityManager.checkRead(SecurityManager.java:888)
	at org.wildfly.security.manager.WildFlySecurityManager.checkRead(WildFlySecurityManager.java:377)
	at java.util.zip.ZipFile.<init>(ZipFile.java:210)
	at java.util.zip.ZipFile.<init>(ZipFile.java:149)
	at java.util.jar.JarFile.<init>(JarFile.java:166)
	at java.util.jar.JarFile.<init>(JarFile.java:103)
	at sun.net.www.protocol.jar.URLJarFile.<init>(URLJarFile.java:93)
	at sun.net.www.protocol.jar.URLJarFile.getJarFile(URLJarFile.java:69)
	at sun.net.www.protocol.jar.JarFileFactory.get(JarFileFactory.java:99)
	at sun.net.www.protocol.jar.JarURLConnection.connect(JarURLConnection.java:122)
	at sun.net.www.protocol.jar.JarURLConnection.getInputStream(JarURLConnection.java:150)
	at java.net.URL.openStream(URL.java:1045)
	at java.util.ServiceLoader.parse(ServiceLoader.java:304)
	at java.util.ServiceLoader.access$200(ServiceLoader.java:185)
	at java.util.ServiceLoader$LazyIterator.hasNextService(ServiceLoader.java:357)
	at java.util.ServiceLoader$LazyIterator.access$600(ServiceLoader.java:323)
	at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:396)
	at java.util.ServiceLoader$LazyIterator$1.run(ServiceLoader.java:395)
	at java.security.AccessController.doPrivileged(Native Method)
	at java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398)
	at java.util.ServiceLoader$1.hasNext(ServiceLoader.java:474)
	at javax.xml.ws.spi.Provider$1.run(Provider.java:154)
	at javax.xml.ws.spi.Provider$1.run(Provider.java:152)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.xml.ws.spi.Provider.getProviderUsingServiceLoader(Provider.java:152)
	at javax.xml.ws.spi.Provider.provider(Provider.java:108)
	... 102 more

      Note: java.util.ServiceLoader$LazyIterator.hasNext(ServiceLoader.java:398) calls doPrivileged block with an AccessControlContext cached from the load method invocation.

            istudens@redhat.com Ivo Studensky
            istudens@redhat.com Ivo Studensky
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: