Author: kkolinko
Date: Mon Jan 4 17:31:16 2016
New Revision: 1722923
URL: http://svn.apache.org/viewvc?rev=1722923&view=rev
Log:
Simplify code and fix messages in
org.apache.catalina.core.DefaultInstanceManager class.
Modified:
tomcat/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java
tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java?rev=1722923&r1=1722922&r2=1722923&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/core/DefaultInstanceManager.java Mon
Jan 4 17:31:16 2016
@@ -27,10 +27,13 @@ import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
+import java.util.Collections;
import java.util.HashMap;
+import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Properties;
+import java.util.Set;
import java.util.WeakHashMap;
import javax.annotation.PostConstruct;
@@ -41,8 +44,6 @@ import javax.naming.Context;
import javax.naming.NamingException;
import javax.persistence.PersistenceContext;
import javax.persistence.PersistenceUnit;
-import javax.servlet.Filter;
-import javax.servlet.Servlet;
import javax.xml.ws.WebServiceRef;
import org.apache.catalina.ContainerServlet;
@@ -72,9 +73,7 @@ public class DefaultInstanceManager impl
protected final ClassLoader containerClassLoader;
protected final boolean privileged;
protected final boolean ignoreAnnotations;
- private final Properties restrictedFilters;
- private final Properties restrictedListeners;
- private final Properties restrictedServlets;
+ private final Set<String> restrictedClasses;
private final Map<Class<?>, AnnotationCacheEntry[]> annotationCache =
new WeakHashMap<>();
private final Map<String, String> postConstructMethods;
@@ -89,15 +88,17 @@ public class DefaultInstanceManager impl
this.containerClassLoader = containerClassLoader;
ignoreAnnotations = catalinaContext.getIgnoreAnnotations();
Log log = catalinaContext.getLogger();
- restrictedServlets = loadProperties(
+ Set<String> classNames = new HashSet<>();
+ loadProperties(classNames,
"org/apache/catalina/core/RestrictedServlets.properties",
"defaultInstanceManager.restrictedServletsResource", log);
- restrictedListeners = loadProperties(
+ loadProperties(classNames,
"org/apache/catalina/core/RestrictedListeners.properties",
"defaultInstanceManager.restrictedListenersResource", log);
- restrictedFilters = loadProperties(
+ loadProperties(classNames,
"org/apache/catalina/core/RestrictedFilters.properties",
"defaultInstanceManager.restrictedFiltersResource", log);
+ restrictedClasses = Collections.unmodifiableSet(classNames);
this.context = context;
this.injectionMap = injectionMap;
this.postConstructMethods = catalinaContext.findPostConstructMethods();
@@ -521,27 +522,17 @@ public class DefaultInstanceManager impl
if (privileged) {
return;
}
- if (Filter.class.isAssignableFrom(clazz)) {
- checkAccess(clazz, restrictedFilters);
- } else if (Servlet.class.isAssignableFrom(clazz)) {
- if (ContainerServlet.class.isAssignableFrom(clazz)) {
- throw new SecurityException("Restricted (ContainerServlet) " +
- clazz);
- }
- checkAccess(clazz, restrictedServlets);
- } else {
- checkAccess(clazz, restrictedListeners);
+ if (ContainerServlet.class.isAssignableFrom(clazz)) {
+ throw new SecurityException(sm.getString(
+ "defaultInstanceManager.restrictedContainerServlet",
clazz));
}
- }
-
- private void checkAccess(Class<?> clazz, Properties restricted) {
while (clazz != null) {
- if ("restricted".equals(restricted.getProperty(clazz.getName()))) {
- throw new SecurityException("Restricted " + clazz);
+ if (restrictedClasses.contains(clazz.getName())) {
+ throw new SecurityException(sm.getString(
+ "defaultInstanceManager.restrictedClass", clazz));
}
clazz = clazz.getSuperclass();
}
-
}
/**
@@ -621,19 +612,31 @@ public class DefaultInstanceManager impl
}
}
- private static Properties loadProperties(String resourceName, String
messageKey, Log log) {
- Properties result = new Properties();
+ private static void loadProperties(Set<String> classNames, String
resourceName,
+ String messageKey, Log log) {
+ Properties properties = new Properties();
ClassLoader cl = DefaultInstanceManager.class.getClassLoader();
try (InputStream is = cl.getResourceAsStream(resourceName)) {
if (is == null) {
log.error(sm.getString(messageKey, resourceName));
} else {
- result.load(is);
+ properties.load(is);
}
} catch (IOException ioe) {
log.error(sm.getString(messageKey, resourceName), ioe);
}
- return result;
+ if (properties.isEmpty()) {
+ return;
+ }
+ for (Map.Entry<Object, Object> e : properties.entrySet()) {
+ if ("restricted".equals(e.getValue())) {
+ classNames.add(e.getKey().toString());
+ } else {
+ log.warn(sm.getString(
+ "defaultInstanceManager.restrictedWrongValue",
+ resourceName, e.getKey(), e.getValue()));
+ }
+ }
}
private static String normalize(String jndiName){
Modified: tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties?rev=1722923&r1=1722922&r2=1722923&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties
(original)
+++ tomcat/trunk/java/org/apache/catalina/core/LocalStrings.properties Mon Jan
4 17:31:16 2016
@@ -222,6 +222,9 @@ threadLocalLeakPreventionListener.lifecy
threadLocalLeakPreventionListener.containerEvent.error=Exception processing
container event {0}
defaultInstanceManager.invalidInjection=Invalid method resource injection
annotation
+defaultInstanceManager.restrictedClass=Access to class [{0}] is forbidden. It
is a restricted class. A web application must be configured as privileged to be
able to load it
+defaultInstanceManager.restrictedContainerServlet=Access to class [{0}] is
forbidden. It is a restricted class (implements ContainerServlet interface). A
web application must be configured as privileged to be able to load it
+defaultInstanceManager.restrictedWrongValue=Wrong value in restricted classes
property file [{0}] for class name [{1}]. Expected value: [restricted], actual
value: [{2}]
defaultInstanceManager.restrictedFiltersResource=Restricted filters property
file not found [{0}]
defaultInstanceManager.restrictedListenersResource=Restricted listeners
property file not found [{0}]
defaultInstanceManager.restrictedServletsResource=Restricted servlets property
file not found [{0}]
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1722923&r1=1722922&r2=1722923&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Mon Jan 4 17:31:16 2016
@@ -159,6 +159,11 @@
Add the <code>StatusManagerServlet</code> to the list of Servlets that
can only be loaded by privileged applications. (markt)
</fix>
+ <fix>
+ Simplify code and fix messages in
+ <code>org.apache.catalina.core.DefaultInstanceManager</code> class.
+ (kkolinko)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
