Author: markt
Date: Wed Jan 20 10:52:57 2016
New Revision: 1725696
URL: http://svn.apache.org/viewvc?rev=1725696&view=rev
Log:
Ensure that when sessions are loaded from the Store that the correct
class loader is used. In most cases it was already set but some code
paths from early in the processing chain (e.g. the Adaptor) could
trigger the loading of a session without setting the TCCL.
Modified:
tomcat/trunk/java/org/apache/catalina/session/FileStore.java
tomcat/trunk/java/org/apache/catalina/session/JDBCStore.java
tomcat/trunk/java/org/apache/catalina/session/StoreBase.java
Modified: tomcat/trunk/java/org/apache/catalina/session/FileStore.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/FileStore.java?rev=1725696&r1=1725695&r2=1725696&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/FileStore.java (original)
+++ tomcat/trunk/java/org/apache/catalina/session/FileStore.java Wed Jan 20
10:52:57 2016
@@ -16,7 +16,6 @@
*/
package org.apache.catalina.session;
-import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
@@ -30,9 +29,8 @@ import java.util.ArrayList;
import javax.servlet.ServletContext;
import org.apache.catalina.Context;
-import org.apache.catalina.Loader;
+import org.apache.catalina.Globals;
import org.apache.catalina.Session;
-import org.apache.catalina.util.CustomObjectInputStream;
import org.apache.juli.logging.Log;
/**
@@ -226,22 +224,10 @@ public final class FileStore extends Sto
contextLog.debug(sm.getString(getStoreName()+".loading", id,
file.getAbsolutePath()));
}
- ObjectInputStream ois = null;
- Loader loader = null;
- ClassLoader classLoader = null;
- ClassLoader oldThreadContextCL =
Thread.currentThread().getContextClassLoader();
+ ClassLoader oldThreadContextCL =
context.bind(Globals.IS_SECURITY_ENABLED, null);
+
try (FileInputStream fis = new FileInputStream(file.getAbsolutePath());
- BufferedInputStream bis = new BufferedInputStream(fis)) {
- loader = context.getLoader();
- if (loader != null) {
- classLoader = loader.getClassLoader();
- }
- if (classLoader == null) {
- classLoader = getClass().getClassLoader();
- } else {
- Thread.currentThread().setContextClassLoader(classLoader);
- }
- ois = new CustomObjectInputStream(bis, classLoader);
+ ObjectInputStream ois = getObjectInputStream(fis)) {
StandardSession session = (StandardSession)
manager.createEmptySession();
session.readObjectData(ois);
@@ -253,15 +239,7 @@ public final class FileStore extends Sto
}
return null;
} finally {
- if (ois != null) {
- // Close the input stream
- try {
- ois.close();
- } catch (IOException f) {
- // Ignore
- }
- }
- Thread.currentThread().setContextClassLoader(oldThreadContextCL);
+ context.unbind(Globals.IS_SECURITY_ENABLED, oldThreadContextCL);
}
}
Modified: tomcat/trunk/java/org/apache/catalina/session/JDBCStore.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/JDBCStore.java?rev=1725696&r1=1725695&r2=1725696&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/JDBCStore.java (original)
+++ tomcat/trunk/java/org/apache/catalina/session/JDBCStore.java Wed Jan 20
10:52:57 2016
@@ -39,10 +39,9 @@ import javax.naming.NamingException;
import javax.sql.DataSource;
import org.apache.catalina.Container;
+import org.apache.catalina.Globals;
import org.apache.catalina.LifecycleException;
-import org.apache.catalina.Loader;
import org.apache.catalina.Session;
-import org.apache.catalina.util.CustomObjectInputStream;
import org.apache.juli.logging.Log;
import org.apache.tomcat.util.ExceptionUtils;
@@ -592,10 +591,6 @@ public class JDBCStore extends StoreBase
@Override
public Session load(String id) throws ClassNotFoundException, IOException {
StandardSession _session = null;
- Loader loader = null;
- ClassLoader classLoader = null;
- ObjectInputStream ois = null;
- BufferedInputStream bis = null;
org.apache.catalina.Context context = getManager().getContext();
Log contextLog = context.getLogger();
@@ -607,7 +602,8 @@ public class JDBCStore extends StoreBase
return null;
}
- ClassLoader oldThreadContextCL =
Thread.currentThread().getContextClassLoader();
+ ClassLoader oldThreadContextCL =
context.bind(Globals.IS_SECURITY_ENABLED, null);
+
try {
if (preparedLoadSql == null) {
String loadSql = "SELECT " + sessionIdCol + ", "
@@ -621,26 +617,17 @@ public class JDBCStore extends StoreBase
preparedLoadSql.setString(2, getName());
try (ResultSet rst = preparedLoadSql.executeQuery()) {
if (rst.next()) {
- bis = new
BufferedInputStream(rst.getBinaryStream(2));
- loader = context.getLoader();
- if (loader != null) {
- classLoader = loader.getClassLoader();
- }
- if (classLoader == null) {
- classLoader = getClass().getClassLoader();
- } else {
-
Thread.currentThread().setContextClassLoader(classLoader);
- }
- ois = new CustomObjectInputStream(bis,
classLoader);
+ try (ObjectInputStream ois =
+
getObjectInputStream(rst.getBinaryStream(2))) {
+ if (contextLog.isDebugEnabled()) {
+ contextLog.debug(sm.getString(
+ getStoreName() + ".loading", id,
sessionTable));
+ }
- if (contextLog.isDebugEnabled()) {
- contextLog.debug(
- sm.getString(getStoreName() +
".loading", id, sessionTable));
+ _session = (StandardSession)
manager.createEmptySession();
+ _session.readObjectData(ois);
+ _session.setManager(manager);
}
-
- _session = (StandardSession)
manager.createEmptySession();
- _session.readObjectData(ois);
- _session.setManager(manager);
} else if (context.getLogger().isDebugEnabled()) {
contextLog.debug(getStoreName() + ": No persisted
data object found");
}
@@ -652,13 +639,6 @@ public class JDBCStore extends StoreBase
if (dbConnection != null)
close(dbConnection);
} finally {
- if (ois != null) {
- try {
- ois.close();
- } catch (IOException e) {
- // Ignore
- }
- }
Thread.currentThread().setContextClassLoader(oldThreadContextCL);
release(_conn);
}
Modified: tomcat/trunk/java/org/apache/catalina/session/StoreBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/StoreBase.java?rev=1725696&r1=1725695&r2=1725696&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/StoreBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/session/StoreBase.java Wed Jan 20
10:52:57 2016
@@ -19,12 +19,16 @@ package org.apache.catalina.session;
import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeSupport;
+import java.io.BufferedInputStream;
import java.io.IOException;
+import java.io.InputStream;
+import java.io.ObjectInputStream;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.Manager;
import org.apache.catalina.Store;
+import org.apache.catalina.util.CustomObjectInputStream;
import org.apache.catalina.util.LifecycleBase;
import org.apache.tomcat.util.res.StringManager;
@@ -193,8 +197,28 @@ public abstract class StoreBase extends
}
}
+
// --------------------------------------------------------- Protected
Methods
+ /**
+ * Create the object input stream to use to read a session from the store.
+ * Sub-classes <b>must</b> have set the thread context class loader before
+ * calling this method.
+ *
+ * @param is The input stream provided by the sub-class that will provide
+ * the data for a session
+ *
+ * @return An appropriately configured ObjectInputStream from which the
+ * session can be read.
+ *
+ * @throws IOException if a problem occurs creating the ObjectInputStream
+ */
+ protected ObjectInputStream getObjectInputStream(InputStream is) throws
IOException {
+ BufferedInputStream bis = new BufferedInputStream(is);
+ return new CustomObjectInputStream(bis,
Thread.currentThread().getContextClassLoader());
+ }
+
+
@Override
protected void initInternal() {
// NOOP
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
