Skip to content

Commit fc58c48

Browse files
committed
[CXF-9227] Fix SecurityManager permission regressions introduced in 4.1.7 (#3256)
(cherry picked from commit 316973a)
1 parent 4df6904 commit fc58c48

3 files changed

Lines changed: 27 additions & 3 deletions

File tree

core/src/main/java/org/apache/cxf/resource/URIResolver.java

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,8 @@
3232
import java.nio.file.Files;
3333
import java.security.AccessController;
3434
import java.security.PrivilegedAction;
35+
import java.security.PrivilegedActionException;
36+
import java.security.PrivilegedExceptionAction;
3537
import java.util.Arrays;
3638
import java.util.Collections;
3739
import java.util.HashMap;
@@ -271,7 +273,16 @@ private static boolean followRedirect(int status) {
271273

272274
private HttpURLConnection createInputStream() throws IOException {
273275
checkAllowedScheme(url);
274-
HttpURLConnection huc = (HttpURLConnection)url.openConnection();
276+
// Wrap the network connection in doPrivileged so that callers (including
277+
// user deployments) do not need SocketPermission for the target host.
278+
final HttpURLConnection huc;
279+
try {
280+
huc = AccessController.doPrivileged(
281+
(PrivilegedExceptionAction<HttpURLConnection>) () ->
282+
(HttpURLConnection)url.openConnection());
283+
} catch (PrivilegedActionException e) {
284+
throw (IOException) e.getException();
285+
}
275286

276287
String host = SystemPropertyAction.getPropertyOrNull("http.proxyHost");
277288
if (host != null) {

core/src/main/java/org/apache/cxf/ws/addressing/EndpointReferenceUtils.java

Lines changed: 11 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,6 +27,8 @@
2727
import java.net.URI;
2828
import java.net.URISyntaxException;
2929
import java.net.URL;
30+
import java.security.AccessController;
31+
import java.security.PrivilegedAction;
3032
import java.util.HashSet;
3133
import java.util.LinkedHashMap;
3234
import java.util.List;
@@ -199,7 +201,15 @@ public LSInput resolveResource(String type, String namespaceURI, String publicId
199201
systemId = publicId;
200202
}
201203
if (systemId != null) {
202-
InputSource source = resolver.resolve(systemId, baseURI);
204+
// Run inside doPrivileged so that sm.checkPermission() calls
205+
// inside the resolver chain (SecurityActions.fileExists) stop
206+
// at this boundary and check only CXF's own permissions rather
207+
// than walking up through the JAXP schema-validator frames that
208+
// lack CXF-internal permissions.
209+
final String sid = systemId;
210+
final String buri = baseURI;
211+
InputSource source = AccessController.doPrivileged(
212+
(PrivilegedAction<InputSource>) () -> resolver.resolve(sid, buri));
203213
if (source != null) {
204214
impl = new LSInputImpl();
205215
impl.setByteStream(source.getByteStream());

rt/transports/http/src/main/java/org/apache/cxf/transport/http/ProxyFactory.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,6 +22,8 @@
2222
import java.net.Proxy;
2323
import java.net.ProxySelector;
2424
import java.net.URI;
25+
import java.security.AccessController;
26+
import java.security.PrivilegedAction;
2527
import java.util.List;
2628
import java.util.regex.Pattern;
2729

@@ -50,7 +52,8 @@ public Proxy createProxy(HTTPClientPolicy policy, URI currentUrl) {
5052
* are honoured rather than bypassed.
5153
*/
5254
private Proxy getSystemProxy(URI uri) {
53-
ProxySelector selector = ProxySelector.getDefault();
55+
ProxySelector selector = AccessController.doPrivileged(
56+
(PrivilegedAction<ProxySelector>) ProxySelector::getDefault);
5457
if (selector == null) {
5558
return null;
5659
}

0 commit comments

Comments
 (0)