CVE-2012-2379 (BZ-826534) seems to have introduced the following issue to SOA-P 5.3.1. Given we have the following web service: @WebService(... wsdlLocation = "classpath:/greeting.wsdl") public class GreetingServiceImpl implements GreetingService { ... and we have separate packages for the web service impl and WSDL, say, example-ws.war and example-wsdl.jar, deploying example-wsdl.jar to $PROFILE/lib (or $JBOSS_HOME/jboss-as/common/lib) and then example-ws.war to $PROFILE/deploy leads to the following error at deployment time. org.jboss.deployers.spi.DeploymentException: Error during deploy: vfszip:/opt/jboss-soa-p-5.3.1-cxf/jboss-as/server/default/deploy/example-ws.war/ at org.jboss.deployers.spi.DeploymentException.rethrowAsDeploymentException(DeploymentException.java:49) at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:185) at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1454) at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1172) at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1113) at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348) at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1652) at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:938) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082) at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:988) at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:826) at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:556) at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:789) at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:699) at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117) at org.jboss.system.server.profileservice.hotdeploy.HDScanner.scan(HDScanner.java:409) at org.jboss.system.server.profileservice.hotdeploy.HDScanner.run(HDScanner.java:294) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:304) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:178) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:744) Caused by: java.lang.RuntimeException: java.io.IOException: Could not find classpath:/greeting.wsdl in the additional metadatafiles! at org.jboss.wsf.stack.cxf.DescriptorDeploymentAspect.checkCVE20122379(DescriptorDeploymentAspect.java:267) at org.jboss.wsf.stack.cxf.DescriptorDeploymentAspect.create(DescriptorDeploymentAspect.java:83) at org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.deploy(DeploymentAspectManagerImpl.java:115) at org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:76) at org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60) at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:55) at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:179) ... 22 more Caused by: java.io.IOException: Could not find classpath:/greeting.wsdl in the additional metadatafiles! at org.jboss.wsf.framework.deployment.ResourceResolverImpl.resolve(ResourceResolverImpl.java:121) at org.jboss.wsf.stack.cxf.DescriptorDeploymentAspect.checkCVE20122379(DescriptorDeploymentAspect.java:261) ... 28 more
Created attachment 822275 [details] reproducer (ws impl)
Created attachment 822276 [details] reproducer (wsdl)
R Searls <rsearls> updated the status of jira JBPAPP-10903 to Coding In Progress
R Searls <rsearls> made a comment on jira JBPAPP-10903 Fix made in https://svn.jboss.org/repos/jbossws/framework/branches/jbossws-framework-3.1.2 File changed: src/main/java/org/jboss/wsf/framework/deployment/ResourceResolverImpl.java Change diff see attachment.
R Searls <rsearls> updated the status of jira JBPAPP-10903 to Resolved
Hi Neil, I'll do it now. So long as we have the code, I don't think it matters who advances the BZ. Thanks, Rick
Issue has been VERIFIED with bits from BZ1073034