ws-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Veithen (JIRA)" <>
Subject [jira] [Reopened] (AXIOM-62) Java2Security Error. StAXUtils needs a AccessController code.
Date Thu, 20 Dec 2012 10:51:12 GMT


Andreas Veithen reopened AXIOM-62:

      Assignee: Andreas Veithen  (was: Rich Scheuerle)

I'm reopening this issue. As noted in the description, this is actually an issue with the
underlying StAX implementation. On the other hand, executing createXMLStream(Reader|Writer)
with doPrivileged causes unnecessary overhead and is questionable from a security point of
view because it may give the code that calls StAXUtils privileges it is not expected to have.
> Java2Security Error.  StAXUtils needs a AccessController code.
> --------------------------------------------------------------
>                 Key: AXIOM-62
>                 URL:
>             Project: Axiom
>          Issue Type: Bug
>            Reporter: Rich Scheuerle
>            Assignee: Andreas Veithen
> Problem:
> StAXUtils.createXMLStreamReader(...) and StAXUtils.createXMLStreamWriter(...) methods
call out to the plugged in stax implementation.  Brent Ulbricht discovered a J2S 
> exception in a non-woodstox parser.  
> Solution:
> I am pursuing a fix with the one of the owners of the parser.  In addition, I am using
this JIRA to do surround the code in a AccessController.doPriv block.  This solution is consistent
with pre-existing code in doPriv code in StAXUtils.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message