Skip to content

Commit 89a2ace

Browse files
committed
[CXF-9227] Fix SecurityManager permission regressions introduced in 4.1.7
1 parent b2c370c commit 89a2ace

3 files changed

Lines changed: 22 additions & 3 deletions

File tree

core/src/main/java/org/apache/cxf/resource/SecurityActions.java

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,9 +33,14 @@ static boolean fileExists(final File file, Permission permission) {
3333
if (sm == null) {
3434
return file.exists();
3535
}
36-
sm.checkPermission(permission);
36+
// Move the permission check inside doPrivileged so the stack walk stops
37+
// at the doPrivileged boundary. Checking outside doPrivileged walks all
38+
// the way up to user-deployment code, which must not be required to hold
39+
// a CXF-internal permission. Inside doPrivileged only CXF's own privilege
40+
// context is checked, preserving the confused-deputy guard.
3741
return AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
3842
public Boolean run() {
43+
sm.checkPermission(permission);
3944
return file.exists();
4045
}
4146
});

core/src/main/java/org/apache/cxf/resource/URIResolver.java

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,8 @@
3232
import java.nio.file.Files;
3333
import java.security.AccessController;
3434
import java.security.PrivilegedAction;
35+
import java.security.PrivilegedActionException;
36+
import java.security.PrivilegedExceptionAction;
3537
import java.util.Arrays;
3638
import java.util.Collections;
3739
import java.util.HashMap;
@@ -271,7 +273,16 @@ private static boolean followRedirect(int status) {
271273

272274
private HttpURLConnection createInputStream() throws IOException {
273275
checkAllowedScheme(url);
274-
HttpURLConnection huc = (HttpURLConnection)url.openConnection();
276+
// Wrap the network connection in doPrivileged so that callers (including
277+
// user deployments) do not need SocketPermission for the target host.
278+
final HttpURLConnection huc;
279+
try {
280+
huc = AccessController.doPrivileged(
281+
(PrivilegedExceptionAction<HttpURLConnection>) () ->
282+
(HttpURLConnection)url.openConnection());
283+
} catch (PrivilegedActionException e) {
284+
throw (IOException) e.getException();
285+
}
275286

276287
String host = SystemPropertyAction.getPropertyOrNull("http.proxyHost");
277288
if (host != null) {

rt/transports/http/src/main/java/org/apache/cxf/transport/http/ProxyFactory.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@
2222
import java.net.Proxy;
2323
import java.net.ProxySelector;
2424
import java.net.URI;
25+
import java.security.AccessController;
26+
import java.security.PrivilegedAction;
2527
import java.util.List;
2628
import java.util.regex.Pattern;
2729

@@ -50,7 +52,8 @@ public Proxy createProxy(HTTPClientPolicy policy, URI currentUrl) {
5052
* are honoured rather than bypassed.
5153
*/
5254
private Proxy getSystemProxy(URI uri) {
53-
ProxySelector selector = ProxySelector.getDefault();
55+
ProxySelector selector = AccessController.doPrivileged(
56+
(PrivilegedAction<ProxySelector>) ProxySelector::getDefault);
5457
if (selector == null) {
5558
return null;
5659
}

0 commit comments

Comments
 (0)