[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: [NEW ISSUE] Problems with Java Client API classes
getThreadContextClassLoader () method
This method accesses the ThreadContextClassLoader
without a doPriviledged wrapper, which gives problems when using this
code in a secured environment:
private static ClassLoader
getThreadContextClassLoader () {
final ClassLoader
threadClassLoader =
Thread.currentThread().getContextClassLoader();
return
threadClassLoader;
}
2) SCAClientFactoryFinderImpl class
does not support a null Domain name
instantiateSCAClientFactoryClass(...)
method:
private static SCAClientFactory
instantiateSCAClientFactoryClass(
Class<? extends SCAClientFactory> factoryImplClass,
URI domainURI)
throws
NoSuchDomainException, ServiceRuntimeException {
try {
Constructor<? extends SCAClientFactory> URIConstructor =
factoryImplClass.getConstructor(domainURI.getClass());
<<-------- this method invocation
SCAClientFactory provider =
URIConstructor.newInstance( domainURI );
By using domainURI.getClass(), this
code unnecessarily requires a non-null domainURI,, even if the eventual
client Factory implementation
supports a null Domain name.
3) Properties not passed on the SCAClientFactory
SCAClientFactoryFinderImpl class
instantiateSCAClientFactoryClass(...)
method:
Various of the client APIs provide the
capability to pass a set of Properties to the SCAClientFactory, but the
default code in the
SCAClientFactoryFinderImpl class does
not pass these Properties to the underlying SCAClientFactory:
private static SCAClientFactory
instantiateSCAClientFactoryClass(
Class<? extends SCAClientFactory> factoryImplClass,
// 1) <<----- no Properties parameter to
the method
URI domainURI)
throws
NoSuchDomainException, ServiceRuntimeException {
try {
Constructor<? extends SCAClientFactory> URIConstructor =
factoryImplClass.getConstructor(domainURI.getClass());
SCAClientFactory provider =
URIConstructor.newInstance( domainURI );
//
2) <<------ no Properties parameter when creating the SCAClientFactory
return provider;
Proposal:
1) Add a doPrivileged wrapped in the
getThreadContextClassLoader() method:
private static ClassLoader getThreadContextClassLoader
() {
return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
public ClassLoader run() {
return Thread.currentThread().getContextClassLoader();
}
});
}
2) Allow a null domainURI
Change the instantiateSCAClientFactoryClass(...)
method: to get the URI class directly:
try {
Constructor<? extends SCAClientFactory>
URIConstructor =
factoryImplClass.getConstructor(URI.class);
//<<------- get the URI class directly
SCAClientFactory provider =
URIConstructor.newInstance(
domainURI );
return provider;
3) Add a Properties parameter to the
instantiateSCAClientFactoryClass method and to the newInstance
private static SCAClientFactory
instantiateSCAClientFactoryClass(
Class<? extends SCAClientFactory> factoryImplClass,
URI domainURI, Properties properties)
// <<----- add Properties parameteer
throws NoSuchDomainException, ServiceRuntimeException
{
try {
Constructor<? extends SCAClientFactory>
URIConstructor =
factoryImplClass.getConstructor(URI.class,
Properties.class); // <<---- look for the constructor
with Properties parameter
SCAClientFactory provider =
URIConstructor.newInstance(
domainURI, properties ); // <<----
call newInstance with properties parameter
return provider;
} catch (Throwable ex) {
throw new ServiceRuntimeException(
+ change the invocation of instantiateSCAClientFactoryClass(...)
method in the find(...)
method:
public SCAClientFactory
find(Properties properties,
ClassLoader classLoader,
URI domainURI )
throws NoSuchDomainException, ServiceRuntimeException {
if (classLoader == null) {
classLoader
= getThreadContextClassLoader ();
}
final String factoryImplClassName =
discoverProviderFactoryImplClass(properties,
classLoader);
final Class<? extends SCAClientFactory>
factoryImplClass
= loadProviderFactoryClass(factoryImplClassName,
classLoader);
final SCAClientFactory factory =
instantiateSCAClientFactoryClass(factoryImplClass,
domainURI, properties );
// <<---- added properties parameter
return factory;
}
Yours, Mike
| |||
Dr Mike Edwards | Mail Point 137, Hursley Park | ||
STSM | Winchester, Hants SO21 2JN | ||
SCA & Services Standards | United Kingdom | ||
Co-Chair OASIS SCA Assembly TC | |||
IBM Software Group | |||
Phone: | +44-1962 818014 | ||
Mobile: | +44-7802-467431 (274097) | ||
e-mail: | mike_edwards@uk.ibm.com | ||
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6
3AU
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]