svn commit: r1720568 - in /tomcat/tc7.0.x/trunk: java/org/apache/catalina/loader/WebappClassLoaderBase.java webapps/docs/changelog.xml

Thu, 17 Dec 2015 06:54:06 -0800 

Author: kkolinko
Date: Thu Dec 17 14:53:21 2015
New Revision: 1720568

URL: http://svn.apache.org/viewvc?rev=1720568&view=rev
Log:
Fix https://bz.apache.org/bugzilla/show_bug.cgi?id=57906
Suppress log messages when running with a security manager on Java 6,
caused by java.beans.Introspector.findExplicitBeanInfo() calls during 
evaluation of EL expressions.

Modified:
    
tomcat/tc7.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
    tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml

Modified: 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java?rev=1720568&r1=1720567&r2=1720568&view=diff
==============================================================================
--- 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java 
(original)
+++ 
tomcat/tc7.0.x/trunk/java/org/apache/catalina/loader/WebappClassLoaderBase.java 
Thu Dec 17 14:53:21 2015
@@ -1792,7 +1792,13 @@ public abstract class WebappClassLoaderB
                     } catch (SecurityException se) {
                         String error = "Security Violation, attempt to use " +
                             "Restricted Class: " + name;
-                        log.info(error, se);
+                        if (name.endsWith("BeanInfo")) {
+                            // BZ 57906: suppress logging for calls from
+                            // java.beans.Introspector.findExplicitBeanInfo()
+                            log.debug(error, se);
+                        } else {
+                            log.info(error, se);
+                        }
                         throw new ClassNotFoundException(error, se);
                     }
                 }

Modified: tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml
URL: 
http://svn.apache.org/viewvc/tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml?rev=1720568&r1=1720567&r2=1720568&view=diff
==============================================================================
--- tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Thu Dec 17 14:53:21 2015
@@ -66,6 +66,12 @@
         session IDs may be rejected if validation is enabled. (markt)
       </fix>
       <fix>
+        <bug>57906</bug>: Suppress WebappClassLoader log messages when running
+        with a security manager on Java 6, caused by
+        <code>java.beans.Introspector.findExplicitBeanInfo()</code> calls
+        during evaluation of EL expressions. (kkolinko)
+      </fix>
+      <fix>
         <bug>58701</bug>: Reset the <code>instanceInitialized</code> field in
         <code>StandardWrapper</code> when unloading a Servlet so that a new
         instance may be correctly initialized. (markt)



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to