https://github.com/eclipse-ee4j/metro-jax-ws/issues/3

Signed-off-by: monicadragomir <monica.dragomir@oracle.com>
eclipse-ee4j · Dec 13, 2019 · bbcf39a · bbcf39a
1 parent ad68c9d
commit bbcf39a
Show file tree

Hide file tree

Showing 2 changed files with 65 additions and 0 deletions.
diff --git a/jaxws-ri/rt/src/test/java/com/sun/xml/ws/util/xml/XmlUtilTest.java b/jaxws-ri/rt/src/test/java/com/sun/xml/ws/util/xml/XmlUtilTest.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2018, 2018 Oracle and/or its affiliates. All rights reserved.
+ *
+ * This program and the accompanying materials are made available under the
+ * terms of the Eclipse Distribution License v. 1.0, which is available at
+ * http://www.eclipse.org/org/documents/edl-v10.php.
+ *
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+package com.sun.xml.ws.util.xml;
+
+import java.lang.reflect.Field;
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+
+import junit.framework.TestCase;
+
+public class XmlUtilTest extends TestCase {
+
+    protected void setUp() throws Exception {
+        super.setUp();
+    }
+
+    protected void tearDown() throws Exception {
+        super.tearDown();
+    }
+
+    public void testXmlSecurityDisabled() throws InstantiationException, IllegalAccessException, NoSuchFieldException, 
+                    NoSuchMethodException, SecurityException, IllegalArgumentException, InvocationTargetException {
+        Method method = com.sun.xml.ws.util.xml.XmlUtil.class.getDeclaredMethod("xmlSecurityDisabled", Boolean.TYPE, Boolean.TYPE);
+        method.setAccessible(true);
+
+        Field fieldDisabledBySetting = com.sun.xml.ws.util.xml.XmlUtil.class.getDeclaredField("XML_SECURITY_DISABLED");
+        fieldDisabledBySetting.setAccessible(true);
+
+        boolean disabledBySetting = ((Boolean)fieldDisabledBySetting.get(com.sun.xml.ws.util.xml.XmlUtil.class)).booleanValue();
+
+        try {
+
+          fieldDisabledBySetting.set(com.sun.xml.ws.util.xml.XmlUtil.class, true);
+          assertFalse((Boolean)method.invoke(com.sun.xml.ws.util.xml.XmlUtil.class, true, true));
+          assertFalse((Boolean)method.invoke(com.sun.xml.ws.util.xml.XmlUtil.class, true, false));
+
+          fieldDisabledBySetting.set(com.sun.xml.ws.util.xml.XmlUtil.class, false);
+          assertFalse((Boolean)method.invoke(com.sun.xml.ws.util.xml.XmlUtil.class, true, true));
+          assertFalse((Boolean)method.invoke(com.sun.xml.ws.util.xml.XmlUtil.class, true, false));
+
+          fieldDisabledBySetting.set(com.sun.xml.ws.util.xml.XmlUtil.class, true);
+          assertTrue((Boolean)method.invoke(com.sun.xml.ws.util.xml.XmlUtil.class, false, true));
+          assertTrue((Boolean)method.invoke(com.sun.xml.ws.util.xml.XmlUtil.class, false, false));
+
+          fieldDisabledBySetting.set(com.sun.xml.ws.util.xml.XmlUtil.class, false);
+          assertTrue((Boolean)method.invoke(com.sun.xml.ws.util.xml.XmlUtil.class, false, true));
+          assertFalse((Boolean)method.invoke(com.sun.xml.ws.util.xml.XmlUtil.class, false, false));
+       } finally {
+          fieldDisabledBySetting.set(com.sun.xml.ws.util.xml.XmlUtil.class, disabledBySetting);
+       }
+    }
+}
+
diff --git a/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/util/xml/XmlUtil.java b/jaxws-ri/runtime/rt/src/main/java/com/sun/xml/ws/util/xml/XmlUtil.java
@@ -393,6 +393,11 @@ public static XMLInputFactory newXMLInputFactory(boolean disableSecurity)  {
     }
 
     private static boolean xmlSecurityDisabled(boolean runtimeDisabled) {
+        return xmlSecurityDisabled(System.getSecurityManager() != null, runtimeDisabled);
+    }
+
+    private static boolean xmlSecurityDisabled(boolean runWithSM, boolean runtimeDisabled) {
+        if (runWithSM) return false;
         return XML_SECURITY_DISABLED || runtimeDisabled;
     }